Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Event Policies and Event Notifications Overview

 

Understanding Event Policies and Event Notifications

To diagnose a fault or error condition on a device, you need relevant information about the state of the platform. You can derive state information from event notifications. Event notifications are system log messages and SNMP traps. A Junos OS process called the event process (eventd) receives event notifications—henceforth simply called events—from other Junos OS processes.

Timely diagnosis and intervention can correct error conditions and keep the device in operation. When the eventd process receives events, it can trigger an event policy. Event policies are if-then-else constructs that instruct the eventd process to select specific events, correlate the events, and perform a set of actions upon receipt of the events. These actions can help you diagnose a fault as well as take corrective action. For example, the eventd process can create log files, upload device files to a given destination, issue operational mode commands, or invoke an event script. When an event script is invoked, event details are passed to the event script in the form of XML inputs.

You can configure multiple policies to be processed for an event. The policies are executed in the order in which they appear in the configuration. For each policy, you can configure multiple actions. The actions are also executed in the order in which they appear in the configuration.

Note

In Junos OS Evolved, the order policies appear in may not be the order in which they are executed. Therefore, the behavior is changed so that if one policy has the ignore option, none of the policies associated with the event are executed.

Note

In Junos OS, eventd throws commit time warning messages if there are duplicate policies. In Junos OS Evolved, eventd will not throw any warning messages. It will accept the policy on a first-come, first-serve basis.

Defining Events

Events can originate as SNMP traps or system log messages. The event process receives event messages from other Junos OS processes, such as the routing protocol process (rpd) and the management process (mgd). Figure 1 shows how the event process (eventd) interacts with other Junos OS processes.

Figure 1: Interaction of eventd Process with Other Junos OS Processes
Interaction of eventd Process with
Other Junos OS Processes

When you create an event policy, you define one or more events that trigger the policy. There are a number of ways to determine the events to use in a policy. You can explore events by using the following resources:

  • System Log Explorer website

  • help syslog command in the Junos OS CLI

  • context sensitive help in the Junos OS CLI when you create the event policy

In the Junos OS CLI, to view a list of the events that can be referenced in an event policy, issue the help syslog ? command.

user@host> help syslog ?

You can filter the output of a search by using the pipe (|) symbol. The following example lists the filters that can be used with the pipe symbol:

user@host> help syslog | ?

For more information about using the pipe symbol, see the CLI User Guide.

You can also list events as you configure the event policy. To view a partial list of the events that can be referenced in an event policy, issue the set event-options policy policy-name events ? configuration mode command.

Some of the system log messages that you can reference in an event policy are not listed in the output of the set event-options policy policy-name events ? command. For information about referencing these system log messages in your event policies, see Using Nonstandard System Log Messages to Trigger Event Policies.

In addition, you can generate internal events and reference those in an event policy. For more information, see Generating Internal Events to Trigger Event Policies.

You can also configure an event policy to trigger for a single event or for two or more correlated events. For information about correlating events, see Using Correlated Events to Trigger an Event Policy

Event Policy Actions

You can configure an event policy to execute specific actions in response to events. The event policy can perform one or more of the following actions:

  • Ignore the event—Do not generate a system log message for this event and do not process any further policy instructions for this event.

  • Upload a file—Upload a file to a specified destination. You can specify a transfer delay, so that, on receipt of an event, the upload of the file begins after the configured transfer delay. For example, to upload a core file, a transfer delay can ensure that the core file has been completely generated before the upload begins.

  • Execute Junos OS operational mode commands—Execute commands on receipt of an event. The XML or text output of these commands is stored in a file, which is then uploaded to a specified URL. You can include variables in the command that allow data from the triggering event to be automatically included in the command syntax.

  • Execute Junos OS configuration mode commands—Execute commands to modify the configuration on receipt of an event. Starting in Junos OS Release 12.1, you can configure an event policy to modify the configuration using Junos OS configuration mode commands and then commit the updated configuration.

  • Execute an event script—Execute a Junos OS event script on receipt of an event. Event scripts are Extensible Stylesheet Language Transformations (XSLT), Stylesheet Language Alternative syntaX (SLAX), or Python scripts that you write to perform any function available through Junos XML or Junos XML protocol remote procedure calls (RPCs). For example, a script can run an operational mode command, inspect the command output, and then determine the next appropriate action. This process can be repeated until the source of the problem is determined. The output of the scripts is stored in a file, which is then uploaded to a specified URL. You can include variables in the arguments to the scripts that allow data from the triggering event to be incorporated into the script. Additionally, you can define your own set of arguments that is passed to an event script when it’s invoked.

  • Raise an SNMP trap.

Benefits of Event Policies

Event policies provide the following benefits:

  • Improve network reliability and maximize network uptime by automatically responding to system events, including system log messages, SNMP traps, chassis alarms, and internal timers

  • Shorten troubleshooting time and speed time to resolution for network issues by automating troubleshooting tasks

  • Reduce the time required for manual system monitoring and intervention