EEM (Embedded Event Manager) is pretty powerful for scripting changes to routers and switches. It's supported in IOS, but not on ASAs or Nexus switches (NX-OS). It allows you to script IOS commands which you can run manually, or through using kron, at a time of your choosing.
Here we will go through two scripts, they are very similar, but one will run at a preconfigured time, the other will run when there is a change to the system.
The scripts will perform a backup of the running configuration to an SCP server, so it's nice and secure, and it will send an email when the script has completed.
We start by defining a couple of variables to set the email server and the recipient:
R1(config)#event manager environment _email_server 1.1.1.1 R1(config)#event manager environment _email_to user@domain.comWe then start defining our script for the scheduled backup. We create an event manager "applet" and give it a name:
event manager applet SCHEDULED-BACKUP-CFGWe then set the event type to none - we'll cover the options for this on the next script.
event noneNext we start defining the commands we will use. These are all numbered actions. The first action we will use is to get the router name (this works the same for switches) so we can use it in our script:
action 0.1 info type routernameNext we can enter the commands to perform the backup
action 1.0 cli command "enable" action 1.1 cli command "copy run scp:" pattern "Address" action 1.2 cli command "1.1.1.10" pattern "username" action 1.3 cli command "root" pattern "filename" action 1.4 cli command "/backup/routers/$_info_routername-config" pattern "Password" action 1.5 cli command "Passw0rd"The first line sends us into enable mode.
The second line sends the command "copy run scp:" and we define a pattern, which will match the next line (1.2), so when the router returns a line with the pattern "Address" in it, it will send the IP address of the SCP server (1.1.1.10).
Again the script will then specify a pattern for the next line (1.3) which it expects to be "username", and we will send the username of "root".
The router will respond with a line asking for the destination filename, which we match with the pattern "filename", and will send the filename in line 1.4.
Because we defined a variable in line 0.1 which captures the routername we can supply this as part of the filename, along with the path on the SCP server, so if our router is called "R!" the filename we send would be "/backup/routers/R1-config".
Lastly as we are expecting the router to return a prompt for the root user's password we send that in line 1.5.
We will finish with a couple of actions, firstly to send an email to us to confirm that the backup has worked, secondly to log the actions in the event log:
action 2.0 mail server "$_email_server" to "$_email_to" from "$_info_routername@domain.com" subject "Backup completed" body "Backup completed" action 3.0 syslog priority informational msg "Config change detected. Copy to SCP succesfull"We must then exit from EEM in order to save our applet:
exitThe full command sequence would look like this:
R1(config)#event manager environment _email_server 1.1.1.1 R1(config)#event manager environment _email_to user@domain.com R1(config)#event manager applet SCHEDULED-BACKUP-CFG R1(config-applet)#event none R1(config-applet)#action 0.1 info type routername R1(config-applet)#action 1.0 cli command "enable" R1(config-applet)#action 1.1 cli command "copy run scp:" pattern "Address" R1(config-applet)#action 1.2 cli command "1.1.1.10" pattern "username" R1(config-applet)#action 1.3 cli command "root" pattern "filename" R1(config-applet)#action 1.4 cli command "/backup/routers/$_info_routername-config" pattern "Password" R1(config-applet)#action 1.5 cli command "Passw0rd" R1(config-applet)#action 2.0 mail server "$_email_server" to "$_email_to" from "$_info_routername@domain.com" subject "Backup completed" body "Backup completed" R1(config-applet)#action 3.0 syslog priority informational msg "Config change detected. Copy to SCP succesfull" R1(config-applet)#exit R1(config)#We can run this command whenever we like using the command:
R1#event manager run SCHEDULED-BACKUP-CFGAll being well you should receive an email stating that the backup has been performed.
We can set this applet to run at a schedule of our choosing by using the kron scheduler.
For this we create a new kron job called "weekly-backup" which will occur at 1am every sunday. The kron job will call a policy, called "SCHEDULED-BACKUP-CFG", which in turn runs the cli command that calls our EEM script:
R1(config)# kron occurrence weekly-backup at 01:00 sun recurring R1(config-kron-occurrence)# policy-list SCHEDULED-BACKUP-CFG R1(config-kron-occurrence)# exit R1(config)# kron policy-list SCHEDULED-BACKUP-CFG R1(config-kron-policy)# cli event manager run SCHEDULED-BACKUP-CFG R1(config-kron-policy)# exitThe next script will perform ad-hoc backups whenever the configuration is saved. In order to do this we will capture a syslog event, and that event is matched using a pattern of "%SYS-5-CONFIG_I: Configured from", so that when a change is made we get an email telling us so.
Instead of using "event none" we are now using "event syslog pattern "%SYS-5-CONFIG_I: Configured from"" to capture the event.
event manager applet ADHOC-BACKUP-CFG event syslog pattern "%SYS-5-CONFIG_I: Configured from" action 0.1 info type routername action 1.0 cli command "enable" action 1.1 cli command "copy run scp:" pattern "Address" action 1.2 cli command "1.1.1.10" pattern "username" action 1.3 cli command "root" pattern "filename" action 1.4 cli command "/backup/routers/$_info_routername-config" pattern "Password" action 1.5 cli command "Passw0rd" action 2.0 mail server "$_email_server" to "$_email_to" from "$_info_routername@domain.com" subject "Backup completed" body "Backup completed" action 3.0 syslog priority informational msg "Config change detected. Copy to SCP succesfull" exitEEM is not hard to get into, probably the hardest part is working out the pattern matching. When you do start getting into it you will realise that you can use it for a wide range of tasks.