Solved: Re: EEM OSPF syslog - Page 2

nvanhaute · ‎04-03-2010

hi all,

I'm using EEM to be warn by mail when my OSPF adj changes ; I use OSPF in tunel int, so I can know when tunnel is down/up.

My script works well but sometimes I do not receive any mail whereas adj changes, so I can receive mail with "up" whereas I did not receive "down".

I ask me if there is no rate-limiter on syslog msg that could explain my issue. what else ? if you have an idea, I'm interested.

Other problem in my case, when my Internet access falls down, I receive tons of mail (one by tunnel interface ; I have 50 int tunnel !)... so I would like to improve my script to detect internet issue and in that case send only a mail to tell me : no internet. Same when Internet is back.

my script :

***************************
event manager environment mail_smtp aaa.bbb.ccc.ddd.eee
event manager environment mail_to aaaa@aaa.aa

event manager applet OSPFtunnelDOWN
   event syslog pattern "OSPF-5-ADJCHG.*FULL to DOWN"
   action 100 info type routername
   action 110 regexp "on ([_0-9a-zA-Z]*) from" "$_syslog_msg" result nominterface
   action 120 cli command "show interface $nominterface"
   action 130 regexp "Description: ([a-zA-Z0-9\-]+)" "$_cli_result" result site
   action 200 mail server "$mail_smtp" to "$mail_to" from "$_info_routername@aaa.aa" subject "down : $site" body "down $site"

event manager applet OSPFtunnelUP
   event syslog pattern "OSPF-5-ADJCHG.*to FULL"
   action 100 info type routername
   action 110 regexp "on ([_0-9a-zA-Z]*) from" "$_syslog_msg" result nominterface
   action 120 cli command "show interface $nominterface"
   action 130 regexp "Description: ([a-zA-Z0-9\-]+)" "$_cli_result" result site
   action 200 mail server "$mail_smtp" to "$mail_to" from "$_info_routername@aaa.aa" subject "up : $site" body "up $site"
*************************************************************

help is welcome

thanks

Niko

Joe Clarke · ‎04-08-2010

I think the thread option is best. While you can increase the VTYs, you are also increasing the load on your device by running so many policy instances at once.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

nvanhaute · ‎04-08-2010

ok I just tested in putting :

thread 8 and vty 10 => no success (still problem)

thread 8 and vty 15 => seems to be ok :-)

sounds ok for you now ?

Niko

Joe Clarke · ‎04-08-2010

You just need to make sure you have enough VTY lines free to satisfy all your policy instances, all of your interactive sessions, then one extra as EEM will not take the last free VTY line. So if 15 is the magic number for you, that sounds good. That is the default.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

nvanhaute · ‎04-09-2010

ok so if I need to add again tunnel interface, I have to check if I still have enough vty lines

so if not enough, I increase it (vty) until it is ok ?

thanks for your big help

NIko

Joe Clarke · ‎04-09-2010

No. By keeping your threads at eight, you ensure that EEM will only ever need up to nine VTY lines to be free. So you can add as many tunnels as you want provided you can keep nine lines free at any given time.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

Joe Clarke · ‎04-09-2010

I should say that the particular EEM CLASS will only need up to nine VTY lines. If you have other policies configured in other thread classes, you may still require more free VTY lines.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

nvanhaute · ‎09-08-2010

Hi Joseph,

I'm back to you because now I have more than 40 tunnel interfaces and I get this message in log :

%HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session: no tty lines available, minimum of 2 required by EEM

remember you my configuration :

!

line vty 5 15
login
transport input none
!

!

event manager environment mail_smtp ****
event manager environment mail_to *****
event manager environment mail_from *****
event manager scheduler applet thread class default number 8
event manager applet OSPFtunnelUP
event syslog pattern "OSPF-5-ADJCHG.*to FULL"
action 100 info type routername
action 110 regexp "on ([_0-9a-zA-Z]*) from" "$_syslog_msg" result nominterface
action 120 cli command "show interface $nominterface"
action 130 regexp "Description: ([a-zA-Z0-9\-]+)" "$_cli_result" result site
action 200 mail server "$mail_smtp" to "$mail_to" from "$mail_from" subject "$site UP" body "$site is up"
event manager applet OSPFtunnelDOWN
event syslog pattern "OSPF-5-ADJCHG.*FULL to *"
action 100 info type routername
action 110 regexp "on ([_0-9a-zA-Z]*) from" "$_syslog_msg" result nominterface
action 120 cli command "show interface $nominterface"
action 130 regexp "Description: ([a-zA-Z0-9\-]+)" "$_cli_result" result site
action 200 mail server "$mail_smtp" to "$mail_to" from "$mail_from" subject "$site DOWN" body "$site is down."
!

so what I need to change again to not get this error in log and get mail alert ? increase vty lines => 5 20 ?

best regards

Nicolas

PS : this issue is present only in eem version ? maybe with new IOS it's ok and I don't need more vty lines ?

Joe Clarke · ‎09-08-2010

For this configuration, you could need at least nine free VTY lines. Upgrading IOS will not change that requirement. If you only have "line vty 0 5" configured, you need to increase that to at least "vty 0 8". If all eight threads execute, then you can only have one user logged in. Any more that that, and you will see the error you're seeing. You can also reduce the thread count some more to limit the number of concurrent policies.