cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3240
Views
0
Helpful
23
Replies

Setting the source-interface in a tcl script for email.

tschouten
Level 1
Level 1

So once again I am trying to figure this out and failing miserably. The only thin I can think of at the moment is that I need to tell it to source from a specific vrf interface. I've tried looking through possible enviornment variables. Hoping I could set it that way but have yet to find one. I have read varios settings for source-interface and attempted them. But fail every time with:

vpn_failure.tcl: smtp_send_email: error connecting to mail server:

EEM Version:

sho event manager version

Embedded Event Manager Version 4.00

Component Versions:

eem: (rel4)1.0.4

eem-gold: (rel1)1.0.2

eem-call-home: (rel2)1.0.0

Below is the stock format for sending the email from the script. If someone could guide me in the correct way to set this up to source the interface that would be awesome.

# create mail form

  action_syslog msg "Creating mail header for vpn_failure.tcl script..."

  set body [format "Mailservername: %s" "$_email_server"]

  set body [format "%s\nFrom: %s" "$body" "$_email_from"]

  set body [format "%s\nTo: %s" "$body" "$_email_to"]

  set _email_cc ""

  set body [format "%s\nCc: %s" "$body" ""]

  set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]

  set body [format "%s\n%s" "$body" "Report Summary:"]

  set body [format "%s\n%s" "$body" "   - syslog message"]

  set body [format "%s\n%s" "$body" "   - summary of interface(s) in an up/down state"]

  set body [format "%s\n%s" "$body" "   - show ip route $remote_peer"]

  set body [format "%s\n%s" "$body" "   - show crypto isakmp sa"]

  set body [format "%s\n%s" "$body" "   - show crypto session detail"]

  set body [format "%s\n%s" "$body" "   - show crypto engine connection active"]

  set body [format "%s\n%s" "$body" "   - show ip nhrp detail (DMVPN only)"]

  set body [format "%s\n%s" "$body" "   - show log"]

  set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]

  set body [format "%s\n%s" "$body" "$syslog_msg"]

  set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]

  set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_route"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]

  set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]

  set body [format "%s\n\n%s" "$body" "---------- show log ----------"]

  set body [format "%s\n\n%s" "$body" "$show_log"]

  if [catch {smtp_send_email $body} result] {

    action_syslog msg "smtp_send_email: $result"

  }

23 Replies 23

I got this far, saw the MAXRUN error, bumped that out and then turned on debugging. I am still not connecting to the mail server. So I don't think I am reaching the mail server yet. I don't think it is using the sourceinterface. In debugging everyting in the script works except for the mail portion.

Jul 29 16:01:00.334: %HA_EM-6-LOG: vpn_failure.tcl: Creating mail header for vpn_failure.tcl script...

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     while executing

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "action_syslog msg "smtp_send_email: $result""

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "$slave eval $Contents"

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     (procedure "eval_script" line 7)

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "eval_script slave $scriptname"

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "if {$security_level == 1} {       #untrusted script

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp create -safe slave

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp share {} stdin slave

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp share {} stdout slave

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: ..."

Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     (file "tmpsys:/lib/tcl/base.tcl" line 50)

Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Tcl policy execute failed:

Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.

Debugging On:

Jul 29 16:28:51.471: [fh_smtp_debug_cmd]

Jul 29 16:28:51.472: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 2

Jul 29 16:29:24.473: [fh_smtp_debug_cmd]

Jul 29 16:29:24.473: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 3

Jul 29 16:29:57.475: [fh_smtp_debug_cmd]

Jul 29 16:29:57.475: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 4

Jul 29 16:30:30.478: [fh_smtp_debug_cmd]

Jul 29 16:30:30.479: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 5

Jul 29 16:31:00.482: %HA_EM-6-LOG: vpn_failure.tcl: smtp_send_email: error connecting to mail server:

cannot connect to all the candidate mail servers

Jul 29 16:31:00.483: %HA_EM-6-LOG: vpn_failure.tcl: vpn_failure.tcl script completed

______________________________________________________________________________

event manager environment _email_server 10.79.1.126

event manager environment _email_from SEVCINRT01@group.com

event manager environment _email_to infrastructure_team@group.com

interface Port-channel1.101

description MGMT-1

encapsulation dot1Q 101

vrf forwarding MGMT-1

ip address 10.79.1.252 255.255.255.0

ip nat inside

ip virtual-reassembly

redundancy rii 101

redundancy group 2 ip 10.79.1.254 exclusive decrement 10

end


#----------------------- send mail ----------------------

#

# create mail form

  action_syslog msg "Creating mail header for vpn_failure.tcl script..."

  set body [format "Mailservername: %s" "$_email_server"]

  set body [format "%s\nFrom: %s" "$body" "$_email_from"]

  set body [format "%s\nTo: %s" "$body" "$_email_to"]

  set _email_cc ""

  set body [format "%s\nCc: %s" "$body" "blah@group.com"]

  set body [format "%s\nSourceintf: %s" "$body" "port-channel1.101"]

  set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]

  set body [format "%s\n%s" "$body" "Report Summary:"]

  set body [format "%s\n%s" "$body" "   - syslog message"]

  set body [format "%s\n%s" "$body" "   - summary of interface(s) in an up/down state"]

  set body [format "%s\n%s" "$body" "   - show ip route $remote_peer"]

  set body [format "%s\n%s" "$body" "   - show crypto isakmp sa"]

  set body [format "%s\n%s" "$body" "   - show crypto session detail"]

  set body [format "%s\n%s" "$body" "   - show crypto engine connection active"]

  set body [format "%s\n%s" "$body" "   - show ip nhrp detail (DMVPN only)"]

  set body [format "%s\n%s" "$body" "   - show log"]

  set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]

  set body [format "%s\n%s" "$body" "$syslog_msg"]

  set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]

  set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_route"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]

  set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]

  set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]

  set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]

  set body [format "%s\n\n%s" "$body" "---------- show log ----------"]

  set body [format "%s\n\n%s" "$body" "$show_log"]

  if [catch {smtp_send_email $body} result] {

    action_syslog msg "smtp_send_email: $result"

  }

  action_syslog msg "vpn_failure.tcl script completed"

#------------------ end of send mail --------------------

It doesn't appear you're setting the VRF name to MGMT-1 in your email header.  You'll need to do that as well.

So, I'm lost then on that one. How does one do that?

We had talked about it, but you didn't add it to your script:

set body [format "%s\nVrf: %s" "$body" "$_vrf"]

That needs to come right after the Sourceintf header.

Hi all, I am also very interested to specifiy the source interface and the vrf. Otherwise I am not able to reach the smtp mail gateway. Even though I have specified the source interface as well as the vrf I get the error message "

smtp_send_email: error connecting to mail server"

My script looks as follow:

# create mail form

  action_syslog msg "Creating mail header..."

  set body [format "Mailservername: %s" "$_email_server"]

  set body [format "%s\nFrom: %s" "$body" "$_email_from"]

  set body [format "%s\nTo: %s" "$body" "$_email_to"]

  set body [format "%s\nCc: %s" "$body" ""]

  set body [format "%s\nSourceintf: %s" "$body" "GigabitEthernet0/0.2096"]

  set body [format "%s\nVrf: %s" "$body" "EGL-dmvpn"]

  set body [format "%s\nSubject: %s\n" "$body" "$routername Detected an Eigrp Neighbor Change"]

  set body [format "%s\n%s" "$body" "Report Summary for $routername:"]

  set body [format "%s\n%s" "$body" "   - Syslog message"]

  set body [format "%s\n%s" "$body" "   - Show version"]

  set body [format "%s\n%s" "$body" "   - Show ip eigrp neighbor"]

  set body [format "%s\n%s" "$body" "   - Show ip interface brief"]

  set body [format "%s\n%s" "$body" "   - Show ip eigrp interface"]

  set body [format "%s\n%s" "$body" "   - Show log"]

  set body [format "%s\n%s" "$body" "   - Show interface"]

  set body [format "%s\n\n%s" "$body" "---------- Syslog message ----------"]

  set body [format "%s\n%s" "$body" "$syslog_msg"]

  set body [format "%s\n\n%s" "$body" "---------- Show version ----------"]

  set body [format "%s\n%s" "$body" "$show_version"]

  set body [format "%s\n\n%s" "$body" "---------- Show ip eigrp neighbor ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_eigrp_neighbor"]

  set body [format "%s\n\n%s" "$body" "---------- Show ip interface brief ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief"]

  set body [format "%s\n\n%s" "$body" "---------- Show ip eigrp interface ----------"]

  set body [format "%s\n\n%s" "$body" "$show_ip_eigrp_interface"]

  set body [format "%s\n\n%s" "$body" "---------- Show log ----------"]

  set body [format "%s\n\n%s" "$body" "$show_log"]

  set body [format "%s\n\n%s" "$body" "---------- Show interface ----------"]

  set body [format "%s\n\n%s" "$body" "$show_interface"]

  if [catch {smtp_send_email $body} result] {

    action_syslog msg "smtp_send_email: $result"

  }

action_syslog msg "E-mail sent!"

#------------------ end of send mail --------------------

Many thanks for your help.

So I just recently got the answer from TAC. Can't be done as of yet. I should correct that; it cannot be done as of yet on the ASR 1000. So we opted to capture the mail and use another script.

Here is my current workaround:

In my script for the mail information I rimmed out the send mail action and set scripts to convert the information to an applet. Which we called "convert" So far I am testing it and it seems to work well.

#  if [catch {smtp_send_email $body} result] {

#    action_syslog msg "smtp_send_email: $result"

#  }

#section above rimmed out to stop email sending, section below used to grab mail text and body

if {[catch {context_save TESTCTX "body"} errmsg]} {

      action_syslog msg "context_save failed: $errmsg"

}

set subject [format "%s%s%s%s" "VPN Failure Detected: Router " "$routername" " Crypto tunnel is DOWN. Peer " "$remote_peer"]

if {[catch {context_save TESTCTX2 "subject"} errmsg]} {

      action_syslog msg "context_save failed: $errmsg"

}

  action_syslog msg "vpn_failure.tcl script completed"

#------------------ end of send mail --------------------

#--------------------- cli close ------------------------

#

  cli_close $cli(fd) $cli(tty_id)

# eeeeeeeeeeeeeeeeeeeeeeeeeeee    End of vpn_failure.tcl eeeeeeeeeeeeeeeeeeeeee

#Action_Policy used to send to applet listed in header of EEM

action_policy convert

_______-----______------______--------

Then create an applet called convert:

event manager applet convert

event none

action 1.0 context retrieve key TESTCTX variable "body"

action 1.2 context retrieve key TESTCTX2 variable "subject"

action 2.0 mail server "10.79.1.126" to "joe.snuffy@snuffyindustries.com" from "RT01@snuffyindustries.com" subject "$subject" body "$body" vrf MGMT-0 source-address 10.79.0.252

You should note the

_______-----______------______--------

Was used to show segmentation where the actual tail of my script was and the begeinning of the applet configuration. I only say this to limit confusion. I hope I made sense as I often tend not to unless it is in my own head.

I tried to adjust the script and now I get the following error messages:

002881: Sep 16 16:50:50.353: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: Creating mail header...

002882: Sep 16 16:50:50.365: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: context_save failed: component=1fa8; subsys err=8; posix err=0;

'Embedded Event Manager' detected the 'fatal' condition 'duplicate application info key'

002883: Sep 16 16:50:50.365: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: not enough arguments for all format specifiers

002884: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     while executing

002885: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "format "%s%s%s%s" "VPN Failure Detected: Router " "$routername""

002886: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     invoked from within

002887: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "$slave eval $Contents"

002888: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     (procedure "eval_script" line 7)

002889: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     invoked from within

002890: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "eval_script slave $scriptname"

002891: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     invoked from within

002892: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: "if {$security_level == 1} {       #untrusted script

002893: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:      interp create -safe slave

002894: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:      interp share {} stdin slave

002895: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:      interp share {} stdout slave

002896: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: ..."

002897: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl:     (file "tmpsys:/lib/tcl/base.tcl" line 50)

002898: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: Tcl policy execute failed:

002899: Sep 16 16:50:50.369: %HA_EM-6-LOG: eigrp_neighbor_change.tcl: not enough arguments for all format specifiers

Didn't you have missed the $ sign before body ?

if {[catch {context_save TESTCTX "body"} errmsg]}

or

if {[catch {context_save TESTCTX "$body"} errmsg]}

Below is a copy of the current script I am using....I apologize it is slightly messy. I am going back and cleaning it up as this is in our lab environment at the moment and will be pushed out to the production later.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco