Event Policies and Event Notifications Overview
Understanding Event Policies and Event Notifications
To diagnose a fault or error condition on a device, you need relevant information about the state of the platform. You can derive state information from event notifications. Event notifications are system log messages and SNMP traps. A Junos OS process called the event process (eventd) receives event notifications—henceforth simply called events—from other Junos OS processes.
Timely diagnosis and intervention can correct error conditions and keep the device in operation. When the eventd process receives events, it can trigger an event policy. Event policies are if-then-else constructs that instruct the eventd process to select specific events, correlate the events, and perform a set of actions upon receipt of the events. These actions can help you diagnose a fault as well as take corrective action. For example, the eventd process can create log files, upload device files to a given destination, issue operational mode commands, or invoke an event script. When an event script is invoked, event details are passed to the event script in the form of XML inputs.
You can configure multiple policies to be processed for an event. The policies are executed in the order in which they appear in the configuration. For each policy, you can configure multiple actions. The actions are also executed in the order in which they appear in the configuration.
In Junos OS Evolved, the order policies appear in may not be the order in which they are executed. Therefore, the behavior is changed so that if one policy has the ignore option, none of the policies associated with the event are executed.
In Junos OS, eventd throws commit time warning messages if there are duplicate policies. In Junos OS Evolved, eventd will not throw any warning messages. It will accept the policy on a first-come, first-serve basis.
Events can originate as SNMP traps or system log messages. The event process receives event messages from other Junos OS processes, such as the routing protocol process (rpd) and the management process (mgd). Figure 1 shows how the event process (eventd) interacts with other Junos OS processes.
When you create an event policy, you define one or more events that trigger the policy. There are a number of ways to determine the events to use in a policy. You can explore events by using the following resources:
System Log Explorer website
help syslog command in the Junos OS CLI
context sensitive help in the Junos OS CLI when you create the event policy
In the Junos OS CLI, to view a list of the events that can be referenced in an event policy, issue the help syslog ? command.
user@host> help syslog ?
<syslog-tag> System log tag
ACCT_ACCOUNTING_FERROR Error occurred during file processing
ACCT_ACCOUNTING_FOPEN_ERROR Open operation failed on file
You can filter the output of a search by using the pipe (|) symbol. The following example lists the filters that can be used with the pipe symbol:
user@host> help syslog | ?
Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the --More-- prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line
For more information about using the pipe symbol, see the CLI User Guide.
You can also list events as you configure the event policy. To view a partial list of the events that can be referenced in an event policy, issue the set event-options policy policy-name events ? configuration mode command.
Some of the system log messages that you can reference in an event policy are not listed in the output of the set event-options policy policy-name events ? command. For information about referencing these system log messages in your event policies, see Using Nonstandard System Log Messages to Trigger Event Policies.
In addition, you can generate internal events and reference those in an event policy. For more information, see Generating Internal Events to Trigger Event Policies.
You can also configure an event policy to trigger for a single event or for two or more correlated events. For information about correlating events, see Using Correlated Events to Trigger an Event Policy
Event Policy Actions
You can configure an event policy to execute specific actions in response to events. The event policy can perform one or more of the following actions:
Ignore the event—Do not generate a system log message for this event and do not process any further policy instructions for this event.
Upload a file—Upload a file to a specified destination. You can specify a transfer delay, so that, on receipt of an event, the upload of the file begins after the configured transfer delay. For example, to upload a core file, a transfer delay can ensure that the core file has been completely generated before the upload begins.
Execute Junos OS operational mode commands—Execute commands on receipt of an event. The XML or text output of these commands is stored in a file, which is then uploaded to a specified URL. You can include variables in the command that allow data from the triggering event to be automatically included in the command syntax.
Execute Junos OS configuration mode commands—Execute commands to modify the configuration on receipt of an event. Starting in Junos OS Release 12.1, you can configure an event policy to modify the configuration using Junos OS configuration mode commands and then commit the updated configuration.
Execute an event script—Execute a Junos OS event script on receipt of an event. Event scripts are Extensible Stylesheet Language Transformations (XSLT), Stylesheet Language Alternative syntaX (SLAX), or Python scripts that you write to perform any function available through Junos XML or Junos XML protocol remote procedure calls (RPCs). For example, a script can run an operational mode command, inspect the command output, and then determine the next appropriate action. This process can be repeated until the source of the problem is determined. The output of the scripts is stored in a file, which is then uploaded to a specified URL. You can include variables in the arguments to the scripts that allow data from the triggering event to be incorporated into the script. Additionally, you can define your own set of arguments that is passed to an event script when it’s invoked.
Raise an SNMP trap.
Benefits of Event Policies
Event policies provide the following benefits:
Improve network reliability and maximize network uptime by automatically responding to system events, including system log messages, SNMP traps, chassis alarms, and internal timers
Shorten troubleshooting time and speed time to resolution for network issues by automating troubleshooting tasks
Reduce the time required for manual system monitoring and intervention