Wrote my first real EEM script yesterday

Started by icecream-guy, March 31, 2016, 07:30:28 AM

Previous topic - Next topic

icecream-guy

I'm a script kiddie now   :dance:

Opened a TAC case to see if there were SNMP traps that would be send on an event such as

Mar 31 08:26:53.294 EDT: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi1/0/26: Power Controller reports Short detected

TAC said there was none and suggested I write an EEM script for email alerts.

This is what I came up with, works well

event manager environment _email_to <recipient>
event manager environment _email_from <source>
event manager environment _email_server <mail server ip>
event manager applet email_power_shorts
event syslog occurs 32 pattern "ILPOWER-3-CONTROLLER_PORT_ERR"
action 0.1 info type routername
action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_info_routername: Switch Power short Alert" body "$_syslog_msg"
action 1.5 syslog msg "Switch Power short Alert - Mail Sent"


Unfortunately I was unable to figure out a way to not S.P.A.M. my mailbox, setting the occurrence to 32 helps (max limit), but it still fires about every 10 minutes. I need to figure out a way to send an email maybe once an hour,  I did some digging, and tried countdown timers, watchdog  timer, decrements, none worked, finally settled on occurrence.

TAC case is open for the Power controller short issue.
:professorcat:

My Moral Fibers have been cut.

calaesha

Hey Fred Durst, what monitoring tools are you using for SYSLOG? Solarwinds has the ability to handle both the email function and suppression techniques you specified in your requirements.


icecream-guy

Quote from: calaesha on March 31, 2016, 08:05:33 AM
Hey Fred Durst, what monitoring tools are you using for SYSLOG? Solarwinds has the ability to handle both the email function and suppression techniques you specified in your requirements.

syslog to some flavor of Linux servers, then it gets washed into a set of under powered Splunk servers
We've got wayyyy tooo much syslog traffic for any type of monitoring, ie. when we snmp trap syslog to the enterprise monitoring system, it gets sent to it's knees.

:professorcat:

My Moral Fibers have been cut.

calaesha

Quote from: ristau5741 on March 31, 2016, 11:18:36 AM

when we snmp trap syslog to the enterprise monitoring system, it gets sent to it's knees.


I can believe it; nice work on the EEM, it's a real hold-your-breath moment when waiting to see if it'll crash the box. Well done.