EEM event cli command options and the _exit_status variable
Upendra wrote the following comment to my “EEM CLI patterns are not context sensitive” post:
I am totally confused with sync yes|no skip yes|no. What is the mean of sync and skip, when we use these keywords and what is the mean of yes and no.
The online documentation on this topic is pretty extensive, but obviously not explicit enough, so let’s try to reword it.
When you use the sync yes option in the event cli command, the EEM applet runs before the CLI command is executed. The EEM applet should set the _exit_status variable to indicate whether the CLI command should be executed (_exit_status set to one) or not (_exit_status set to zero). A sample applet using the _exit_status variable in described in my “Schedule reload before configuring the router” post.
With the sync no option, the EEM applet is executed in background in parallel with the CLI command. As the CLI command starts at the same time as the EEM applet, you cannot use the _exit_status variable anymore; you have to specify whether you want the CLI command to execute with the skip yes|no option of the event cli command. A sample applet using sync no skip yes options is described in my “Can you disable the reload command?” post.
It's a perfect platform for any attack. Almost impossible to detect.
I don't have any malicious activities in my mind actually. Just the first thought. :)
It's a perfect platform for any attack. Almost impossible to detect.
I don't have any malicious activities in my mind actually. Just the first thought. :)
Is there any scenario when we use "sync no skip no" ?
http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html
I want to try to stop the changes for local-preference. I use the applet:
event manager applet test
event cli pattern "set local-preference" sync yes
action 1.0 set _exit_status "0"
As far as I understood the command should not be executed but actually the set statement is present in the route-map.
Am I mistaken or this is not possible ?