Posted on February 8, 2021 6:37 am
 |  Asked by Sven Dummel
 |  55 views
Tags:
RESOLVED
0
0
Print Friendly, PDF & Email

Dear all

I need some help. I need to monitor a highly sensible switch. Every time a special user logs on to the switch I would like to trigger an alarm via email or snmp. Any idea how this can be done?

thx Sven

1
Posted by Manoaj
Answered on February 8, 2021 6:48 am

Hi Sven,

For the switch to send out email alerts, we would need to configure the switch as an email client. Please find more details regarding the same on our EOS Central link here: https://eos.arista.com/email-client-configuration-on-arista-switches/

We need to enable this command for logging for recording any user logs on to the switch or log out of the switch and then enable an event handler to trigger an email.

switch(config)#aaa accounting exec default start-stop logging

For the event-handler, the required action would be to send an email when the logs are recorded.

The below sample event-handler, named “login” is triggered when there is an accounting log recorded in the Syslog. The action calls bash to send the email to a defined destination email (coolitguy@example.com) The system variable $HOSTNAME is used to indicate what switch’s configuration was just changed.

switch(config)#event-handler login
switch(config-handler-login)#trigger on-logging
switch(config-handler-login-logging)#regex .*ACCOUNTING-5-EXEC.*
switch(config-handler-login)#action bash email -i coolitguy@example.com -s "login/logout on $HOSTNAME"
switch(config-handler-login)#delay 10
switch(config-handler-login)#timeout 60

The action/conditional statements can be modified as per your requirement. You could also refer to the following article which provides additional options and you could combine it with email alerts: https://eos.arista.com/syslog-triggered-event-scripts/

In case you have any additional questions or need any further clarifications, please feel free to reach out to support@arista.com

Thanks,
Manoaj

0
Posted by Alexis Dacquay
Answered on February 12, 2021 11:20 am

You can also rely on AAA - accounting; you would have that information on your Radius or TACACS+ server.

Regards,
Alexis

0
Posted by Anderson Cox
Answered on February 13, 2021 9:43 am

Configure SMTP Client for Alert Notification (SNMP) · Log in to a host that has an SNMP tool and the Oracle ILOM MIBs installed.

Post your Answer

You must be logged in to post an answer.