Chapter 27. Event Monitor

The Event Monitor on an Arista switch is a slick little tool that, according to the documentation, “writes system event records to local files for access by sqlite database commands.” While a technically accurate description, allow me to expand on that a bit.

Event monitor is a process that records certain common events on the switch. As of EOS version 4.9.3.2, the events recorded include changes to the MAC address table (what MAC is mapped to what port), changes to the IP routing table, and changes to the ARP table (MAC address to IP address mapping).

Note

Generally, EOS releases are named in the A.B.C format. When I wrote this chapter, the latest revision was 4.9.3.2, which included an urgent patch serious enough to warrant a minor release. The revision was quickly replaced by 4.9.4, but the newer release did not effect any of the chapters where I used 4.9.3.2.

OK, I’ll admit that still sounds boring, but let’s dig into this tool and see what it does, and how it might be useful.

Using Event Monitor

The home base for using Event Monitor from EOS is the show event-monitor command. As of EOS v.4.9.3.2, there are only four options:

Arista#sho event-monitor ?
  arp     Monitor ARP table events
  mac     Monitor MAC table events
  route   Monitor routing events
  sqlite  enter a sqlite statment

There are three tables that we can view, and one very cool option named sqlite. The sqlite option lets us send sqlite commands from EOS to the sqlite database, which, as we’ll see, is pretty darn ...

Get Arista Warrior now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Arista Warrior by Gary A. Donahue

Chapter 27. Event Monitor

Note

Using Event Monitor

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly