Supported Platforms
How Event Policies Work
An event policy is an if-then-else construct. It defines actions to be executed by the eventd process on receipt of an event. You can configure multiple policies to be processed for an event. The policies are executed in the order in which they appear in the configuration. For each policy, you can configure multiple actions. The actions are also executed in the order in which they appear in the configuration.
To view a list of the events that can be referenced in an event policy, issue the help syslog ? command:
user@host> help syslog ?Possible completions:
<syslog-tag> System log tag
ACCT_ACCOUNTING_FERROR Error occurred during file processing
ACCT_ACCOUNTING_FOPEN_ERROR Open operation failed on file
...
You can filter the output of a search by using the pipe (|) symbol. The following example lists the filters that can be used with the pipe symbol:
user@host> help syslog | ?Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the --More-- prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line
For more information about using the pipe symbol, see the CLI User Guide.
You can also list multiple events as you configure the event policy. To view a partial list of the events that can be referenced in an event policy, issue the set event-options policy policy-name events ? configuration mode command:
Some of the system log messages that you can reference in an event policy are not listed in the output of the set event-options policy policy-name events ? command. For information about referencing these system log messages in your event policies, see Using Nonstandard System Log Messages to Trigger Event Policies.
In addition, you can reference internally generated events, which are discussed in Generating Internal Events to Trigger Event Policies.
In response to events, the eventd process can correlate two or more events based on a policy, and execute the following actions:
- Ignore the event—Do not generate a system log message for this event and do not process any further policy instructions for this event.
- Upload a file—Upload a file to a specified destination. You can specify a transfer delay, so that, on receipt of an event, the upload of the file begins after the configured transfer delay. For example, to upload a core file, a transfer delay can ensure that the core file has been completely generated before the upload begins.
- Execute Junos OS operational mode commands—Execute commands on receipt of an event. The XML or text output of these commands is stored in a file, which is then uploaded to a specified URL. You can include variables in the command that allow data from the triggering event to be automatically included in the command syntax.
- Execute Junos OS configuration mode commands—Execute commands to modify the configuration on receipt of an event. Starting with Junos OS Release 12.1, you can configure an event policy to modify the configuration using Junos OS configuration mode commands and then commit the updated configuration.
- Execute Junos OS event scripts—Execute event scripts on receipt of an event. Event scripts are Extensible Stylesheet Transformation (XSLT) or Stylesheet Language Alternative Syntax (SLAX) scripts that you write to perform any function available through Junos XML or Junos XML protocol remote procedure calls (RPCs). Additionally, you can pass to an event script a set of arguments that you define. A script can build and run an operational mode command, receive the command output, inspect the output, and determine the next appropriate action. This process can be repeated until the source of the problem is determined. The output of the scripts is stored in a file, which is then uploaded to a specified URL. You can include variables in the arguments to the scripts that allow data from the triggering event to be incorporated into the script.
- Raise an SNMP trap.
