cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12566
Views
19
Helpful
34
Replies

eem on cisco 877, trouble with mail server action and smtp auth

smanet
Level 1
Level 1

hello all,

i'm using a router 877 at home and i really need to check out what this router do during the day.

So some time ago i configured it using some eem actions and sending to me email, without any problems.

Yesterday I changed my internet provider and now i need to use smtp autheticantion to send emails.

I read about how to authenticate, like username:password@host and also made a fast search here, without solve my problem.

I need to put as username the email of the provider like: mouse@host.com:mypassword@smtpserveraddress.com.

So, i want to know if someone had the same problem and solved it. Of course i couldn't use @ two times or eem would think that host.com is my smtp server! And right now is going in this way!

My IOS version is 15.1(2)T2, eem version is 3.1.

Hope someone could help me!

Thank you in advance.


Sandro

34 Replies 34

Hello Joseph,

I believe I have one last question about the script you kindly provided:

event manager applet Email

event timer watchdog time 28800

action 1 syslog priority notifications msg "Manual backup completed"

action 2 policy Email.tcl

::cisco::eem::event_register_syslog occurs 1 pattern ".*LINEPROTO-5-UPDOWN.*FastEthernet3.*"

namespace import ::cisco::eem::*

namespace import ::cisco::lib::*

set mail_pre "Mailservername: ...........

What is the event that triggers EEM action: is the watchdog timer OR the pattern:

".*LINEPROTO-5-UPDOWN.*FastEthernet3.*"

The Tcl script attached to this thread triggers off of a syslog message.  It cannot be called from the applet as you have here.  It is designed to stand alone.

Hi mate,

I admit I am now more confused than before. So basically I am left with two questions:

- is it possible "to call" a TCL script like yours in an EEM applet?

- here is my event trigger: event cli pattern "wr" sync no skip no occurs 1

Is it ok if I modify your script this way:

::cisco::eem::event_register_cli pattern "wr" sync no skip no occurs 1

I am not sure about the next word after event; is it register? Are there any other options?

Yes, it's possible to call a Tcl policy from an applet provided the Tcl policy is registered with the none event detector.  However, I don't know why you would do this in this case.  You can have the Tcl script do everything you want without the applet.

You are free to modify my script all you want.  However, a pattern as loose as "wr" might be dangerous.  If you want to match on write mem, then something like this would be best:

::cisco::eem::event_register_cli pattern "^write mem" sync no skip no occurs 1

I don't get this last question.  The way you've written this event registration line should be fine.

Hi mate,

Now it finally works! I thank you again for your patience and time!

Whenever you wish I have couple more questions:

How can I add two trigger events in the script with an OR statement between; e.g.: I want to trigger it whenever "write mem" is sent as cli but also when some specific syslog message shows up

Should I add another line like this:

::cisco::eem::event_register_syslog occurs 1 pattern "     "

How can I state the OR logical operation between these two?

Where, or how did you write this code sequence, because for makes little sense and I cannot understand it:

set mail_msg [uplevel #0 [list subst -nobackslashes -nocommands $mail_pre]]

if [catch {smtp_send_email $mail_msg} result] {

    error $result $errorInfo

}

Depending on your version of IOS, you can use the multiple event framework.  See

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/whitepaper_c11-492226.html for more details.

This code is essentially an eval to escape the internal mail template so that newlines are treated properly in your mail output.

Hi mate,

I print out the 8 pages and tried to understand "the thing".

Here is what I have now:

::cisco::eem::event_register_cli tag 1 pattern "^write mem"

::cisco::eem::event_register_cli tag 2 pattern "^wr.*"

::cisco::eem::trigger {

::cisco::eem::correlate event 1 or event 2

::cisco::eem::attribute tag 1 occurs 1 sync no skip no

::cisco::eem::attribute tag 2 occurs 1 sync no skip no

}

namespace import ::cisco::eem::*

namespace import ::cisco::lib::*

set mail_pre "Mailservername: backupservere@class.ro:wqnb@86.127.196.2\n"

append mail_pre "From: Cisco2811@algo.ro\n"

append mail_pre "To: backupservere@class.ro\n"

append mail_pre "Cc: \n"

append mail_pre "Subject: Cisco2811\n\n"

append mail_pre "Backup succesful\n\n"

set mail_msg [uplevel #0 [list subst -nobackslashes -nocommands $mail_pre]]

if [catch {smtp_send_email $mail_msg} result] {

    error $result $errorInfo

}

The good news is if I input write mem it WORKS.

If I input wr it doesn't work. I issued debug event manager all but wr doesn't trigger any reaction.

I want whenever I input wr to send the same email. I feel it's a minor mistake somewhere, but don't see it...

You don't need multiple events for this.  Try doing:

::cisco::eem:event_register_cli pattern "^write" sync no skip no

Hi mate,

This is not working. What I tried:

- ::cisco::eem:event_register_cli pattern "^write" sync no skip no

- ::cisco::eem:event_register_cli pattern "^wr.*" sync no skip no

- ::cisco::eem:event_register_cli pattern "wr.*" sync no skip no

- ::cisco::eem:event_register_cli pattern "wr*" sync no skip no

None of these are triggering the action whenever I input: wr


I tested:

::cisco::eem::event_register_cli pattern "^wr.*" sync no skip no

It works.  Are you reregistering your Tcl policy when you make the changes?

Good day!

I read EEM best practices updated by and also used the tool you kindly provided for conversion.

Now script looks like this and it is working (no errors):

::cisco::eem::event_register_cli tag 1 pattern "^wr.*" sync no skip no occurs 1

::cisco::eem::event_register_cli tag 2 pattern "^write mem.*" sync no skip no occurs 1

::cisco::eem::trigger {

    ::cisco::eem::correlate event 1 or event 2

    ::cisco::eem::attribute tag 1 occurs 1

    ::cisco::eem::attribute tag 2 occurs 1

}

What I would like to know: where do you recommend using the "occurs 1": when defining the tag, or later under trigger definition ?

Many thanks,

Florin.

With multiple events, you have to use it under the trigger.  However, for this particular use case, you don't need multiple events.  You can make it work with the one pattern.

Thank you sir!

Hi,

i tried to use this same script for IPSla but i got an error like, can you please help me to correct this

%TRACKING-5-STATE: 30 ip sla 30 reachability Up->Down
%HA_EM-6-LOG: MAILIPSla.tcl: wrong 1st line format.
%HA_EM-6-LOG: MAILIPSla.tcl: usage: Mailservername: <list of server names>
%HA_EM-6-LOG: MAILIPSla.tcl: while executing
%HA_EM-6-LOG: MAILIPSla.tcl: "smtp_send_email $mail_msg"
%HA_EM-6-LOG: MAILIPSla.tcl: invoked from within
%HA_EM-6-LOG: MAILIPSla.tcl: "$slave eval $Contents"
%HA_EM-6-LOG: MAILIPSla.tcl: (procedure "eval_script" line 7)
%HA_EM-6-LOG: MAILIPSla.tcl: invoked from within
%HA_EM-6-LOG: MAILIPSla.tcl: "eval_script slave $scriptname"
%HA_EM-6-LOG: MAILIPSla.tcl: invoked from within
%HA_EM-6-LOG: MAILIPSla.tcl: "if {$security_level == 1} { #untrusted script
%HA_EM-6-LOG: MAILIPSla.tcl: interp create -safe slave
%HA_EM-6-LOG: MAILIPSla.tcl: interp share {} stdin slave
%HA_EM-6-LOG: MAILIPSla.tcl: interp share {} stdout slave
%HA_EM-6-LOG: MAILIPSla.tcl: ..."
%HA_EM-6-LOG: MAILIPSla.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)
%HA_EM-6-LOG: MAILIPSla.tcl: Tcl policy execute failed:
%HA_EM-6-LOG: MAILIPSla.tcl: wrong 1st line format.
%HA_EM-6-LOG: MAILIPSla.tcl: usage: Mailservername: <list of server names>

My Script

-------------

::cisco::eem::event_register_syslog occurs 1 pattern ".*TRACKING-5-STATE: 30 ip sla 30 reachability Up->Down*"

namespace import ::cisco::eem::*
namespace import ::cisco::lib::*


set mail_pre "exmail.emirates.net.ae: amilto@autoex.ae:Edfgg20!7\n"
append mail_pre "From: amilto@autoex.ae\n"
append mail_pre "To: 052as12121@email2sms.ae\n"
append mail_pre "Subject: DataCentre-IPSLA\n\n"
append mail_pre "connection-Lost-with_1.3\n\n"
set mail_msg [uplevel #0 [list subst -nobackslashes -nocommands $mail_pre]]
if [catch {smtp_send_email $mail_msg} result] {
error $result $errorInfo
}

Justin Dart
Level 1
Level 1

Hello.  I struggled with this problem for a day or two and stumbled across this post multiple times.  I just wanted to let those out there with no scripting knowledge (tcl) know that there *is* a workaround that can be used in EEM for email servers that require SSL authentication. Please note: one downside with this workaround is that if your router is handling any of your DNS resolution for your network you may have issues which I will mention at the bottom of this post.  The workaround does require a third party application called "stunnel" to be running on a PC (any computer really) that will be powered on at all times.  Below is the relevant router config info and stunnel.conf config for an IP SLA event which monitors pings to a Google DNS server, and sends an email out to a Gmail address.

Router config:

object-group network IPSLA-ECHO  (**Created for readability in my ACL**)

host 8.8.8.8

ip sla 10
icmp-echo 8.8.8.8 source-interface FastEthernet4
threshold 400
timeout 700
frequency 3

ip sla schedule 10 life forever start-time now

track 10 ip sla 10 reachability

delay down 10 up 20

ip host gmail.com 192.168.150.35  (**This is the key -- this tells the router that gmail.com can be reached by going to 192.168.150.35 which is the local LAN IP address of the PC running stunnel**)

ip access-list extended INBOUND

permit icmp object-group IPSLA-ECHO any echo-reply

event manager environment _email_to john-doe@gmail.com  (**This obviously can be any email address**)

event manager environment _email_from john-doe@gmail.com  (**In my testing you can change this, but in the email the router will send, Gmail will still report the sender as the one that is being authenticated**)

event manager environment _email_server john-doe:Passw0rd1@gmail.com

event manager applet ICMP-SLOW

event track 10 state down

action 1.1 syslog msg "*** ICMP reply timed out or IP SLA threshold exceeded! Check ping times to Google DNS!! ***"

action 1.2 cli command "enable"

action 1.3 cli command "del /force flash:google_icmp_log"

action 1.4 cli command "show clock | append google_icmp_log"

action 1.5 cli command "show ip sla statistics | append google_icmp_log"

action 1.6 cli command "more flash:google_icmp_log"

action 1.7 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "ICMP to Google is slow!" body "ICMP exceeding threshhold of 400ms $_cli_result" source-interface Vlan5  (**Vlan5 is the local LAN network interface**)

action 1.8 syslog msg "*** ICMP response time notification has been sent!! ***"

stunnel.conf config:

cert = stunnel.pem

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

client = yes

options = NO_SSLv2

[pop3s]
accept  = 110
connect = pop.gmail.com:995

[imaps]
accept  = 143
connect = pop.gmail.com:993

[ssmtp]
accept  = 25
connect = smtp.gmail.com:465

That should be all that's needed.  What happens in a nutshell, is the applet sends the email with the appropriate credentials to what it *thinks* is gmail.com (it is in fact the PC running stunnel) and then stunnel serves as the bridge to help in authenticating with smtp.gmail.com and get the email sent through the correct server.  Hope that makes sense. 

Now the big downside to this as I mentioned in the beginning of the post, is depending on if your router is configured to do DNS, it could very well come back with responses to gmail.com queries as being at 192.168.150.35 (your stunnel PC IP address).  So far as I know this can only be worked around by adding entries to each PC's hosts file on the local network -- not a viable option for most people I know.  So realistically this workaround would only be viable if there is some other device/server doing DNS for the network.

In case you have any issues, please remember to use the debug commands in IOS to troubleshoot.  I ultimately got things working through use of debug logs (I think in this particular case I used "debug event manager all"). I found out that the router was establishing a connection with the server through the bridge, but the authentication was failing (I entered my password wrong even after triple checking it).

I am sure there are some other applications similar to stunnel that can do non-secure connections in a similar fashion, and it's possible stunnel can do non-secure ones as well (honestly did not look into it or try it). 

Hope this helps someone out there!

Justin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco