Cisco EEM Script to Email On Successful Anyconnect Login Of Router

Here is an EEM script that will email you information about a user who just logged into the Router via anyconnect

event manager environment _email_to destemail@domain.com
event manager environment _email_server X.X.X.X
event manager environment _email_from fromemail@domain.com
event manager applet anyconnectemail
event syslog pattern "SSLVPN-5-LOGIN_AUTH_PASSED"
action 1.0 cli command "enable"
action 2.0 cli command "show webvpn session context all"
action 8.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Successful Anyconnect Login On X Router" body "$_cli_result"
action 9.0 syslog msg "E-mail was sent"

Replace your variables in the first 3 lines with your destination address, smtp server IP (no auth, port 25), and from address.

Now what does the email look like? Unfortunately I haven’t formatted the email via HTML, so the command output is a little ugly but you still get the username and source IP of successful logins.

image 2

In red I have removed my username and IP address, and my Router name.

Exit mobile version