Friday, April 12, 2013

BGP Email Alert from Router using Cisco EEM

Here was a fun thing.  A customer wanted to get email alerts when BGP changed status on their routers.  I used Cisco Embedded Event Manager (EEM) Scripting to achieve this.

I was able to run this on IOS 15.1.(4).


router bgp xx
bgp log-neighbor-changes

event manager environment _email_to customeremail@customer.com
event manager environment _email_server customer-mail-server.com
event manager environment _email_from Router-Hostname@customer.com
event manager applet BGP-Alert
event syslog pattern "%BGP-5-ADJCHANGE:*"

action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time:" body "$_syslog_msg"

action 1.5 syslog priority notifications msg "BGP Message - Mail Sent"


Configure the BGP process to log neighbor changes.
When the router matches a syslog entry for %BGP-5-ADJCHANGE: an email will be generated using the environment paramaters you set.
The router will also log a message in syslog that the mail was sent.

Keep in mind the IP's for the interfaces will need to be allowed to send mail on your mail server.  If this isn't working for you, run a debug on eem.  If the problem is the mail server rejecting the mail, it is pretty easy to decipher.

Sample down message:

From: Router-Hostname@customer.com

2883577: .Apr 10 02:45:59.928 EDT: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down Interface flap


Cisco EEM Best Practices:
https://supportforums.cisco.com/docs/DOC-12757

Cisco EEM Basic Overview and examples:
https://supportforums.cisco.com/docs/DOC-27996