Cisco IOS Embedded Event Manager (EEM)

(Rene Molenaar) #1

This topic is to discuss the following lesson:

(system) #2

thanks for this useful article ,
I tried to configure in GNS3 here is my steps :
1- I connected R1 to internet and it can access to smtp server
2- here is my configuration :

event manager applet TEST22 
 event syslog pattern "Interface Ethernet0/1, changed state to down"
 action 1.0 mail server "" to "" from "" subject "Interface IS DOWN" body "Please try to fix it ASAP"

3- I got this error "

*Mar  1 01:11:23.571: fh_policy_send_mail(): smtp connect attempt: 5
*Mar  1 01:11:28.575: smtp_connect connect fail: 260
*Mar  1 01:11:28.579: fh_policy_send_mail(): fh_policy_smtp_connect failed at attempt 5
*Mar  1 01:11:28.579: %HA_EM-3-FMPD_SMTP: Error occured when sending mail to SMTP server: : error in connecting to SMTP server
*Mar  1 01:11:28.579: %HA_EM-3-FMPD_ERROR: Error executing applet TEST22 statement 1.0
(Rene Molenaar) #3

Your EEM script works fine but it can’t contact the SMTP server.

(system) #4

can I use my Hotmail email ?

(Rene Molenaar) #5

EEM requires a smtp server that you can use to deliver e-mail to. It’s best to use the SMTP server of your ISP or install one within your network.

(system) #6

thanks Rene, I used my company email (SMTP server) but I have got an issue that I attached before , I will do further search in Google
thanks for your help ,

(Rene Molenaar) #7

Make sure that your router can reach it (try this by pinging the IP address of the SMTP server) and see if it can resolve the hostname (ping the SMTP server address).

When that works, see if you are allowed to connect to it…just try a “telnet 25”. When it connects you know that the problem is not on your router. Maybe you are not allowed to send e-mail through the SMTP server…

(system) #8

thanks Rene,

i got the concept so easily. I tested all the above example in GNS3 and its working fine.I will able to tune some configuration and see them in action.

(Rene Molenaar) #9

Hi Akhilesh,

You are welcome. If you understand the concept and some simple examples then you are set. You’ll be able to make more complex examples as well…


(Thomas K) #10


Great lesson as always. Can you please elaborate a little more on what these two commands in fact do in one of the examples above?


action 3.0 puts "$_cli_result"
action 4.0 set $_exit_status "0"

Also I thought the following below stated to execute the command (not the "0")?
action 4.0 set $_exit_status "1"

Many thanks,
(Rene Molenaar) #11

Hi Thomas,

Glad to hear you like it :slight_smile: Let’s take a closer look at this config:

event manager applet SHOW_RUN_NO_INTERFACES
event cli pattern “show run” sync yes
action 1.0 cli command “enable”
action 2.0 cli command “show run | exclude interface”
action 3.0 puts “$_cli_result”
action 4.0 set $_exit_status “0”

Let’s take a look at it line-by-line:

event cli pattern “show run” sync yes

We want to match the “show run” command so that’s out pattern. The “sync yes” part means that EEM will run before this command is executed.

action 1.0 cli command “enable”
action 2.0 cli command “show run | exclude interface”

These are the commands that we will run when we have a match for “show run”. We go to enable and then run “show run | exclude interface”.

action 3.0 puts “$_cli_result”

This line is required to print the output of the commands we run to the active TTY, we need it since we want to see the output of “show run | exclude interface”.

action 4.0 set $_exit_status “0”

The exit status determines if we want to run the command or not. If you set this to 0, then we don’t run the “show run” command. If you set it to 1 then it will run “show run”.

In our example, we don’t want the user to run “show run” but we want them to see “show run | exclude interface” instead. That’s why you need the 0, we need to prevent them from running “show run”. If you set it to 1 then “show run” will also be executed.

Does this help?


(Roland W) #12

great job on explaining the exit_status Rene! I can across a question that mentioned entry_status. Any explanations or examples on “entry_status”

(Rene Molenaar) #13

Hi Roland,

I don’t have an example but entry status can be used to check if a previous policy has ran before. There are three possible values:

0: previous policy was succesful
not=0: previous policy failed
undefinded: no previous policy executed

So I guess you can run a script and check for the result of a previous script, Based on results of the first script a variable will be set and you can use this in your script.


(Mohan B) #14

Excellent Lesson Keymaster!! More and More I dig excellent lessons here, I wish how much it would be useful to see final configuration, LIKE you have in some of the lessons. I know it would be lot of tasks but that was really helpful feature.

(Rene Molenaar) #15

Hi Mohan,

Good to hear you like it. For all new lessons I’m uploading the final configurations and someone is helping me to create them for my older material. It will be added later :slight_smile:


(shaun y) #16

Hi rene

I can’t see the whole command for CLi Event example action 3.0 and 4.0 could you please print the full command as i’m trying to learn how this works thanks.

(Rene Molenaar) #17

Hi Shaun,

What exactly would you like to see?


(UMANG S) #18

As you mentioned that EEM can be very useful in real life examples like hiding a username/password or encrypted the plain text password. Can you show an example where you can hide or encrypt the plain text password in EEM script?

(Rene Molenaar) #19

Something like this could do the job:

event manager applet SHOW_RUN_NO_PASSWORD
 event cli pattern "show run" sync yes
 action 1.0 cli command "enable"
 action 2.0 cli command "show run | exclude password"
 action 3.0 puts "$_cli_result"
 action 4.0 set $_exit_status "0"



Hi Rene,

Is there any way to configure on layer 3 switches an script to shut down ports and enable ports on a schedule basis.