The Cisco IOS Embedded Event Manager (EEM) is a unique subsystem within Cisco IOS Software. EEM is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS and the operation of the device. Customers can use EEM to create and run programs or scripts directly on a router or switch. The scripts are referred to as EEM Policies and can be programmed using a simple CLI-based interface or using a scripting language called Tool Command Language (Tcl). EEM allows customers to harness the significant intelligence within Cisco IOS Software to respond to real-time events, automate tasks, create customer commands and take local automated action based on conditions detected by the Cisco IOS Software itself.
The latest version of the EEM subsystem within Cisco IOS is EEM v2.4.
Applications
The applications are endless and only limited by your imagination.
Suppose, for example, you would like to automatically configure a switch interface depending on the device that is connected to a port or interface, an IP phone for instance. A script can be devised that is triggered on the interface up condition and determines the details of the connected device. Upon discovery and verification of a newly connected IP phone, the port can be automatically configured according to prescribed parameters.
Another example might be to react to an abnormal condition such as the detection of a high error rate on an interface by forcing transit traffic over a more stable and error-free path. The EEM can watch for the increased error rate and trigger a policy into action. The policy could notify network operations personnel and take immediate action to reroute traffic.
A third example might be to collect detailed data upon detection of a specific failure condition in order to gather information that can allow the root cause of the problem to be determined faster, leading to a lower mean time to repair and higher availability. EEM could detect a specific Syslog message and trigger a script to collect detailed data using a series of show commands. After automatically collecting the data, it can be saved to flash memory or sent to an external management system or sent via email to a network operator.
The control is in the network administrator's hands. You control what events to detect and what actions to take. EEM is optional-it is up to the network administrator, if and when it should be used and only takes the actions you program it to take.
Features and Benefits
Cisco IOS Embedded Event Manager provides a level of embedded systems management not previously seen in Cisco IOS Software. Over fifteen event detectors provide an extensive set of conditions that can be monitored and defined as event triggers. The system is extensible with new capabilities and further subsystem integration is planned. The feature is product independent and available across a wide range of Cisco products.
EEM Version 2.4
The latest version of the EEM subsystem is EEM v2.4. This version ushers in a significant number of enhancements over previous versions. With EEM v2.4 comes:
• Two new event detectors
– Remote Procedure Call Event Detector
Allows for programs outside of the device to invoke specific device-resident, embedded policies by sending a SOAP request over an SSHv2 connection. The device-resident policy runs on the device and may reply with information in a subsequent SOAP response.
– SNMP Proxy Event Detector
Creates events when a specified SNMP trap or inform is received at the device. This allows for policies to be triggered by events from other devices.
• Multiple Event Correlation
– EEM 2.4 now allows for multiple events to be considered for policy invocation. Previously a single event specification triggered a policy. Now up to 8 events may be correlated together using logical operators allowing for more granular and very powerful policy triggers.
• Script Policy Refresh
– This feature allows for easy management, distribution, and update of device resident polices using a pull model.
• Several additional ease of use enhancements and extensions such as:
– Interface Counter ED-rate based trigger; Bytecode support; Support for parameters on the event manager run command; Clear command to kill a policy; Registration substitution enhancement; SNMP ED enhancement-delta value; Tcl Package support
Table 1. Features and Benefits
Feature
Benefit
Extensible and Powerful Subsystem Architecture
Architecture
The EEM subsystem is designed with modularity in mind. It consists of Event Detectors, an Event Manager Server, and action routines called Policies
CLI interface
An interface to the Cisco IOS CLI to allow automated commands and access to any information that can be displayed
Policy scheduler
EEM policies are scheduled one at a time or concurrently according to the number of threads configured
Built-in actions
Policies can invoke a number of built-in actions for easy automation
Allows execution of an EEM policy by direct command, event manager run.
Object Tracking
Integration with Enhanced Object Tracking (EOT).
OIR
Card Online Insertion & Removal detection.
Remote Procedure Call
Allows for authorized programs outside of the device to invoke specific device-resident, embedded policies by sending a SOAP request over an SSHv2 connection.
Resource Threshold
Integration with Embedded Resource Manager, supersedes Memory Threshold ED.
Creates events when a specified SNMP trap or inform is received at the device. This allows for policies to be triggered by events from other devices.
Syslog
Regular expression pattern match on emitted Syslog messages.
Timer
Custom timed events.
IOS Watchdog Monitor
Cisco IOS scheduler, watchdog events.
WDSysMon
Cisco IOS Software Modularity: System monitor event.
Secure System Operation
EEM scripts run within system constraints
Protects system from harm. ie: A looping script will not stop Cisco IOS Software.
User scripts run in Safe-Tcl mode
Certain programmable options are disabled for protection
Controlled environment
Only a network administrator with privileged access can define and set up EEM scripts. No one else can install software to compromise the system.
Support for TACACS+/RADIUS
EEM scripts can be associated with a configured User ID and be checked for permission.
EEM is optional
If you don't want to use this powerful capability, you don't have to enable it.
Online Scripting Community
Cisco Beyond-Product Extension Community
A place for customers to share and download scripts. Don't reinvent the wheel. Build and extend the work of others. Learn by example. See http://www.cisco.com/go/ciscobeyond.
Product Architecture
The Cisco IOS Embedded Event Manager is a product independent software feature consisting of a series of Event Detectors, an Embedded Event Manager Server, and interfaces to allow action routines called Policies to be invoked. There are also internal application programming interfaces for other Cisco IOS Software subsystems to take advantage of the EEM subsystem. The diagram in Figure 1 illustrates the EEM components.
Figure 1. EEM Architecture
Notice there are two types of EEM Policies:
• Applet Policies-Easy-to-use interface, defined using the configuration CLI
• Tcl Policies-More flexible and extensive capabilities, defined using the Tcl programming language
Once one or more policies are defined, the Event Detector software will watch for the conditions that match those defined by the policy. When a condition occurs, the event is passed to the Event Manager Server. The server then invokes any policy that has registered for that particular event. The actions defined within the policy are then carried out.
Each type of event has specific options, parameters and detailed information that is available to the policy when it is invoked. All of these details are described in the Cisco IOS Software documentation.
Feature Specifications
Please use the Cisco IOS Feature Navigator application on Cisco.com to check the latest information on software and product availability. Click on http://cisco.com/go/fn. The following table includes the EEM feature availability information.
Table 2. Feature Specifications
Product Compatibility
EEM is available for the Catalyst 6500 Series Switches, Cisco Integrated Services Routers, Cisco 7200 Series Routers, Cisco 7300 Series Routers, Cisco 7600 Series Routers, Cisco 10000 Series Routers; EEM is also available for the Catalyst 4500 Series Switches and the Catalyst 3700 Series Switches and the ASR-1000 Series Routers. Please refer to the Cisco IOS Feature Navigator for the latest device support information.
Software Compatibility
EEM is available in Cisco IOS Software Releases 12.2SX, 12.2SR, 12.2SB, 12.4, and 12.4T, 12.2SG, 12.2SE, Cisco IOS-XE and future versions.
Software Packaging
Some Cisco products require an enhanced feature set license to acquire support for EEM. Please refer to the Cisco IOS Feature Navigator for the latest packaging information.
System Requirements
The EEM software subsystem will consume CPU and memory resources in its operation. Tcl-based policies reside on flash and will take up space. Customers should examine the operation in their environment to ensure resources exist for their specific scenarios. Some basic guidelines are included in Table 3.
Table 3. System Requirements
Disk Space
Tcl-based policies are files stored on flash disk. The amount space required depends on the size and number of policies and any programmed storage requirements
Hardware
CPU utilization requirements are solution dependent
Memory
Each Tcl-based policy will use approximately 400KB when initialized. Beyond that utilization is specific to the policy's operational requirements
Software
A Tcl interpreter is included within the Cisco IOS Software. The current version is Tcl 8.3.4.
Service and Support
Using the Cisco Lifecycle Services approach, Cisco and its partners provide a broad portfolio of end-to-end services and support that can help increase your network's business value and return on investment. This approach defines the minimum set of activities needed, by technology and by network complexity, to help you successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of your network.
Customers authorized for service and support may contact the Cisco Technical Assistance Center (TAC) for issues related to EEM. The TAC will resolve problems related to the operation of the EEM infrastructure. Help for script logic problems will be provided on a best-effort basis.
More extensive script development services are available on request.
For More Information
For more information about the Cisco IOS Embedded Event Manager, visit http://cisco.com/go/eem or contact your local account representative or send email to askabouteem@cisco.com.
