03-04-2008 11:54 PM
How can I have a log generated on a router incase of NAT POOL depletion using EEM
The show ip nat statistics command would return the percentage X of addresses used in a NAT pool.
In case the percentage X = or > 80% a logg should be triggered and if possible it has to send a small email notification if possible.
Has anyone done the scripting for this before. If so could you please me know.
Solved! Go to Solution.
03-05-2008 02:09 PM
Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:
Router#mkdir flash:/policies
Then copy the script into that directory:
Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies
Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:
event manager environment nat_pool_name hotspot
event manager environment nat_pool_threshold 80
Then you will need to tell EEM where to find user policies:
event manager directory policy flash:/policies
Then register the nat-pool-pol.tcl policy:
event manager policy nat-pool-pol.tcl type user
The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.
03-05-2008 08:46 AM
Please post an example output of the show ip nat statistics.
03-05-2008 09:40 AM
Here is a the output..
7206VXR#sh ip nat statistics
** concatinated output **
Hits: 18226897 Misses: 218029
CEF Translated packets: 17341492, CEF Punted packets: 1069060
Expired translations: 539664
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 pool hotspot refcount 468
pool hotspot: netmask 255.255.255.0
start X.X.X.10 end X.X.X.254
type generic, total addresses 245, allocated 108 (44%), misses 0
Queued Packets: 0
03-05-2008 09:42 AM
What version of IOS is this?
03-05-2008 01:50 PM
The image on the router is :
12.3(14) T4
03-05-2008 02:09 PM
Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:
Router#mkdir flash:/policies
Then copy the script into that directory:
Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies
Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:
event manager environment nat_pool_name hotspot
event manager environment nat_pool_threshold 80
Then you will need to tell EEM where to find user policies:
event manager directory policy flash:/policies
Then register the nat-pool-pol.tcl policy:
event manager policy nat-pool-pol.tcl type user
The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.
03-05-2008 02:20 PM
Thanks a lot !
Will try this out and let you know on the outcome.
Just one question though ? is the tcl script written capable of sending the syslog message to an smtp server so as to send a mail to the operator ?
03-05-2008 02:51 PM
This version will send email using the attached template. You must also copy the template to somewhere on flash. Then, you will need to set the following additional EEM environment variables:
nat_pool_email_template : fully-qualified path to the email template in flash
_email_server : SMTP server
_email_from : From email address
_email_to : To email address
_email_cc : Optional email Cc address
If all of those are properly set, the script will send an email and a syslog message when the threshold is reached.
03-06-2008 02:03 AM
I have applied the scripts and the necessary configuration.
It works fine. I am yet to test the email faciltity for the logs generated.
Thanks once again for your help. Appreciate it !
06-23-2010 06:15 AM
Hi
It is possible to modify this script to send message to syslog when Total active translations reaches specified threshold?
06-23-2010 11:49 AM
It already does that. The product if this script is to send a syslog message when the NAT translation pool crosses a configurable threshold. The message will look like:
NAT pool [pool] is at [usage]% capacity
06-23-2010 12:11 PM
But we are using NAT with overload where is only one address in pool so allocated addresses are always 100%
NAT pool is at 100% capacit all the time
for example:
Router#sh ip nat stat
Total active translations: 137 (0 static, 137 dynamic; 137 extended)
Peak translations: 34, occurred 04:10:00 ago
Outside interfaces:
FastEthernet1/0
Inside interfaces:
FastEthernet1/1
Hits: 7805 Misses: 0
CEF Translated packets: 7443, CEF Punted packets: 384
Expired translations: 358
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 7 pool pula refcount 1
pool pula: netmask 255.255.255.0
start 192.168.1.146 end 192.168.1.146
type generic, total addresses 1, allocated 1 (100%), misses 0
So for us perfect sollution would be send msg to syslog (or trap) when Total active translations exceeds some threshold for example 800.
06-23-2010 01:01 PM
I suppose in your case, you could match on the total number of static and dynamic translations, and subtract that from 65536 to get the capacity.
06-23-2010 01:54 PM
First sorry for my English.
I tried to modify script nat-pool-pol.tcl but i don't know to much about tcl.
I tried change regexp to get value from "Total active translations:" field and compare to nat_pool_threshold. But i am not programer. I thhink it is simples sollution and could work. But nothing happend.
Could you help me? please.
06-23-2010 05:23 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide