Chapter 28. Event Monitor
The Event Monitor on an Arista switch is a slick little tool that, according to the documentation, “writes system event records to local files for access by SQLite database commands.” Although this is a technically accurate description, allow me to expand on that a bit.
Event Monitor is a process that records certain common events on the switch. As of EOS version 4.17.2F, the events recorded included changes to the Address Resolution Protocol (ARP) table, the Internet Group Management Protocol (IGMP) snooping table, the Link Aggregation Control Protocol (LACP) table, the MAC address table, the mroute table, and the IP routing table. Modern revisions record even more.
OK, I’ll admit that still sounds boring, but let’s dig into this tool and see what it does and how it might be useful.
Using Event Monitor
The home base for using Event Monitor from EOS is the show event-monitor command. As of EOS 4.21.1F, there are a pile of options. In the first edition of Arista Warrior, there were only four. That book was also written when EOS 4.9 was current. Here are the options in 4.21.1F:
Arista#sho event-monitor ? all Monitor all events arp Monitor ARP table events backup backed up log files buffer local buffer settings igmpsnooping Monitor IGMP snooping table events lacp Monitor LACP table events mac Monitor MAC table events mroute Monitor mroute table events route Monitor routing events <cr>
There are a bunch of tables that we can view, and one very cool option ...
Get Arista Warrior, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
