To specify event
criteria for an Embeded Event Manager applet that is run by matching syslog
messages, use the
event
syslog command in the applet configuration mode. To remove the syslog
message event criteria, use the
no form of the command.
event syslog [ tag tagname ] [ occurs count
| period interval
| priority { 0-7
| alerts
| critical
| debugging
| emergencies
| errors
| informational
| notifications
| warnings } ] pattern expression
no event syslog [ tag tagname ] [ occurs count
| period interval
| priority { 0-7
| alerts
| critical
| debugging
| emergencies
| errors
| informational
| notifications
| warnings } ] pattern expression
Syntax Description
tag
tagname
|
(Optional)
Configures an event tag identifier.
tagname specifies
a handle for combining multiple events and this handle can be any string value
of 1 to 29 characters.
|
occurs
count
|
(Optional) Specifies the number of occurrences of the matched syslog messages
to count before triggering the policy event.
count range is
platform specific.
|
period
interval
|
(Optional)
Specifies the maximum time within which the timestamps of the triggering
messages must fall.
interval range is
platform specific.
|
priority
|
(Optional)
Specifies the number or name of the desired priority level at which syslog
messages are matched. Messages at or numerically lower than the specified level
are matched. The parameter for
priority must be one of the following:
-
0 |
emergencies— Specifies syslog messages of emergency level
(the system is unusable).
-
1 |
alerts— Specifies syslog messages of alert level (immediate
action is needed).
-
2 |
critical— Specifies syslog messages of critical level
(critical conditions).
-
3 |
errors— Specifies syslog messages of error level (error
conditions).
-
4 |
warnings— Specifies syslog messages of warning level
(warning conditions).
-
5 |
notifications— Specifies syslog messages of notification
level (normal but significant conditions).
-
6 |
informational— Specifies syslog messages of informational
level (informational messages).
-
7 |
debugging— Specifies syslog messages of debugging level
(debugging messages).
|
pattern
expression
|
Specifies a regular expression to match against syslog messages.
The pattern must be quoted with " " quotes.
expression
maximum size is 256 characters.
|
Command Default
If the
occurs parameter is not specified, the
default value of 1 is used.
If the
period parameter is not specified, the
default value of 0 is used.
If the
priority parameter is not specified, the
default value of informational is used.
Command Modes
EEM applet configuration (config-applet).
Command History
Release
|
Modification
|
5.2(1)
|
This
command was introduced.
|
Usage Guidelines
The syslog and
Embedded Event Manager client processes run on each supervisor module in a
system. Therefore, in dual supervisor systems, an
event
syslog command will be matched on both the active and standby
supervisors. Both Embedded Event Manager clients will notify the Embedded Event
Manager master process on the active supervisor causing the applet to be
triggered twice. Be sure to take this potential double triggering in to account
in the applet.
This command does
not require a license.
Examples
This example shows
how to configure an applet to trigger after 10 "authentication failed" syslog
events:
switch# configure terminal
switch(config)# event manager applet auth-fails-applet
switch(config-applet)# event syslog occurs 10 pattern "authentication failed"
Configuration accepted successfully
This example
shows how to configure an applet to tag module power up and standby online
syslog events:
switch# configure terminal
switch(config)# event manager applet mod-event-applet
switch(config-applet)# event syslog tag moduleEvent pattern "(powered up|is standby)"
Configuration accepted successfully