Cisco EEM Script To Email On Successful SSH Login

Here’s a quick EEM script I wrote to email you the information of someone who just SSH’d into the Router successfully.

event manager environment _email_to
event manager environment _email_server X.X.X.X
event manager environment _email_from
event manager applet email
event syslog pattern "SEC_LOGIN-5-LOGIN_SUCCESS"
action 1.0 cli command "enable"
action 2.0 cli command "show users"
action 8.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Successful SSH Login On X Router" body "$_cli_result"
action 9.0 syslog msg "E-mail was sent"

In the above configuration make sure to review the first 3 lines, there are 3 variables that need replacing. The, x.x.x.x (smtp server ip, no auth, port 25), and the

What does the email look like?

The email contains the source IP address and the user name that logged in.

Exit mobile version