Configuring EAA·· 1

Overview·· 1

EAA framework· 1

Elements in a monitor policy· 2

EAA environment variables 3

Configuring a user-defined EAA environment variable· 4

Configuring a monitor policy· 5

Configuration restrictions and guidelines 5

Configuring a monitor policy from the CLI 5

Configuring a monitor policy by using Tcl 7

Suspending monitor policies 8

Displaying and maintaining EAA settings 9

EAA configuration examples 9

CLI-defined policy configuration example· 9

Tcl-defined policy configuration example· 10

 

Overview

Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts.

EAA framework

EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in Figure 1.

Figure 1 EAA framework

 

Event sources

Event sources are software or hardware modules that create events (see Figure 1).

For example, the CLI module creates an event when you enter a command. The Syslog module (the information center) produces an event when it receives a log message.

Event monitors

EAA creates one event monitor to monitor the system for the event specified in each monitor policy. An event monitor notifies the RTM to run the monitor policy when the monitored event occurs.

RTM

RTM manages the creation, state machine, and execution of monitor policies.

EAA monitor policies

A monitor policy specifies the event to monitor and actions to take when the event occurs.

You can configure EAA monitor policies by using the CLI or Tcl.

A monitor policy contains the following elements:

·     One event.

·     A minimum of one action.

·     A minimum of one user role.

·     One running time setting.

For more information, see "Elements in a monitor policy."

Elements in a monitor policy

Event

Table 1 shows types of events that EAA can monitor.

Table 1 Monitored events

Event type	Description
CLI	CLI event occurs in response to monitored operations performed at the CLI. For example, a command is entered, a question mark (?) is entered, or the Tab key is pressed to complete a command.
Syslog	Syslog event occurs when the information center receives the monitored log within a specific period. NOTE: The log that is generated by the EAA RTM does not trigger the monitor policy to run.
Process	Process event occurs in response to a state change of the monitored process (such as an exception, shutdown, start, or restart), regardless of whether the change is caused by an automatic system task or a manual task performed from the CLI.
Hotplug	Hotplug event occurs when the monitored card is swapped while the device is operating.
Interface	Each interface event is associated with two user-defined thresholds: start and restart. An interface event occurs when the monitored interface traffic statistic crosses the start threshold in the following situations: ·     The statistic crosses the start threshold for the first time. ·     The statistic crosses the start threshold each time after it crosses the restart threshold.
SNMP	Each SNMP event is associated with two user-defined thresholds: start and restart. SNMP event occurs when the monitored MIB variable's value crosses the start threshold in the following situations: ·     The monitored variable's value crosses the start threshold for the first time. ·     The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.
SNMP_Notification	SNMP_Notification event occurs when the monitored MIB variable's value in an SNMP notification matches the specified condition. For example, the broadcast traffic rate on an Ethernet interface is equal to or greater than 30%.

 

Action

You can create a series of order-dependent actions to take in response to the event specified in the monitor policy.

The following are available actions:

·     Executing a command.

·     Sending a log.

·     Enabling an active/standby switchover.

·     Executing a reboot without saving the running configuration.

User role

For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.

For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.

For more information about user roles, see RBAC in Fundamentals Configuration Guide.

Runtime

Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. This setting prevents system resources from being occupied by incorrectly defined policies.

EAA environment variables

EAA environment variables decouple the configuration of action arguments from the monitor policy so you can modify a policy easily.

An EAA environment variable is defined as a <variable_name variable_value> pair and can be used in different policies. When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.

To change the value for an action argument, modify the value specified in the variable pair instead of editing each affected monitor policy.

EAA environment variables include system-defined variables and user-defined variables.

System-defined variables

System-defined variables are provided by default, and they cannot be created, deleted, or modified by users. System-defined variable names start with an underscore (_) sign. The variable values are set automatically by the system depending on the event setting in the policy that uses the variables.

System-defined variables include the following types:

·     Public variable—Available for any events.

·     Event-specific variable—Available only for a type of event.

Table 2 shows all system-defined variables.

Table 2 System-defined EAA environment variables by event type

Variable name	Description
Any event:
_event_id	Event ID.
_event_type	Event type.
_event_type_string	Event type description.
_event_time	Time when the event occurs.
_event_severity	Severity level of an event.
CLI:
_cmd	Commands that are matched.
Syslog:
_syslog_pattern	Log message content.
Hotplug:
_slot	ID of the slot where a hot swap event occurs.
_subslot	ID of the subslot where a hot swap event occurs.
Interface:
_ifname	Interface name.
SNMP:
_oid	OID of the MIB variable where an SNMP operation is performed.
_oid_value	Value of the MIB variable.
SNMP_Notification:
_oid	OID that is included in the SNMP notification.
Process:
_process_name	Process name.

 

User-defined variables

You can use user-defined variables for all types of events.

User-defined variable names can contain digits, characters, and the underscore sign (_), except that the underscore sign cannot be the leading character.

Configuring a user-defined EAA environment variable

Configure a user-defined EAA environment variable before you use it in an action.

To configure a user-defined EAA environment variable:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Configure a user-defined EAA environment variable.	rtm environment var-name var-value	By default, no user-defined environment variables are configured. The system provides the system-defined variables in Table 2.

 

Configuring a monitor policy

You can configure a monitor policy by using the CLI or Tcl.

Configuration restrictions and guidelines

When you configure monitor policies, follow these restrictions and guidelines:

·     Make sure the actions in different policies do not conflict. Policy execution result will be unpredictable if policies that conflict in actions are running concurrently.

·     You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.

·     The system executes the actions in a policy in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

Configuring a monitor policy from the CLI

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter CLI-defined policy view.	rtm cli-policy policy-name	If the policy does not exist, this command creates the policy first.
3.     Configure an event in the policy.	·     Configure a CLI event: event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp ·     Configure a hotplug event (in standalone mode): event hotplug slot slot-number ·     Configure a hotplug event (in IRF mode): event hotplug chassis chassis-number [ slot slot-number ] ·     Configure an interface event: event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] ·     Configure a process event (in standalone mode): event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ] ·     Configure a process event (in IRF mode): event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ] ·     Configure an SNMP event: event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] ·     Configure an SNMP_Notification event: event snmp-notification oid oid oid-val oid-val op op [ drop ] ·     Configure a Syslog event: event syslog priority level msg msg-body occurs times period period	By default, a monitor policy does not contain an event. You can configure only one event in a monitor policy. If the monitor policy already contains an event, the new event overrides the old event.
4.     Configure the actions to take when the event occurs.	·     Configure the action to execute a command: action number cli command-line ·     Configure a reboot action (in standalone mode): action number reboot [ slot slot-number ] ·     Configure a reboot action (in IRF mode): action number reboot [ chassis chassis-number [ slot slot-number ] ] ·     Configure a logging action: action syslog priority level facility local-number msg msg-body ·     Configure an active/standby switchover action: action number switchover	By default, a monitor policy does not contain any actions. Repeat this step to add a maximum of 232 actions to the policy. When you define an action, you may choose to specify a value or specify a variable name in $variable_name format for an argument.
5.     (Optional.) Assign a user role to the policy.	user-role role-name	By default, a monitor policy contains user roles that its creator had at the time of policy creation. A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect. An EAA policy cannot have both the security-audit user role and any other user roles. Any previously assigned user roles are automatically removed when you assign the security-audit user role to the policy. The previously assigned security-audit user role is automatically removed when you assign any other user roles to the policy.
6.     (Optional.) Configure the maximum policy runtime.	running-time time	The default runtime is 20 seconds.
7.     Enable the policy.	commit	By default, CLI-defined policies are not enabled. A CLI-defined policy can take effect only after you perform this step.

 

Configuring a monitor policy by using Tcl

Step	Command	Remarks
1.     Edit a Tcl script file (see Table 3).	N/A	The supported Tcl version is 8.5.8.
2.     Download the file to the device by using FTP or TFTP.	N/A	For more information about using FTP and TFTP, see Fundamentals Configuration Guide.
3.     Enter system view.	system-view	N/A
4.     Create a Tcl-defined policy and bind it to the Tcl script file.	rtm tcl-policy policy-name tcl-filename	By default, the system does not have Tcl policies. This step enables the Tcl-defined policy. To revise the Tcl script of a policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending policies.

 

Write a Tcl script in two lines for a monitor policy, as shown in Table 3.

Table 3 Tcl script requirements

Line	Content	Requirements
Line 1	Event, user roles, and policy runtime	This line must take the following format: ::comware::rtm::event_register eventname arg1 arg2 arg3 …user-role rolename1 | [ user-role rolename2 | [ ] ][ running-time running-time ] NOTE: The Tcl keyword for the SNMP_Notification event is snmp_notification instead of snmp-notification.
Line 2	Actions	You can reference a variable name in the $variable_name format instead of specifying a value for an argument when you define an action. The following actions are available: ·     Standard Tcl commands. ·     EAA-specific Tcl commands. ·     Commands supported by the device.

 

Suspending monitor policies

This task suspends all CLI-defined and Tcl-defined monitor policies except for the policies that are running.

To suspend monitor policies:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Suspend monitor policies.	rtm scheduler suspend	To resume monitor polices, use the undo rtm scheduler suspend command.

 

Displaying and maintaining EAA settings

Execute display commands in any view.

 

Task	Command
Display user-defined EAA environment variables.	display rtm environment [ var-name ]
Display EAA monitor policies.	display rtm policy { active | registered } [ policy-name ]

 

EAA configuration examples

CLI-defined policy configuration example

Network requirements

Configure a policy from the CLI to monitor the event that occurs when a question mark (?) is entered at the command line that contains letters and digits.

When the event occurs, the system executes the command and sends the log message "hello world" to the information center.

Configuration procedure

# Enter system view.

<Sysname> system-view

# Create the CLI-defined policy test and enter its view.

[Sysname] rtm cli-policy test

# Add a CLI event that occurs when a question mark (?) is entered at any command line that contains letters and digits.

[Sysname-rtm-test] event cli async mode help pattern [a-zA-Z0-9]

# Add an action that sends the message "hello world" with priority 4 from device local3 when the event occurs.

[Sysname-rtm-test] action 0 syslog priority 4 facility local3 msg “hello world”

# Add an action that enters system view when the event occurs.

[Sysname-rtm-test] action 2 cli sy

# Add an action that creates VLAN 2 when the event occurs.

[Sysname-rtm-test] action 3 cli vlan 2

# Set the maximum runtime of the policy to 2000 seconds. The system stops executing the policy and displays an execution failure message if it fails to complete policy execution within 2000 seconds.

[Sysname-rtm-test] running-time 2000

# Specify the network-admin user role for executing the policy.

[Sysname-rtm-test] user-role network-admin

# Enable the policy.

[Sysname-rtm-test] commit

Verifying the configuration

# Display information about the policy.

<Sysname> display rtm policy registered test

Total number: 1

PolicyName    Type    Event        TimeRegistered            User-role

test          CLI     CLI          Apr 21 16:35:00 2012      network-admin

# Enter a question mark (?) at a command line that contains both letters and digits. You can see the "hello world" message and a policy successfully executed message on the terminal screen. (Details not shown.)

Tcl-defined policy configuration example

Network requirements

As shown in Figure 2, use Tcl to create a monitor policy on the Device. This policy meets the following requirements:

·     EAA sends the log message "rtm_tcl_test is running" when a command that contains the dis this string is entered.

·     The system executes the command only after it executes the policy successfully.

Figure 2 Network diagram

Configuration procedure

# Edit a Tcl script (rtm_tcl_test.tcl, in this example) for EAA to send the message "rtm_tcl_test is running" when a command that contains the dis this string is executed.

::comware::rtm::event_register cli sync mode execute pattern dis this user-role network-admin

::comware::rtm::action syslog priority 1 facility local4 msg rtm_tcl_test is running

# Download the Tcl script file from the TFTP server at 1.2.1.1.

<Sysname> tftp 1.2.1.1 get rtm_tcl_test.tcl

# Enter system view.

<Sysname> system-view

# Create the Tcl-defined policy test and bind it to the Tcl script file.

[Sysname] rtm tcl-policy test rtm_tcl_test.tcl

Verifying the configuration

# Display information about the policy.

<Sysname> display rtm policy registered

Total number: 1

PolicyName    Type    Event        TimeRegistered            User-role

test          TCL     CLI          Apr 21 16:33:00 2012      network-admin

# Execute the dis this command. Verify that the system displays the "rtm_tcl_test is running" message and a message that the policy is being successfully executed.

<Sysname> dis this