Chapter 27. Event Monitor
The Event Monitor on an Arista switch is a slick little tool that, according to the documentation, “writes system event records to local files for access by sqlite database commands.” While a technically accurate description, allow me to expand on that a bit.
Event monitor is a process that records certain common events on the switch. As of EOS version 220.127.116.11, the events recorded include changes to the MAC address table (what MAC is mapped to what port), changes to the IP routing table, and changes to the ARP table (MAC address to IP address mapping).
Generally, EOS releases are named in the A.B.C format. When I wrote this chapter, the latest revision was 18.104.22.168, which included an urgent patch serious enough to warrant a minor release. The revision was quickly replaced by 4.9.4, but the newer release did not effect any of the chapters where I used 22.214.171.124.
OK, I’ll admit that still sounds boring, but let’s dig into this tool and see what it does, and how it might be useful.
Using Event Monitor
The home base for using Event Monitor from EOS is the
show event-monitor command. As of EOS v.126.96.36.199,
there are only four options:
sho event-monitor ?arp Monitor ARP table events mac Monitor MAC table events route Monitor routing events sqlite enter a sqlite statment
There are three tables that we can view, and one very cool option
sqlite option lets us send sqlite commands from EOS to the sqlite database, which, as we’ll see, is pretty darn ...