Contents

Configuring EAA· 1

Overview·· 1

EAA framework· 1

Elements in a monitor policy· 2

EAA environment variables· 3

Configuring a user-defined EAA environment variable· 4

Configuring a monitor policy· 5

Configuration restrictions and guidelines· 5

Configuring a monitor policy from the CLI 5

Configuring a monitor policy by using Tcl 7

Suspending monitor policies· 8

Displaying and maintaining EAA settings· 9

EAA configuration examples· 9

CLI event monitor policy configuration example· 9

Track event monitor policy configuration example· 10

CLI-defined policy with EAA environment variables configuration example· 12

Tcl-defined policy configuration example· 13

 

Configuring EAA

Overview

Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and actions to take in response to an event. It allows you to create monitor policies by using the CLI or Tcl scripts.

EAA framework

EAA framework includes a set of event sources, a set of event monitors, a real-time event manager (RTM), and a set of user-defined monitor policies, as shown in Figure 1.

Figure 1 EAA framework

 

Event sources

Event sources are software or hardware modules that trigger events (see Figure 1).

For example, the CLI module triggers an event when you enter a command. The Syslog module (the information center) triggers an event when it receives a log message.

Event monitors

EAA creates one event monitor to monitor the system for the event specified in each monitor policy. An event monitor notifies the RTM to run the monitor policy when the monitored event occurs.

RTM

RTM manages the creation, state machine, and execution of monitor policies.

EAA monitor policies

A monitor policy specifies the event to monitor and actions to take when the event occurs.

You can configure EAA monitor policies by using the CLI or Tcl.

A monitor policy contains the following elements:

·     One event.

·     A minimum of one action.

·     A minimum of one user role.

·     One running time setting.

For more information about these elements, see "Elements in a monitor policy."

Elements in a monitor policy

Event

Table 1 shows types of events that EAA can monitor.

Table 1 Monitored events

Event type	Description
CLI	CLI event occurs in response to monitored operations performed at the CLI. For example, a command is entered, a question mark (?) is entered, or the Tab key is pressed to complete a command.
Syslog	Syslog event occurs when the information center receives the monitored log within a specific period. NOTE: The log that is generated by the EAA RTM does not trigger the monitor policy to run.
Process	Process event occurs in response to a state change of the monitored process (such as an exception, shutdown, start, or restart). Both manual and automatic state changes can cause the event to occur.
Hotplug	Hotplug event occurs when a card is inserted in or removed from the monitored slot.
Interface	Each interface event is associated with two user-defined thresholds: start and restart. An interface event occurs when the monitored interface traffic statistic crosses the start threshold in the following situations: ·     The statistic crosses the start threshold for the first time. ·     The statistic crosses the start threshold each time after it crosses the restart threshold.
SNMP	Each SNMP event is associated with two user-defined thresholds: start and restart. SNMP event occurs when the monitored MIB variable's value crosses the start threshold in the following situations: ·     The monitored variable's value crosses the start threshold for the first time. ·     The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.
SNMP-Notification	SNMP-Notification event occurs when the monitored MIB variable's value in an SNMP notification matches the specified condition. For example, the broadcast traffic rate on an Ethernet interface reaches or exceeds 30%.
Track	Track event occurs when the state of the track entry changes from Positive to Negative or Negative to Positive. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from Positive to Negative or Negative to Positive. If you set a suppress time for a policy, the timer starts when the policy is triggered. The system does not process the messages that report the track entry Positive-to-Negative or Negative-to-Positive state change until the timer times out.

 

Action

You can create a series of order-dependent actions to take in response to the event specified in the monitor policy.

The following are available actions:

·     Executing a command.

·     Sending a log.

·     Enabling an active/standby switchover.

·     Executing a reboot without saving the running configuration.

User role

For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.

For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4. However, it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.

For more information about user roles, see RBAC in Fundamentals Configuration Guide.

Runtime

Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. This setting prevents system resources from being occupied by incorrectly defined policies.

EAA environment variables

EAA environment variables decouple the configuration of action arguments from the monitor policy so you can modify a policy easily.

An EAA environment variable is defined as a <variable_name variable_value> pair and can be used in different policies. When you define an action, you can enter a variable name with a leading dollar sign ($variable_name). EAA will replace the variable name with the variable value when it performs the action.

To change the value for an action argument, modify the value specified in the variable pair instead of editing each affected monitor policy.

EAA environment variables include system-defined variables and user-defined variables.

System-defined variables

System-defined variables are provided by default, and they cannot be created, deleted, or modified by users. System-defined variable names start with an underscore (_) sign. The variable values are set automatically depending on the event setting in the policy that uses the variables.

System-defined variables include the following types:

·     Public variable—Available for any events.

·     Event-specific variable—Available only for a type of event.

Table 2 shows all system-defined variables.

Table 2 System-defined EAA environment variables by event type

Variable name	Description
Any event:
_event_id	Event ID.
_event_type	Event type.
_event_type_string	Event type description.
_event_time	Time when the event occurs.
_event_severity	Severity level of an event.
CLI:
_cmd	Commands that are matched.
Syslog:
_syslog_pattern	Log message content.
Hotplug:
_slot	ID of the slot where a card hot-swapping occurs.
_subslot	ID of the subslot where a subcard hot-swaping occurs.The device does not support this variable.
Interface:
_ifname	Interface name.
SNMP:
_oid	OID of the MIB variable where an SNMP operation is performed.
_oid_value	Value of the MIB variable.
SNMP trap:
_oid	OID that is included in the SNMP notification.
Process:
_process_name	Process name.

 

User-defined variables

You can use user-defined variables for all types of events.

User-defined variable names can contain digits, characters, and the underscore sign (_), except that the underscore sign cannot be the leading character.

Configuring a user-defined EAA environment variable

Configure a user-defined EAA environment variable before you use it in an action.

To configure a user-defined EAA environment variable:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Configure a user-defined EAA environment variable.	rtm environment var-name var-value	By default, no user-defined environment variables exist. The system provides the system-defined variables in Table 2.

 

Configuring a monitor policy

You can configure a monitor policy by using the CLI or Tcl.

Configuration restrictions and guidelines

When you configure monitor policies, follow these restrictions and guidelines:

·     Make sure the actions in different policies do not conflict. Policy execution result will be unpredictable if policies that conflict in actions are running concurrently.

·     You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.

·     The system executes the actions in a policy in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

Configuring a monitor policy from the CLI

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     (Optional.) Set the size for the EAA-monitored log buffer.	rtm event syslog buffer-size buffer-size	By default, the size for the EAA-monitored log buffer is 50000.
3.     Create a CLI-defined policy and enter its view.	rtm cli-policy policy-name	By default, no CLI-defined monitor policies exist. If a CLI-defined policy already exists, this command enters CLI-defined policy view.
4.     Configure an event in the policy.	·     Configure a CLI event: event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp ·     (In standalone mode.) Configure a hotplug event: event hotplug [ insert | remove ] slot slot-number [ subslot subslot-number ] ·     (In IRF mode.) Configure a hotplug event: event hotplug [ insert | remove ] chassis chassis-number slot slot-number [ subslot subslot-number ] ·     Configure an interface event: event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] ·     (In standalone mode.) Configure a process event: event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ] ·     (In IRF mode.) Configure a process event: event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ] ·     Configure an SNMP event: event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] ·     Configure an SNMP-Notification event: event snmp-notification oid oid oid-val oid-val op op [ drop ] ·     Configure a Syslog event: event syslog priority { priority | all } msg msg occurs times period period ·     Configure a track event: event track track-list state { negative | positive } [ suppress-time suppress-time ]	By default, a monitor policy does not contain an event. You can configure only one event in a monitor policy. If the monitor policy already contains an event, the new event overrides the old event. By default, the device does not support the subslot subslot-number option in the event hotplug command.
5.     Configure the actions to take when the event occurs.	·     Configure a CLI action: action number cli command-line ·     (In standalone mode.) Configure a reboot action: action number reboot [ slot slot-number [ subslot subslot-number ] ] ·     (In IRF mode.) Configure a reboot action: action number reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ] ·     Configure an active/standby switchover action: action number switchover ·     Configure a logging action: action number syslog priority priority facility local-number msg msg-body	By default, a monitor policy does not contain any actions. Repeat this step to add a maximum of 232 actions to the policy. When you define an action, you can specify a value or specify a variable name in $variable_name format for an argument. By default, the device does not support the subslot subslot-number option in the action reboot command.
6.     (Optional.) Assign a user role to the policy.	user-role role-name	By default, a monitor policy contains user roles that its creator had at the time of policy creation. A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect. An EAA policy cannot have both the security-audit user role and any other user roles. Any previously assigned user roles are automatically removed when you assign the security-audit user role to the policy. The previously assigned security-audit user role is automatically removed when you assign any other user roles to the policy.
7.     (Optional.) Configure the policy runtime.	running-time time	The default runtime is 20 seconds.
8.     Enable the policy.	commit	By default, CLI-defined policies are not enabled. A CLI-defined policy can take effect only after you perform this step.

 

Configuring a monitor policy by using Tcl

Step	Command	Remarks
1.     Edit a Tcl script file (see Table 3).	N/A	The supported Tcl version is 8.5.8.
2.     Download the file to the device by using FTP or TFTP.	N/A	For more information about using FTP and TFTP, see Fundamentals Configuration Guide.
3.     Enter system view.	system-view	N/A
4.     Create a Tcl-defined policy and bind it to the Tcl script file.	rtm tcl-policy policy-name tcl-filename	By default, no Tcl policies exist. Make sure the script file is saved on all MPUs. This practice ensures that the policy can run correctly after an active/standby or master/standby switchover occurs or the MPU where the script file resides fails or is removed. This step enables the Tcl-defined policy. To revise the Tcl script of a policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without first suspending these policies.

 

Write a Tcl script in two lines for a monitor policy, as shown in Table 3.

Table 3 Tcl script requirements

Line	Content	Requirements
Line 1	Event, user roles, and policy runtime	This line must use the following format: ::comware::rtm::event_register eventname arg1 arg2 arg3 …user-role role-name1 | [ user-role role-name2 | [ ] ][ running-time running-time ]. The arg1 arg2 arg3 … arguments represent event matching rules. If an argument value contains spaces, use double quotation marks ("") to enclose the value. For example, "a b c."
Line 2	Actions	When you define an action, you can specify a value or specify a variable name in $variable_name format for an argument. The following actions are available: ·     Standard Tcl commands. ·     EAA-specific Tcl commands. ·     Commands supported by the device.

 

Suspending monitor policies

This task suspends all CLI-defined and Tcl-defined monitor policies except for the policies that are running.

To suspend monitor policies:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Suspend monitor policies.	rtm scheduler suspend	To resume monitor polices, use the undo rtm scheduler suspend command.

 

Displaying and maintaining EAA settings

Execute display commands except for the display this command in any view.

 

Task	Command
Display user-defined EAA environment variables.	display rtm environment [ var-name ]
Display EAA monitor policies.	display rtm policy { active | registered [ verbose ] } [ policy-name ]
Display the running configuration of all CLI-defined monitor policies.	display current-configuration
Display the running configuration of a CLI-defined monitor policy in CLI-defined monitor policy view.	display this

 

EAA configuration examples

CLI event monitor policy configuration example

Network requirements

Configure a policy from the CLI to monitor the event that occurs when a question mark (?) is entered at the command line that contains letters and digits.

When the event occurs, the system executes the command and sends the log message "hello world" to the information center.

Configuration procedure

# Create CLI-defined policy test and enter its view.

<Device> system-view

[Device] rtm cli-policy test

# Add a CLI event that occurs when a question mark (?) is entered at any command line that contains letters and digits.

[Device-rtm-test] event cli async mode help pattern [a-zA-Z0-9]

# Add an action that sends the message "hello world" with a priority of 4 from the logging facility local3 when the event occurs.

[Device-rtm-test] action 0 syslog priority 4 facility local3 msg “hello world”

# Add an action that enters system view when the event occurs.

[Device-rtm-test] action 2 cli system-view

# Add an action that creates VLAN 2 when the event occurs.

[Device-rtm-test] action 3 cli vlan 2

# Set the policy runtime to 2000 seconds. The system stops executing the policy and displays an execution failure message if it fails to complete policy execution within 2000 seconds.

[Device-rtm-test] running-time 2000

# Specify the network-admin user role for executing the policy.

[Device-rtm-test] user-role network-admin

# Enable the policy.

[Device-rtm-test] commit

Verifying the configuration

# Display information about the policy.

[Device-rtm-test] display rtm policy registered

Total number: 1

Type  Event      TimeRegistered       PolicyName

CLI   CLI        Aug 29 14:56:50 2017 test

# Enable the information center to output log messages to the current monitoring terminal.

[Device-rtm-test] return

<Device> terminal monitor

# Enter a question mark (?) at a command line that contains a letter d. Verify that the system displays the "hello world" message and a policy successfully executed message on the terminal screen.

<Device> d?

  debugging

  delete

  diagnostic

  diagnostic-logfile

  dir

  display

 

<Device>d%Aug  29 14:57:20:218 2017 Device RTM/4/RTM_ACTION: -MDC=1 "hello world"

%Aug  29 14:58:11:170 2017 Device RTM/6/RTM_POLICY: -MDC=1 CLI policy test is running successfully.

Track event monitor policy configuration example

Network requirements

As shown in Figure 2, Device A has established BGP sessions with Device D and Device E. Traffic from Device D and Device E to the Internet is forwarded through Device A.

Configure a CLI-defined EAA monitor policy on Device A to disconnect the sessions with Device D and Device E when GigabitEthernet 1/0/1 connected to Device C is down. In this way, traffic from Device D and Device E to the Internet can be forwarded through Device B.

Figure 2 Network diagram

‌

Configuration procedures

# Display BGP peer information for Device A.

<DeviceA> display bgp peer ipv4

 

 BGP local router ID: 1.1.1.1

 Local AS number: 100

 Total number of peers: 3                  Peers in established state: 3

 

  * - Dynamically created peer

  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

 

  10.2.1.2                200       13       16    0       0 00:16:12 Established

  10.3.1.2                300       13       16    0       0 00:10:34 Established

  10.3.2.2                300       13       16    0       0 00:10:38 Established

# Create track entry 1 and associate it with the link state of GigabitEthernet 1/0/1.

<DeviceA> system-view

[DeviceA] track 1 interface gigabitethernet 1/0/1

# Configure a CLI-defined EAA monitor policy so that the system automatically disables session establishment with Device D and Device E when GigabitEthernet 1/0/1 is down.

[DeviceA] rtm cli-policy test

[DeviceA-rtm-test] event track 1 state negative

[DeviceA-rtm-test] action 0 cli system-view

[DeviceA-rtm-test] action 1 cli bgp 100

[DeviceA-rtm-test] action 2 cli peer 10.3.1.2 ignore

[DeviceA-rtm-test] action 3 cli peer 10.3.2.2 ignore

[DeviceA-rtm-test] user-role network-admin

[DeviceA-rtm-test] commit

[DeviceA-rtm-test] quit

Verifying the configuration

# Shut down GigabitEthernet 1/0/1.

[DeviceA] interface gigabitethernet 1/0/1

[DeviceA-GigabitEthernet1/0/1] shutdown

# Execute the display bgp peer ipv4 command on Device A to display BGP peer information. If no BGP peer information is displayed, Device A does not have any BGP peers.

CLI-defined policy with EAA environment variables configuration example

Network requirements

Define an environment variable to match the IP address 1.1.1.1.

Configure a policy from the CLI to monitor the event that occurs when a command line that contains loopback0 is executed. In the policy, use the environment variable for IP address assignment.

When the event occurs, the system performs the following tasks:

·     Creates the Loopback 0 interface.

·     Assigns 1.1.1.1/24 to the interface.

·     Sends the matching command line to the information center.

Configuration procedure

# Configure an EAA environment variable for IP address assignment. The variable name is loopback0IP, and the variable value is 1.1.1.1.

<Device> system-view

[Device] rtm environment loopback0IP 1.1.1.1

# Create the CLI-defined policy test and enter its view.

[Device] rtm cli-policy test

# Add a CLI event that occurs when a command line that contains loopback0 is executed.

[Device-rtm-test] event cli async mode execute pattern loopback0

# Add an action that enters system view when the event occurs.

[Device-rtm-test] action 0 cli system-view

# Add an action that creates the interface Loopback 0 and enters loopback interface view.

[Device-rtm-test] action 1 cli interface loopback 0

# Add an action that assigns the IP address 1.1.1.1 to Loopback 0. The loopback0IP variable is used in the action for IP address assignment.

[Device-rtm-test] action 2 cli ip address $loopback0IP 24

# Add an action that sends the matching loopback0 command with a priority of 0 from the logging facility local7 when the event occurs.

[Device-rtm-test] action 3 syslog priority 0 facility local7 msg $_cmd

# Specify the network-admin user role for executing the policy.

[Device-rtm-test] user-role network-admin

# Enable the policy.

[Device-rtm-test] commit

[Device-rtm-test] return

<Device>

Verifying the configuration

# Enable the information center to output log messages to the current monitoring terminal.

<Device> terminal monitor

# Execute the loopback0 command. Verify that the system displays the loopback0 message and a policy successfully executed message on the terminal screen.

<Device> system-view

[Device] interface loopback0

[Device]

%Jan  3 09:46:10:592 2017 Device RTM/7/RTM_ACTION: -MDC=1 interface loopback0

%Jan  3 09:46:10:613 2017 Device RTM/6/RTM_POLICY: -MDC=1 CLI policy test is running successfully.

# Verify that Loopback 0 has been created and assigned the IP address 1.1.1.1.

[Device] display interface loopback brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP         Description

Loop0                UP   UP(s)    1.1.1.1

 

[Device]

Tcl-defined policy configuration example

Network requirements

As shown in Figure 3, use Tcl to create a monitor policy on the Device. This policy must meet the following requirements:

·     EAA sends the log message "rtm_tcl_test is running" when a command that contains the display this string is entered.

·     The system executes the command only after it executes the policy successfully.

Figure 3 Network diagram

Configuration procedure

# Edit a Tcl script file (rtm_tcl_test.tcl, in this example) for EAA to send the message "rtm_tcl_test is running" when a command that contains the display this string is executed.

::comware::rtm::event_register cli sync mode execute pattern display this user-role network-admin

::comware::rtm::action syslog priority 1 facility local4 msg rtm_tcl_test is running

# Download the Tcl script file from the TFTP server at 1.2.1.1.

<Device> tftp 1.2.1.1 get rtm_tcl_test.tcl

# Create Tcl-defined policy test and bind it to the Tcl script file.

<Device> system-view

[Device] rtm tcl-policy test rtm_tcl_test.tcl

[Device] quit

Verifying the configuration

# Display information about the policy.

<Device> display rtm policy registered

Total number: 1

Type  Event      TimeRegistered       PolicyName

TCL   CLI        Aug 29 14:54:50 2017 test

# Enable the information center to output log messages to the current monitoring terminal.

<Device> terminal monitor

# Execute the display this command. Verify that the system displays the rtm_tcl_test is running message and a message that the policy is being successfully executed.

<Device> display this

#

return

<Device>%Jun  4 15:02:30:354 2017 Device RTM/1/RTM_ACTION: -MDC=1 rtm_tcl_test is running

%Jun  4 15:02:30:382 2017 Device RTM/6/RTM_POLICY: -MDC=1 TCL policy test is running successfully.