07-29-2013 07:32 AM
So once again I am trying to figure this out and failing miserably. The only thin I can think of at the moment is that I need to tell it to source from a specific vrf interface. I've tried looking through possible enviornment variables. Hoping I could set it that way but have yet to find one. I have read varios settings for source-interface and attempted them. But fail every time with:
vpn_failure.tcl: smtp_send_email: error connecting to mail server:
EEM Version:
sho event manager version
Embedded Event Manager Version 4.00
Component Versions:
eem: (rel4)1.0.4
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.0
Below is the stock format for sending the email from the script. If someone could guide me in the correct way to set this up to source the interface that would be awesome.
# create mail form
action_syslog msg "Creating mail header for vpn_failure.tcl script..."
set body [format "Mailservername: %s" "$_email_server"]
set body [format "%s\nFrom: %s" "$body" "$_email_from"]
set body [format "%s\nTo: %s" "$body" "$_email_to"]
set _email_cc ""
set body [format "%s\nCc: %s" "$body" ""]
set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
set body [format "%s\n%s" "$body" "Report Summary:"]
set body [format "%s\n%s" "$body" " - syslog message"]
set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]
set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]
set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]
set body [format "%s\n%s" "$body" " - show crypto session detail"]
set body [format "%s\n%s" "$body" " - show crypto engine connection active"]
set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]
set body [format "%s\n%s" "$body" " - show log"]
set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
set body [format "%s\n%s" "$body" "$syslog_msg"]
set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_route"]
set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
set body [format "%s\n\n%s" "$body" "$show_log"]
if [catch {smtp_send_email $body} result] {
action_syslog msg "smtp_send_email: $result"
}
07-29-2013 01:44 PM
I got this far, saw the MAXRUN error, bumped that out and then turned on debugging. I am still not connecting to the mail server. So I don't think I am reaching the mail server yet. I don't think it is using the sourceinterface. In debugging everyting in the script works except for the mail portion.
Jul 29 16:01:00.334: %HA_EM-6-LOG: vpn_failure.tcl: Creating mail header for vpn_failure.tcl script...
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: while executing
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "action_syslog msg "smtp_send_email: $result""
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "$slave eval $Contents"
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: (procedure "eval_script" line 7)
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "eval_script slave $scriptname"
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "if {$security_level == 1} { #untrusted script
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp create -safe slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdin slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdout slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: ..."
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)
Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Tcl policy execute failed:
Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
Debugging On:
Jul 29 16:28:51.471: [fh_smtp_debug_cmd]
Jul 29 16:28:51.472: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 2
Jul 29 16:29:24.473: [fh_smtp_debug_cmd]
Jul 29 16:29:24.473: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 3
Jul 29 16:29:57.475: [fh_smtp_debug_cmd]
Jul 29 16:29:57.475: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 4
Jul 29 16:30:30.478: [fh_smtp_debug_cmd]
Jul 29 16:30:30.479: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 5
Jul 29 16:31:00.482: %HA_EM-6-LOG: vpn_failure.tcl: smtp_send_email: error connecting to mail server:
cannot connect to all the candidate mail servers
Jul 29 16:31:00.483: %HA_EM-6-LOG: vpn_failure.tcl: vpn_failure.tcl script completed
______________________________________________________________________________
event manager environment _email_server 10.79.1.126
event manager environment _email_from SEVCINRT01@group.com
event manager environment _email_to infrastructure_team@group.com
interface Port-channel1.101
description MGMT-1
encapsulation dot1Q 101
vrf forwarding MGMT-1
ip address 10.79.1.252 255.255.255.0
ip nat inside
ip virtual-reassembly
redundancy rii 101
redundancy group 2 ip 10.79.1.254 exclusive decrement 10
end
#----------------------- send mail ----------------------
#
# create mail form
action_syslog msg "Creating mail header for vpn_failure.tcl script..."
set body [format "Mailservername: %s" "$_email_server"]
set body [format "%s\nFrom: %s" "$body" "$_email_from"]
set body [format "%s\nTo: %s" "$body" "$_email_to"]
set _email_cc ""
set body [format "%s\nCc: %s" "$body" "blah@group.com"]
set body [format "%s\nSourceintf: %s" "$body" "port-channel1.101"]
set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
set body [format "%s\n%s" "$body" "Report Summary:"]
set body [format "%s\n%s" "$body" " - syslog message"]
set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]
set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]
set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]
set body [format "%s\n%s" "$body" " - show crypto session detail"]
set body [format "%s\n%s" "$body" " - show crypto engine connection active"]
set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]
set body [format "%s\n%s" "$body" " - show log"]
set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
set body [format "%s\n%s" "$body" "$syslog_msg"]
set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_route"]
set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
set body [format "%s\n\n%s" "$body" "$show_log"]
if [catch {smtp_send_email $body} result] {
action_syslog msg "smtp_send_email: $result"
}
action_syslog msg "vpn_failure.tcl script completed"
#------------------ end of send mail --------------------
07-30-2013 05:42 PM
It doesn't appear you're setting the VRF name to MGMT-1 in your email header. You'll need to do that as well.
07-31-2013 06:47 AM
So, I'm lost then on that one. How does one do that?
08-02-2013 06:38 PM
We had talked about it, but you didn't add it to your script:
set body [format "%s\nVrf: %s" "$body" "$_vrf"]
That needs to come right after the Sourceintf header.
09-16-2013 06:13 AM
Hi all, I am also very interested to specifiy the source interface and the vrf. Otherwise I am not able to reach the smtp mail gateway. Even though I have specified the source interface as well as the vrf I get the error message "
smtp_send_email: error connecting to mail server"
My script looks as follow:
# create mail form
action_syslog msg "Creating mail header..."
set body [format "Mailservername: %s" "$_email_server"]
set body [format "%s\nFrom: %s" "$body" "$_email_from"]
set body [format "%s\nTo: %s" "$body" "$_email_to"]
set body [format "%s\nCc: %s" "$body" ""]
set body [format "%s\nSourceintf: %s" "$body" "GigabitEthernet0/0.2096"]
set body [format "%s\nVrf: %s" "$body" "EGL-dmvpn"]
set body [format "%s\nSubject: %s\n" "$body" "$routername Detected an Eigrp Neighbor Change"]
set body [format "%s\n%s" "$body" "Report Summary for $routername:"]
set body [format "%s\n%s" "$body" " - Syslog message"]
set body [format "%s\n%s" "$body" " - Show version"]
set body [format "%s\n%s" "$body" " - Show ip eigrp neighbor"]
set body [format "%s\n%s" "$body" " - Show ip interface brief"]
set body [format "%s\n%s" "$body" " - Show ip eigrp interface"]
set body [format "%s\n%s" "$body" " - Show log"]
set body [format "%s\n%s" "$body" " - Show interface"]
set body [format "%s\n\n%s" "$body" "---------- Syslog message ----------"]
set body [format "%s\n%s" "$body" "$syslog_msg"]
set body [format "%s\n\n%s" "$body" "---------- Show version ----------"]
set body [format "%s\n%s" "$body" "$show_version"]
set body [format "%s\n\n%s" "$body" "---------- Show ip eigrp neighbor ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_eigrp_neighbor"]
set body [format "%s\n\n%s" "$body" "---------- Show ip interface brief ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief"]
set body [format "%s\n\n%s" "$body" "---------- Show ip eigrp interface ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_eigrp_interface"]
set body [format "%s\n\n%s" "$body" "---------- Show log ----------"]
set body [format "%s\n\n%s" "$body" "$show_log"]
set body [format "%s\n\n%s" "$body" "---------- Show interface ----------"]
set body [format "%s\n\n%s" "$body" "$show_interface"]
if [catch {smtp_send_email $body} result] {
action_syslog msg "smtp_send_email: $result"
}
action_syslog msg "E-mail sent!"
#------------------ end of send mail --------------------
Many thanks for your help.
09-16-2013 06:34 AM
So I just recently got the answer from TAC. Can't be done as of yet. I should correct that; it cannot be done as of yet on the ASR 1000. So we opted to capture the mail and use another script.
Here is my current workaround:
In my script for the mail information I rimmed out the send mail action and set scripts to convert the information to an applet. Which we called "convert" So far I am testing it and it seems to work well.
# if [catch {smtp_send_email $body} result] {
# action_syslog msg "smtp_send_email: $result"
# }
#section above rimmed out to stop email sending, section below used to grab mail text and body
if {[catch {context_save TESTCTX "body"} errmsg]} {
action_syslog msg "context_save failed: $errmsg"
}
set subject [format "%s%s%s%s" "VPN Failure Detected: Router " "$routername" " Crypto tunnel is DOWN. Peer " "$remote_peer"]
if {[catch {context_save TESTCTX2 "subject"} errmsg]} {
action_syslog msg "context_save failed: $errmsg"
}
action_syslog msg "vpn_failure.tcl script completed"
#------------------ end of send mail --------------------
#--------------------- cli close ------------------------
#
cli_close $cli(fd) $cli(tty_id)
# eeeeeeeeeeeeeeeeeeeeeeeeeeee End of vpn_failure.tcl eeeeeeeeeeeeeeeeeeeeee
#Action_Policy used to send to applet listed in header of EEM
action_policy convert
_______-----______------______--------
Then create an applet called convert:
event manager applet convert
event none
action 1.0 context retrieve key TESTCTX variable "body"
action 1.2 context retrieve key TESTCTX2 variable "subject"
action 2.0 mail server "10.79.1.126" to "joe.snuffy@snuffyindustries.com" from "RT01@snuffyindustries.com" subject "$subject" body "$body" vrf MGMT-0 source-address 10.79.0.252
09-16-2013 06:39 AM
You should note the
_______-----______------______--------
Was used to show segmentation where the actual tail of my script was and the begeinning of the applet configuration. I only say this to limit confusion. I hope I made sense as I often tend not to unless it is in my own head.
09-16-2013 07:54 AM
I tried to adjust the script and now I get the following error messages:
002881: Sep 16 16:50:50.353: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: Creating mail header...
002882: Sep 16 16:50:50.365: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: context_save failed: component=1fa8; subsys err=8; posix err=0;
'Embedded Event Manager' detected the 'fatal' condition 'duplicate application info key'
002883: Sep 16 16:50:50.365: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: not enough arguments for all format specifiers
002884: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: while executing
002885: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "format "%s%s%s%s" "VPN Failure Detected: Router " "$routername""
002886: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: invoked from within
002887: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "$slave eval $Contents"
002888: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: (procedure "eval_script" line 7)
002889: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: invoked from within
002890: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "eval_script slave $scriptname"
002891: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: invoked from within
002892: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "if {$security_level == 1} { #untrusted script
002893: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: interp create -safe slave
002894: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: interp share {} stdin slave
002895: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: interp share {} stdout slave
002896: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: ..."
002897: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)
002898: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: Tcl policy execute failed:
002899: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: not enough arguments for all format specifiers
Didn't you have missed the $ sign before body ?
if {[catch {context_save TESTCTX "body"} errmsg]}
or
if {[catch {context_save TESTCTX "$body"} errmsg]}
09-16-2013 08:09 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: