Embedded Event Manager
This chapter describes how to configure the Embedded Event Manager (EEM).
- Information About the EEM
- Licensing Requirements for the EEM
- Guidelines and Limitations
- Creating an Event Manager Applet
- Configuring a Syslog Event
- Configuring a Watchdog (Periodic) Timer Event
- Configuring a Countdown (One-shot) Timer Event
- Configuring an Absolute (Once-A-Day) Timer Event
- Configuring a Crash Event
- Configuring an Action on an Event Manager Applet
- Configuring Destinations for Output from an Action
- Running an Event Manager Applet
- Invoking an Event Manager Applet Manually
- Monitoring the EEM
- Feature History for the EEM
Information About the EEM
The EEM feature enables you to debug problems and provides general purpose logging for troubleshooting. There are two components: events to which the EEM responds or listens, and event manager applets that define actions as well as the events to which the EEM responds. You may configure multiple event manager applets to respond to different events and perform different actions.
Supported Events
The EEM supports the following events:
- Syslog—The ASA uses syslog message IDs to identify syslog messages that trigger an event manager applet. You may configure multiple syslog events, but the syslog message IDs may not overlap within a single event manager applet.
- Timers—You may use timers to trigger events. You may configure each timer only once for each event manager applet. Each event manager applet may have up to three timers. The three types of timers are the following:
–
Watchdog (periodic) timers trigger an event manager applet after the specified time period following the completion of the applet’s actions and restart automatically.
– Countdown (one-shot) timers trigger an event manager applet once after the specified time period and do not restart unless they are removed, then re-added.
– Absolute (once-a-day) timers cause an event to occur once a day at a specified time, and restart automatically. The time-of-day format is in hh:mm:ss.
You may configure only one timer event of each type for each event manager applet.
- None—The none event is triggered when you run an event manager applet manually using the CLI or ASDM.
- Crash—The crash event is triggered when the ASA crashes. Regardless of the value of the output command, the action commands are directed to the crashinfo file. The output is generated before the show tech command.
Configuring Actions
When an event manager applet is triggered, the actions on the event manager applet are performed. Each action has a number that is used to specify the sequence of the actions. The sequence number must be unique within an event manager applet. You may configure multiple actions for an event manager applet. The commands are typical CLI commands, such as show blocks.
Configuring Output Destinations
You may send the output of the action CLI commands to one of three locations:
- None, which is the default and discards the output
- Console, which sends the output to the ASA console
- File, which sends the output to a file. The following four file options are available:
– Create a unique file, which creates a new, uniquely named file each time that an event manager applet is invoked
– Create/overwrite a file, which overwrites a specified file each time that an event manager applet is invoked.
– Create/append to a file, which appends to a specified file each time that an event manager applet is invoked. If the file does not yet exist, it is created.
– Create a set of files, which creates a set of uniquely named files that are rotated each time that an event manager applet is invoked
Licensing Requirements for the EEM
The following table shows the licensing requirements for this feature:
|
|
|
|---|---|
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Supported in single mode only. Not suported in multiple context mode.
Supported in routed and transparent firewall modes.
- During a crash, the state of the ASA is generally unknown. Some commands may not be safe to run during this condition.
- The name of an event manager applet may not contain spaces.
- You cannot modify the None event and Crashinfo event parameters.
- Performance may be affected because syslog messages are sent to the EEM for processing.
- The default output is output none for each event manager applet. To change this setting, you must enter a different output value.
- You may have only one output option defined for each event manager applet.
Creating an Event Manager Applet
To create an event manager applet that links events with actions and output, perform the following steps:
Step 1 In ASDM, choose Configuration > Device Management > Advanced > Embedded Event Manager.
Step 2 Click Add to display the Add Event Manager Applet dialog box. To modify an existing event manager applet, click Edit. To remove an existing event manager applet, click Delete.
Step 3 Enter the name of the applet (without spaces) and describe what it does. The description may be up to 256 characters long. You may include spaces in description text if it is placed within quotes.
Step 4 In the Events area, click Add to display the Add Event Manager Applet Event dialog box.
Step 5 Choose the event type that you want to configure from the Type drop-down list. The available options are None, Syslog, Once-a-day timer, One-shot timer, and Periodic timer.
Configuring a Syslog Event
To configure a syslog event, perform the following steps:
Step 1 Choose Syslog from the Type drop-down list.
Step 2 Enter a single syslog message or a range of syslog messages. If a syslog message occurs that matches the specified individual syslog message or range of syslog messages, an event manager applet is triggered.
Step 3 (Optional) In the occurrences field, enter the number of times that the syslog message must occur for an event manager applet to be invoked. The default is 1 occurrence every 0 seconds. Valid values are from 1 - 4294967295.
Step 4 (Optional) In the period field, enter the number of seconds within which the syslog messages must occur to invoke the action. This value limits how frequently an event manager applet is invoked to at most once in the configured period. Valid values are from 0 - 604800. A value of 0 means that no period is defined.
Step 5 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added syslog event appears in the Events list. To modify this event, click Edit. To remove this event, click Delete.
Step 6 Click OK to close the Add Event Manager Applet dialog box.
The newly added Syslog event appears in the Embedded Event Manager pane.
Configuring a Watchdog (Periodic) Timer Event
To configure a watchdog (periodic) timer event, perform the following steps:
Step 1 Choose Periodic timer from the Type drop-down list.
Step 2 Enter the time period in seconds. The number of seconds may range from 1 - 604800.
Step 3 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added Periodic timer event appears in the Events list. To modify this timer event, click Edit. To remove this timer event, click Delete.
Step 4 Click OK to close the Add Event Manager Applet dialog box.
The newly added Periodic timer event appears in the Embedded Event Manager pane.
Configuring a Countdown (One-shot) Timer Event
To configure a countdown (one-shot) timer event, enter the following command:
Step 1 Choose One-shot timer from the Type drop-down list.
Step 2 Enter the time period in seconds. The number of seconds may range from 1 - 604800.
Step 3 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added One-shot timer event appears in the Events list. To modify this timer event, click Edit. To remove this timer event, click Delete.
Step 4 Click OK to close the Add Event Manager Applet dialog box.
The newly added One-shot timer event appears in the Embedded Event Manager pane.
Configuring an Absolute (Once-A-Day) Timer Event
To configure an absolute (once-a-day) timer event, enter the following command:
Step 1 Choose Once-a-Day timer from the Type drop-down list.
Step 2 Enter the time of day in hh:mm:ss. The time range is from 00:00:00 (midnight) to 23:59:59.
Step 3 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added One-shot timer event appears in the Events list. To modify this timer event, click Edit. To remove this timer event, click Delete.
Step 4 Click OK to close the Add Event Manager Applet dialog box.
The newly added One-shot timer event appears in the Embedded Event Manager pane.
Configuring a Crash Event
To configure a crash event, perform the following steps:
Step 1 Choose crashinfo from the Type drop-down list.
Step 2 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added crashinfo event appears in the Events list. You may not modify the parameters for this event type.
Step 3 Click OK to close the Add Event Manager Applet dialog box.
The newly added crashinfo event appears in the Embedded Event Manager pane.
Configuring an Action on an Event Manager Applet
To configure an action on an event manager applet, perform the following steps:
Step 1 Click Add to display the Add Event Manager Applet dialog box.
Step 2 Enter the name of the applet (without spaces) and describe what it does. The description may be up to 256 characters long.
Step 3 In the Actions area, click Add to display the Add Event Manager Applet Action dialog box.
Step 4 Enter the unique sequence number in the Sequence # field. Valid sequence numbers range from 0 - 4294967295.
Step 5 Enter the CLI command in the CLI Command field. The command runs in global configuration mode as a user with privilege level 15 (the highest). The command may not accept any input, because it is disabled.
Step 6 Click OK to close the Add Event Manager Applet Action dialog box.
The newly added action appears in the Actions list. To modify this action, click Edit. To remove this action, click Delete.
Step 7 Click OK to close the Add Event Manager Applet dialog box.
The newly added action appears in the Embedded Event Manager pane.
Configuring Destinations for Output from an Action
To configure specific destinations for sending output from an action, choose one of the available output destination options (None, Console, or File), then perform the following steps:
Step 1 In the Add Event Manager Applet dialog box, choose the None option from the Output Location drop-down list.
This option discards any output from the action commands and is the default setting.
Step 2 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
Step 1 In the Add Event Manager Applet dialog box, choose the Console option from the Output Location drop-down list.
This option sends the output of the action commands to the console.
Note Running this command affects performance.
Step 2 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
Step 1 In the Add Event Manager Applet dialog box, choose the File option from the Output Location drop-down list.
The Create a unique file option is automatically selected as the default. This option sends the output of the action commands to a new file for each event manager applet that is invoked. The filename has the format of eem- applet - timestamp.log, in which applet is the name of the event manager applet and timestamp is a dated timestamp in the format of YYYYMMDD-hhmmss.
Step 2 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
New Set of Rotated Files Option
Step 1 In the Add Event Manager Applet dialog box, choose the File option from the Output Location drop-down list.
Step 2 Choose the Create a set of files option from the drop-down list. This option creates a set of files that are rotated. When a new file is to be written, the oldest file is deleted, and all subsequent files are renumbered before the first file is written. The newest file is indicated by 0, and the oldest file is indicated by the highest number. Valid values for the rotate value range from 2 - 100. The filename format is eem- applet - x.log, in which applet is the name of the applet, and x is the file number.
Step 3 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
Single Overwritten File Option
Step 1 In the Add Event Manager Applet dialog box, choose the File option from the Output Location drop-down list.
Step 2 Choose the Create/overwrite a file option from the drop-down list.
This option writes the action command output to a single file, which is overwritten every time.
Step 3 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
Step 1 In the Add Event Manager Applet dialog box, choose the File option from the Output Location drop-down list.
Step 2 Choose the Create/append a file option from the drop-down list.
This option writes the action command output to a single file, but that file is appended to every time.
Step 3 Click OK to close the Add Event Manager Applet dialog box.
The specified output destination appears in the Embedded Event Manager pane.
Running an Event Manager Applet
To run an event manager applet, perform the following steps:
Step 1 In the Embedded Event Manager pane, select an event manager applet from the list that has been configured with a None event.
Invoking an Event Manager Applet Manually
To invoke an event manager applet manually, perform the following steps:
Step 1 Choose None from the Type drop-down list.
Step 2 Click OK to close the Add Event Manager Applet Event dialog box.
The newly added None event appears in the Events list. You may not modify the parameters for this event type.
Step 3 Click OK to close the Add Event Manager Applet dialog box.
The newly added None event appears in the Embedded Event Manager pane.
Step 4 Click Run to invoke this event manager applet.
Monitoring the EEM
Step 1 In ASDM, choose Monitoring > Properties > EEM Applets.
Step 2 Click Refresh to update the list of EEM applets and their hit count value.
Feature History for the EEM
Table 49-1 lists each feature change and the platform release in which it was implemented. ASDM is backward-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.
Feedback