03-08-2016 02:49 AM
Hey all, I need some help with the TCL scripting. I've deploying the TCL scripts to be triggered by an SNMP notification but they are not working; on the routers I have it installed on the TCL script doesn't kick off when it receives the trap.
::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.33333.2.0 oid_val "New NHC" op eq
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
set acl_ip {}
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}
if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}
if {$_cerrno !=0} {
set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
error $result
}
foreach snmp_item [array names arr_einfo 1_3_6_1_4_1_33333_3_0 ] {
if [catch {cli_exec $cli1(fd) "show access-list INBOUND | i $arr_einfo($snmp_item) "} _cli_result] {
error $_cli_result $errorInfo
}
set acl_data $_cli_result
foreach acl_line [split $acl_data "\n"] {
if [regexp {[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+} $acl_line acl_ip] {
lappend acl_ip $acl_ip }
}
if { $acl_ip == {}} {
if [catch {cli_exec $cli1(fd) "configure terminal"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "ip access-list extended INBOUND"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "no deny ip any any log"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "permit ip host $arr_einfo($snmp_item) any"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "deny ip any any log"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "end"} _cli_result] {
error $_cli_result $errorInfo
}
if [catch {cli_exec $cli1(fd) "write memory"} _cli_result] {
error $_cli_result $errorInfo
}
action_syslog priority warning msg "Host $arr_einfo($snmp_item) added to the INBOUND access-list"
}
}
and the config on that router for SNMP:
snmp-server community ****** RO 23
snmp-server trap-source GigabitEthernet2
snmp-server manager
and the debug of it receiving the trap:
*Mar 3 12:33:33.736: SNMP: Packet received via UDP from 10.20.249.253 on Tunnel1
*Mar 3 12:33:33.736: SNMP: V2 Trap, reqid 3353, errstat 0, erridx 0
sysUpTime.0 = 287828652
snmpTrapOID.0 = enterprises.33333.1.0.1
enterprises.33333.2.0 = New NHC
enterprises.33333.3.0 = 60.199.50.34
Solved! Go to Solution.
04-11-2016 10:03 AM
I was finally able to test this locally, and it works for me. I registered this policy on a 1941 running 15.5(2)T1:
::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.33333.2.0 oid_val 1234 op eq direction incoming
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
set acl_ip {}
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}
if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}
if {$_cerrno !=0} {
set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
error $result
}
action_syslog msg "Executed policy successfully"
Then, I tested it using the net-snmp snmptrap command:
snmptrap -v 1 -c public pi-rsquared enterprises.33333.1 192.168.1.1 6 1 '' enterprises.33333.2.0 i 1234 enterprises.33333.3.0 a 60.199.50.34
And here's what I see:
Apr 11 12:49:23.261: SNMP: Packet received via UDP from 192.168.1.1 on Vlan1
Apr 11 12:49:23.261: SNMP: V1 Trap, ent enterprises.33333.1, addr 192.168.1.1, gentrap 6, spectrap 1
enterprises.33333.2.0 = 1234
enterprises.33333.3.0 = 60.199.50.34
Apr 11 12:49:23.269: dest ip addr= 192.168.1.39
Apr 11 12:49:23.269: dest if_index = 14
Apr 11 12:49:23.853: %HA_EM-6-LOG: sn_trap_test.tcl: Executed policy successfully
What you might be seeing is a bug with trap reception on Tunnel interfaces. Can you try sending the trap so that the device receives it on a non-tunnel interface?
03-08-2016 07:29 PM
There is a bug where EEM doesn't process v2 traps. Make sure you send traps as v1 and it should trigger.
03-09-2016 03:41 AM
Thanks Joe for that, but still on luck :(
*Mar 9 11:43:47.156: SNMP: Packet received via UDP from 10.20.249.253 on Tunnel1
*Mar 9 11:43:47.156: SNMP: V1 Trap, ent enterprises.33333.1, addr 10.20.249.253, gentrap 6, spectrap 1
enterprises.33333.2.0 = New NHC
enterprises.33333.3.0 = 60.199.50.34
I also had "debug event manager all" on and nothing happened at all.
03-09-2016 01:10 PM
Try changing your 2.0 OID to be an integer and match on the integer value.
03-10-2016 07:26 AM
Hey Joe, tried that, no change:
Insights_Tech_DMVPN_RT2#
*Mar 10 15:29:02.659: SNMP: Packet received via UDP from 10.20.249.253 on Tunnel1
*Mar 10 15:29:02.659: SNMP: V1 Trap, ent enterprises.33333.1, addr 10.20.249.253, gentrap 6, spectrap 1
enterprises.33333.2.0 = 1234
enterprises.33333.3.0 = 60.199.50.34
Insights_Tech_DMVPN_RT2#
03-25-2016 01:03 PM
I assumed you also updated your EEM Tcl policy and reregistered it?
If so, try adding "direction incoming" to the event registration line so that incoming traps are processed.
04-01-2016 06:12 AM
Hi, also didn't work. Here's the data:
deb event manager all
All possible Embedded Event Manager debugging has been turned on
bigd-dmvpn-rt2#
*Apr 1 13:12:26.630: SNMP: Packet received via UDP from 10.20.249.253 on Tunnel1
*Apr 1 13:12:26.630: SNMP: V1 Trap, ent enterprises.33333.1, addr 10.20.249.253, gentrap 6, spectrap 1
enterprises.33333.2.0 = 1234
enterprises.33333.3.0 = 60.199.50.34
sh event manager policy registered
No. Class Type Event Type Trap Time Registered Name
1 script user snmp_notification Off Fri Apr 1 12:31:57 2016 receive_nhrp_trap.tcl
oid {1.3.6.1.4.1.33333.2.0} oid-val {1234} op eq direction incoming
nice 0 queue-priority normal maxrun 20.000 scheduler rp_primary Secu none
______________________
more bootflash:receive_nhrp_trap.tcl
::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.33333.2.0 oid_val 1234 op eq direction incoming
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
set acl_ip {}
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}
if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}
if {$_cerrno !=0} {
set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
error $result
}
foreach snmp_item [array names arr_einfo 1_3_6_1_4_1_33333_3_0 ] {
if [catch {cli_exec $cli1(fd) "show access-list INBOUND | i $arr_einfo($snmp_item) "} _cli_result] {
error $_cli_result $errorInfo
}
set acl_data $_cli_result
foreach acl_line [split $acl_data "\n"] {
if [regexp {[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+} $acl_line acl_ip] {
lappend acl_ip $acl_ip }
}
if { $acl_ip == {}} {
04-11-2016 10:03 AM
I was finally able to test this locally, and it works for me. I registered this policy on a 1941 running 15.5(2)T1:
::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.33333.2.0 oid_val 1234 op eq direction incoming
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
set acl_ip {}
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}
if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}
if {$_cerrno !=0} {
set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
error $result
}
action_syslog msg "Executed policy successfully"
Then, I tested it using the net-snmp snmptrap command:
snmptrap -v 1 -c public pi-rsquared enterprises.33333.1 192.168.1.1 6 1 '' enterprises.33333.2.0 i 1234 enterprises.33333.3.0 a 60.199.50.34
And here's what I see:
Apr 11 12:49:23.261: SNMP: Packet received via UDP from 192.168.1.1 on Vlan1
Apr 11 12:49:23.261: SNMP: V1 Trap, ent enterprises.33333.1, addr 192.168.1.1, gentrap 6, spectrap 1
enterprises.33333.2.0 = 1234
enterprises.33333.3.0 = 60.199.50.34
Apr 11 12:49:23.269: dest ip addr= 192.168.1.39
Apr 11 12:49:23.269: dest if_index = 14
Apr 11 12:49:23.853: %HA_EM-6-LOG: sn_trap_test.tcl: Executed policy successfully
What you might be seeing is a bug with trap reception on Tunnel interfaces. Can you try sending the trap so that the device receives it on a non-tunnel interface?
04-12-2016 03:06 AM
Ok, finally found the problem, it was really me. I had the community value wrong on the snmp trap I was sending. All is working now.
Thanks
Rodrigo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide