EEM Subsystem in Order to Monitor CPU Traffic

Available Languages

Download Options

  • PDF     (6.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (71.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.2 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 12, 2017
Document ID:200931

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to use the Cisco IOS Embedded Event Manager (EEM) subsystem in order to monitor CPU traffic.

How to configure EEM script to monitor CPU utilization when it crosses a threshold value and falls below a limit

Solution

The ip access-list log-update threshold logs all the Access Control List (ACL) logs but at the same time it utilizes more CPU.

Steps to configure the EEM:

1. When the configured higher threshold limit of CPU exceeds, disable the #ip access-list log-update threshold 1 command thereby stopping the process of logging all the ACL.

2. When the configured lower limit of CPU drops below, then enable this #ip access-list log-update threshold 1 command thereby starting the process of logging all the ACL.

For instance, you need to trigger an EEM when the CPU exceeds 60% and drops below 20%:

1. When the CPU exceeds 60% utilization for >=5sec, a rising threshold syslog notification is issued.
2. When CPU drops below 20% utilization for >=5sec, a falling syslog threshold notification is issued. 

Rising Threshold

A rising CPU utilization threshold specifies the percentage of CPU resources that, when exceeded for a configured period of time, triggers a CPU threshold notification.

Falling Threshold

A falling CPU utilization threshold specifies the percentage of CPU resources that, when CPU usage falls below this level for a configured period of time, triggers a CPU threshold notification.


The event manager applet (which matches the syslog messages) then ignores the rising threshold syslog message. It only matches for the falling syslog threshold --> "SYS-1-CPUFALLINGTHRESHOLD" and then runs the actions. This will happen every time the syslog message is an issue:

  • If the CPU goes above 60% and remains there only one syslog message will be generated.
  • If the CPU drops below 20% and remains there only one syslog message will be generated.

Verify

(conf)#process cpu threshold type total rising 60 interval 5 falling 20 interval 5

 1. When CPU crosses a threshold of 60, it generates SYS-1-CPURISINGTHRESHOLD syslog pattern and hence disables the command:    

      

       event manager applet HIGH_CPU                   

       event syslog pattern "SYS-1-CPURISINGTHRESHOLD"

       action 1.0 cli command "enable"                   

       action 2.0 cli command "config t"                   

       action 3.0 cli command "no ip access-list log-update threshold 1" 

*Oct 11 19:21:11.983: %SYS-1 -CPURISINGTHRESHOLD: Threshold: Total CPU Utilization (Total/Intr): 63%/19%

 2. When CPU falls below a limit of 20, it generates SYS-1-CPUFALLINGTHRESHOLD syslog pattern and hence enables the command:               

        event manager applet LOW_CPU   

        event syslog pattern "SYS-1-CPUFALLINGTHRESHOLD"    

        action 1.0 cli command "enable"   

        action 2.0 cli command "config t"   

        action 3.0 cli command "ip access-list log-update threshold 1"  

*Oct 11 19:21:31.983: %SYS-1-CPUFALLINGTHRESHOLD: Threshold: Total CPU Utilization (Total/Intr) 12%/0%.

   

TAC Authored

Contributed by Cisco Engineers

  • Komal Agrawal
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco