Cisco IOS Embedded Event Manager 3.2

Available Languages

Download Options

PDF (138.0 KB)
View with Adobe Reader on a variety of devices

Updated:December 15, 2009

Document ID:1518925702121216

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Product Overview

Cisco IOS ® Embedded Event Manager (EEM) is a unique subsystem within Cisco IOS Software. EEM is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of the device. Customers can use EEM to create and run programs or scripts directly on a router or switch. The scripts are referred to as EEM policies and can be programmed using a simple command-line-interface (CLI)-based interface or using a scripting language called Tool Command Language (Tcl). EEM allows customers to harness the significant intelligence within Cisco IOS Software to respond to real-time events, automate tasks, create customer commands, and take local automated action based on conditions detected by the Cisco IOS Software itself.

The latest version of the EEM subsystem within Cisco IOS Software is EEM v3.2.

Applications

The applications are endless and only limited by your imagination.

Suppose, for example, you would like automatically to configure a switch interface depending on the device that is connected to a port or interface, an IP phone. A script can be devised that is triggered on the interface up condition and determines the details of the connected device. Upon discovery and verification of a newly connected IP phone, the port can be automatically configured according to prescribed parameters.

Another example might be to react to an abnormal condition such as the detection of a high error rate on an interface by forcing transit traffic over a more stable and error-free path. EEM can watch for the increased error rate and trigger a policy into action. The policy could notify network operations personnel and take immediate action to reroute traffic.

A third example might be to collect detailed data upon detection of a specific failure condition in order to gather information that can allow the root cause of the problem to be determined faster leading to a lower mean time to repair and higher availability. EEM could detect a specific syslog message and trigger a script to collect detailed data using a series of show commands. After automatically collecting the data, it can be saved to flash memory or sent to an external management system or by email to a network operator.

The control is in the network administrator's hands. You control what events to detect and what actions to take. EEM is optional-it is up to the network administrator if and when it should be used and only takes the actions you program it to take.

Features and Benefits

Cisco IOS Embedded Event Manager provides a level of embedded systems management not previously seen in Cisco IOS Software. More than 20 event detectors provide an extensive set of conditions that can be monitored and defined as event triggers. The system is extensible with new capabilities, and further subsystem integration is planned. The feature is mostly product independent and available across a wide range of Cisco® products. Each new version of the EEM feature introduces new event detectors or new capabilities. Consult the Cisco documentation for detailed information.

EEM Version 3.2

The latest version of the EEM subsystem is EEM 3.2. See Table 1 for a list of features and benefits. In this release, we introduced the following enhancements on event detection and policy execution capabilities:

• Neighbor Discovery event detector

– Detects incoming Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) messages and generates events

– Detects interface status changes and generates events

– Publishes Cisco Discovery Protocol and LLDP information in event meta data and passes it to EEM policies being triggered

– Supports event filtering base on interface name and Cisco Discovery Protocol/LLDP status (add, delete, update, all)

• Identity event detector

– Generates events when successful or failed authentication and authorization through 802.1x and MAC Address Bypassing (MAB) protocol is detected

– Supports event filtering base on authentication and authorization results, specific authentication, authorization, and accounting (AAA) attributes, and MAC address of the connected device

– Publishes identity information including authentication and authorization results, connected interface, MAC address for the connected device, and AAA attributes for the identity object

• MAC Address Table event detector

– Generates events when a MAC address is added or deleted from the MAC address table on Layer 2 devices

– Supports event filtering based on add/delete event, MAC address pattern, and interface name

– Publishes metadata including MAC address being added or deleted as well as the interface the device is connected to

Table 1. Features and Benefits


Feature	Benefit
Extensible and powerful subsystem architecture
Architecture	The EEM subsystem is designed with modularity in mind. It consists of event detectors, an event manager server, and action routines called policies.
CLI interface	An interface to the Cisco IOS Software CLI to allow automated commands and access to any information that can be displayed. Includes support for XML programmable interface from within EEM policies.
Policy scheduler	EEM policies are scheduled one at a time or concurrently according to the number of threads configured and provide an enhanced, class-based scheduling option for fine control over policy execution.
Built-in actions	Policies can invoke a number of built-in actions for easy automation.
Extensive set of event detectors
Application	Custom application events, action script interaction
Enhanced Cisco IOS Software CLI	CLI command match and run with even more capabilities for creating your own commands
Counter	Custom counter events
GOLD	Generic Online Diagnostics (GOLD) event detection
Identity	Detects 802.1x and MAB identity events
Interface	Interface counters and events
IP SLA	Tighter integration with the service-level agreement SLA monitoring and measurement subsystem. Easy event triggers and automation when conditions are not satisfactory.
Memory Threshold (deprecated)	Detects memory resource-related events
Neighbor Discovery	Detects Cisco Discovery Protocol and LLDP events
NetFlow	Event triggers based on traffic flow. Many uses from capacity planning to denial of service (DoS) alert and automated actions.
None (by run command)	Allows execution of an EEM policy by direct command, event manager run
Object Tracking	Integration with Enhanced Object Tracking (EOT).
OIR	Card online insertion and removal detection
Remote Procedure Call	Allows for authorized programs outside of the device to invoke specific device-resident, embedded policies by sending a Simple Object Access Protocol (SOAP) request over a Secure Shell (SSH) Protocol version 2 connection
Resource	Integration with Embedded Resource Manager; supersedes the Memory Threshold event detector.
RF	Cisco IOS Software infrastructure Redundancy Facility (RF) events
Routing	Event triggers based on routing changes
Simple Network Management Protocol (SNMP)	Detect MIB variable match and thresholds
SNMP Notification	Creates events when a specified SNMP trap or inform is received or generated at the device. This allows for policies to be triggered by SNMP events from itself and other devices.
SNMP Object	Creates events when an SNMP Get or Set request is received.
Syslog	Regular expression pattern match on emitted syslog messages
Timer	Custom timed events
IOS Watchdog (Cisco IOS Software only)	Cisco IOS Software scheduler, watchdog events
WDSysMon (ION only)	Cisco IOS Software Modularity: system monitor event
Secure system operation
EEM scripts run within system constraints	Protects system from harm; that is, a looping script will not stop Cisco IOS Software.
User scripts run in Safe-Tcl mode	Certain programmable options are disabled for protection.
Controlled environment	Only a network administrator with privileged access can define and set up EEM scripts. No one else can install software to compromise the system.
Support for TACACS+ and RADIUS	EEM scripts can be associated with a configured user ID. All CLI commands issued by the scripts are authorized before they are executed.
EEM is optional	If you don't want to use this powerful capability, you don't have to enable it.
Online scripting community
Cisco Beyond - Product Extension Community	A place for customers to share and download scripts. Don't reinvent the wheel. Build and extend the work of others. Learn by example. See http://www.cisco.com/go/ciscobeyond.

Product Architecture

Cisco IOS Embedded Event Manager is a primarily product-independent software feature consisting of a series of event detectors, an Embedded Event Manager server, and interfaces to allow action routines called policies to be invoked. There are also internal application programming interfaces for other Cisco IOS Software subsystems to take advantage of the EEM subsystem. The diagram in Figure 1 illustrates the EEM components.

Figure 1. EEM Architecture

Notice there are two types of EEM policies:

• Applet policies: Easy-to-use interface; defined using the configuration CLI

• Tcl policies: More flexible and extensive capabilities; defined using the Tcl programming language

Once one or more policies are defined, the event detector software will watch for the conditions that match those defined by the policy. When a condition occurs, the event is passed to the event manager server. The server then invokes any policy that has registered for that particular event. The actions defined within the policy are then carried out.

Each type of event has specific options, parameters, and detailed information that is available to the policy when it is invoked. All of these details are described in the Cisco IOS Software documentation.

Feature Specifications

Please use the Cisco IOS Software Feature Navigator application on Cisco.com to check the latest information on software and product availability. Click http://cisco.com/go/fn. Table 2 includes the EEM feature availability information.

Table 2. Feature Specifications


Product compatibility	EEM is available for the Catalyst® 6500 Series Switches, Cisco Integrated Services Routers, Cisco 7200 Series Routers, Cisco 7300 Series Routers, Cisco 7600 Series Routers, and Cisco 10000 Series Routers; EEM is also available for the Catalyst 4500 Series Switches and the Catalyst 3700 Series Switches and the ASR-1000 Series Routers. Please refer to the Cisco IOS Software Feature Navigator for the latest device support information.
Software compatibility	EEM is available in Cisco IOS Software Release 12.2SX, 12.2SR, 12.2SB, 12.4, and 12.4T, 15.0M, 12.2SG, 12.2SE, Cisco IOS XE, and future versions. EEM function is also included in Cisco IOS XR and Cisco NX OS.
Software packaging	Some Cisco products require an enhanced feature set license to acquire support for EEM. Please refer to the Cisco IOS Software Feature Navigator for the latest packaging information.

System Requirements

The EEM software subsystem will consume CPU and memory resources in its operation. Tcl-based policies reside on flash memory and will take up space. Customers should examine the operation in their environment to make sure resources exist for their specific scenarios. Some basic guidelines are included in Table 3.

Table 3. System Requirements


Disk space	Tcl-based policies are files stored on flash disk. The amount of space required depends on the size and number of policies and any programmed storage requirements.
Hardware	CPU utilization requirements are solution dependent.
Memory	Each Tcl-based policy will use approximately 500 KB when initialized. Beyond that, utilization is specific to the policy's operational requirements.
Software	A Tcl interpreter is included within Cisco IOS Software. The current version is Tcl 8.3.4.

Service and Support

Using the Cisco Lifecycle Services approach, Cisco and its partners provide a broad portfolio of end-to-end services and support that can help increase your network's business value and return on investment. This approach defines the minimum set of activities needed, by technology and by network complexity, to help you successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of your network.

Customers authorized for service and support may contact the Cisco Technical Assistance Center (TAC) for issues related to EEM. The TAC will resolve problems related to the operation of the EEM infrastructure. Help for script logic problems will be provided on a best-effort basis. There is also developer support service available for custom EEM policy development from Cisco Services.

More extensive script development services are available on request.

For More Information

For more information about the Cisco IOS Embedded Event Manager, visit http://cisco.com/go/eem, contact your local account representative, or send email to maskabouteem@cisco.com.

Contact Cisco

Was this Document Helpful?

Feedback