Event Policies and Event Notifications Overview
Benefits of Event Policies
Event policies provide the following benefits:
-
Improve network reliability and maximize network uptime by automatically responding to system events, including system log messages, SNMP traps, chassis alarms, and internal timers
-
Shorten troubleshooting time and speed time to resolution for network issues by automating troubleshooting tasks
-
Reduce the time required for manual system monitoring and intervention
Understanding Event Policies and Event Notifications
To diagnose a fault or error condition on a device, you need relevant information about the state of the platform. You can derive state information from event notifications. Event notifications are system log messages and SNMP traps. A Junos process called the event process (eventd) receives event notifications—henceforth simply called events—from other Junos processes.
Timely diagnosis and intervention can correct error conditions and keep the device in operation. When the eventd process receives events, it can trigger an event policy. Event policies are if-then-else constructs that instruct the eventd process to select specific events, correlate the events, and perform a set of actions upon receipt of the events. These actions can help you diagnose a fault as well as take corrective action. For example, the eventd process can create log files, upload device files to a given destination, issue operational mode commands, modify the configuration, or invoke an event script. When an event script is invoked, event details are passed to the event script in the form of XML inputs.
You can configure multiple policies to be processed for an event. The policies are executed in the order in which they appear in the configuration. For each policy, you can configure multiple actions. The actions are also executed in the order in which they appear in the configuration.
In Junos OS Evolved, the order policies appear in may not be
the order in which they are executed. Therefore, the behavior is changed
so that if one policy has the ignore option, none of the
policies associated with the event are executed.
In Junos OS, eventd throws commit time warning messages if there are duplicate policies. In Junos OS Evolved, eventd will not throw any warning messages. It will accept the policy on a first-come, first-serve basis.
Defining Events
Events can originate as SNMP traps or system log messages. The event process receives event messages from other Junos processes, such as the routing protocol process (rpd) and the management process (mgd). Figure 1 shows how the event process (eventd) interacts with other Junos processes.
When you create an event policy, you define one or more events that trigger the policy. There are a number of ways to determine the events to use in a policy. You can explore events by using the following resources:
-
help syslogoperational mode command in the CLI -
context sensitive help when you configure the event policy in the CLI
The System Log Explorer application enables you to search the standard system log messages supported for a given operating system and release.
In the CLI, the help syslog ? operational mode command
lists the events that you can reference in an event policy.
user@host> help syslog ? Possible completions: <syslog-tag> System log tag ACCT_ACCOUNTING_FERROR Error occurred during file processing ACCT_ACCOUNTING_FOPEN_ERROR Open operation failed on file ...
You can filter the output of a search by using the pipe
(|) symbol. The following example lists the
filters that can be used with the pipe symbol:
user@host> help syslog | ? Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the --More-- prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line
For more information about using the pipe symbol, see the CLI User Guide.
You can also list events as you configure the event policy. To view a
partial list of the events that can be referenced in an event
policy, issue the set event-options policy
policy-name events ?
configuration mode command.
[edit] user@host# set event-options policy policy-name events ? Possible completions: <event> [ Open a set of values acct_accounting_ferror acct_accounting_fopen_error ...
Some of the system log messages that you can reference in an event policy
are not listed in the output of the set event-options policy
policy-name events ?
command. For information about referencing these system log messages
in your event policies, see Use Nonstandard System Log Messages to Trigger Event Policies.
In addition, you can generate internal events at specific times or time intervals and reference those in an event policy. For more information, see Generate Internal Events to Trigger Event Policies.
You can also configure an event policy to trigger for a single event or for two or more correlated events. For information about correlating events, see Use Correlated Events to Trigger an Event Policy.
In lab environments, you can the Junos logger utility to simulate one or more events that are difficult to reproduce for a given setup. By simulating the events, you can trigger and test event policies that might be difficult to test otherwise. For more information, see Junos Logger Utility.
Event Policy Actions
You can configure an event policy to execute specific actions in response to events. The event policy can perform one or more of the following actions:
Ignore the event—Do not generate a system log message for this event and do not process any further policy instructions for this event.
Upload a file—Upload a file to a specified destination. You can specify a transfer delay, so that, on receipt of an event, the upload of the file begins after the configured transfer delay. For example, to upload a core file, a transfer delay can ensure that the core file has been completely generated before the upload begins.
Execute operational mode commands—Execute commands on receipt of an event. The XML or text output of these commands is stored in a file, which is then uploaded to a specified URL. You can include variables in the command that allow data from the triggering event to be automatically included in the command syntax.
Execute configuration mode commands—Execute commands to modify the configuration on receipt of an event. You can configure an event policy to modify the configuration using configuration mode commands and then commit the updated configuration.
Execute an event script—Execute an event script on receipt of an event. Event scripts are Extensible Stylesheet Language Transformations (XSLT), Stylesheet Language Alternative syntaX (SLAX), or Python scripts that you write to perform any function available through Junos XML or Junos XML protocol remote procedure calls (RPCs). For example, a script can run an operational mode command, inspect the command output, and then determine the next appropriate action. This process can be repeated until the source of the problem is determined. The output of the script is stored in a file, which is then uploaded to a specified URL. You can include variables in the arguments to a script that allow data from the triggering event to be incorporated into the script. Additionally, you can define your own set of arguments that is passed to an event script when it’s invoked.
Raise an SNMP trap.