Cisco EEM Script To Email On Successful SSH Login

Here’s a quick EEM script I wrote to email you the information of someone who just SSH’d into the Router successfully.

event manager environment _email_to destemail@domain.com
event manager environment _email_server X.X.X.X
event manager environment _email_from fromemail@domain.com
event manager applet email
event syslog pattern "SEC_LOGIN-5-LOGIN_SUCCESS"
action 1.0 cli command "enable"
action 2.0 cli command "show users"
action 8.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Successful SSH Login On X Router" body "$_cli_result"
action 9.0 syslog msg "E-mail was sent"

In the above configuration make sure to review the first 3 lines, there are 3 variables that need replacing. The destemail@domain.com, x.x.x.x (smtp server ip, no auth, port 25), and the fromemail@domain.com

What does the email look like?

The email contains the source IP address and the user name that logged in.

Exit mobile version