Solved: Event Manager question. Monitoring DNS entry.

Marcos Martinez Garcia · ‎11-05-2012

Hello everybody,

I want to use Cisco Embedded Event Manager in a router for monitoring a DNS entry that normally resolves 1.1.1.1 but if it changes to 2.2.2.2 the router has to change some access list automatically in order to permit different routes.

I know how to configure de "action" sentences for change the ACLs but I dont know how to configure a track or a SLA in order to check the DNS entry and react if it changes.

Someone knows how to do that?

event manager applet ChangeRoutesWhenDNSEntryChanges

event track 21 state ??????????????????????????????????????????????????<----------

action 1.0 cli command "enable"

action 2.0 cli command "configure terminal"

action 3.0 cli command "ip access...

...

Thank you in advance!!

Marcos.

avayner · ‎11-09-2012

Indeed, I just provided the above example to demonstrate how we can force a DNS lookup and parse the IP address...

I was actually thinking about using the IP SLA DNS probe, but I could not find a way to get the IP address from the results... It just shows the response time.

In order to make the script work, we would most likely need to use some timer to trigger it periodically.

This is an adaptation of my previous example to actually accomplish a periodic check:

event manager applet CHECK-DNS

event timer watchdog time 60

action 1.0 cli command "ena"

action 1.1 cli command "ping host1 repeat 1 timeout 0"

action 2.0 regexp "ICMP Echos to (.*), timeout is 0 seconds:" "$_cli_result" _match _ip

action 3.0 if $_ip ne 1.1.1.1

action 4.0 syslog msg "host1 is now $_ip"

action 5.0 end

If you want to do something as a reaction to detecting the change, that would have to go into the "4.0" block (you can use 4.1, 4.2 etc)

Another thing to consider is that this script would run every minute, so as long as the DNS query resolves to anything but 1.1.1.1 we would re-apply the config changes, which is not that good...

A way to solve this can be seen in the next example:

event manager applet HOST1-NOT-1.1.1.1

event timer watchdog time 60

action 1.0 cli command "ena"

action 1.1 cli command "ping host1 repeat 1 timeout 0"

action 2.0 regexp "ICMP Echos to (.*), timeout is 0 seconds:" "$_cli_result" _match _ip

action 2.1 track read 100

action 3.0 if $_ip eq 1.1.1.1

action 4.0 if $_track_state eq down

action 4.1 track set 100 state up

action 4.2 syslog msg "host1 is now 1.1.1.1 again"

action 4.9 end

action 5.0 else

action 6.1 if $_track_state eq up

action 6.2 track set 100 state down

action 6.3 syslog msg "host1 is not 1.1.1.1, new ip is $_ip"

action 6.9 end

action 7.0 end

Basically we are using a stub tracking object to maintain state. Track object 100 would be up if we know host1=1.1.1.1, but if we detect it is something else we change it to down. Only after we detect that host1=1.1.1.1 again we change the track object back to up, which would enabled detecting another change...

Any actions you want to take should go into section "6" and any clean up (when host1=1.1.1.1 again) has to go into section "4".

It is possible to make this detect any change and not just have a static 1.1.1.1 value by assigning the newly detected value to a variable and basically look for a change... Not sure what is your requirement.

The output below shows how this works...

Router#show run | inc ip host

ip host host1 1.1.1.1

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip hos

Router(config)#ip host host1 2.2.2.2

Router(config)#^Z

Router#

*Nov 9 18:23:18.009: %TRACKING-5-STATE: 100 stub Up->Down

*Nov 9 18:23:18.021: %HA_EM-6-LOG: HOST1-NOT-1.1.1.1: host1 is not 1.1.1.1, new ip is 2.2.2.2

Router#

*Nov 9 18:23:18.065: %SYS-5-CONFIG_I: Configured from console by console

Router#

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip host host1 1.1.1.1

Router(config)#^Z

Router#

*Nov 9 18:23:42.805: %SYS-5-CONFIG_I: Configured from console by console

Router#

*Nov 9 18:24:18.025: %TRACKING-5-STATE: 100 stub Down->Up

Router#

*Nov 9 18:24:18.033: %HA_EM-6-LOG: HOST1-NOT-1.1.1.1: host1 is now 1.1.1.1 again

View solution in original post

avayner · ‎11-05-2012

Marcos,

We could run a periodic ping using the hostname. This would trigger a DNS lookup, and we can parse the resolved IP...

What IOS/EEM version is this running on?

Arie

Joe Clarke · ‎11-05-2012

I also have some Tcl code here in CSC (host.tcl) that will do A record DNS lookups. However, for simplicity, I would agree that ping would be a good option. You'd have to go with a timer ED, likely. I don't see how a track ED would work here.

Marcos Martinez Garcia · ‎11-07-2012

Thanks you guys for your answers.

Arie, the versions are:

#sh event manager version

Embedded Event Manager Version 3.10

Component Versions:

eem: (v310_throttle)4.1.23

eem-gold: (v310_throttle)1.0.7

eem-call-home: (v310_throttle)1.0.6

Event Detectors:

Name Version Node Type

application 01.00 node0/0 RP

syslog 01.00 node0/0 RP

rf 01.00 node0/0 RP

track 01.00 node0/0 RP

resource 01.00 node0/0 RP

routing 02.00 node0/0 RP

cli 01.00 node0/0 RP

counter 01.00 node0/0 RP

interface 01.00 node0/0 RP

ioswdsysmon 01.00 node0/0 RP

none 01.00 node0/0 RP

oir 01.00 node0/0 RP

snmp 01.00 node0/0 RP

snmp-notification 01.00 node0/0 RP

timer 01.00 node0/0 RP

snmp-object 01.00 node0/0 RP

test 01.00 node0/0 RP

config 01.00 node0/0 RP

env 01.00 node0/0 RP

gold 01.00 node0/0 RP

rpc 01.00 node0/0 RP

--------------------------------------------------------------------------------------------------------------------------------------------------

#sh ver

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M7, RELEASE SOFTWARE (fc2)

...

---------------------------------------------------------------------------------------------------------------------------------------------------

Which kind of commands I will need to introduce?

Do I need to declare a SLA and create a track? something like:

ip sla 1

icmp-echo test.xxxx.com

track 1 ip sla 1 ???

???

I'm CCNP but I have not previus experience with eem so I'm not sure to understand how to do what you said.

Thank you so much in advance, you help is very appreciated!!

Kind regards,

Marcos.

avayner · ‎11-07-2012

I just hacked this example using EEM 3.1. Hope it gives you a head start:

event manager applet RESOLVE

event none

action 1.0 cli command "ping host1"

action 2.0 regexp "ICMP Echos to (.*), timeout is 2 seconds:" "$_cli_result" _match _ip

action 3.0 puts "IP Address is $_ip"

Arie

Marcos Martinez Garcia · ‎11-08-2012

Ok Arie, I will try it as soon as I understand exactly what it does.

Thank you so much.

avayner · ‎11-08-2012

Marcos,

Let me add some info on the examples I shared earlier:

event manager applet RESOLVE

event none

action 1.0 cli command "ping host1 repeat 1 timeout 0"

action 2.0 regexp "ICMP Echos to (.*), timeout is 2 seconds:" "$_cli_result" _match _ip

action 3.0 puts "IP Address is $_ip"

This script can be executed by using this command:

Router#event manager run RESOLVE

IP Address is 1.1.1.1

(I configured "ip host host1 1.1.1.1" on my router so it would resolve)

(I added "repeat 1 timeout 0" to the ping command so if the destination is not responding, we don't have a delay)

The script executes a ping to "host1", which forces the router to do a DNS lookup for host1 and initiate a ping request to the IP address.

The ping command's output looks like this:

"Sending 1, 100-byte ICMP Echos to 1.1.1.1, timeout is 0 seconds:"

This string is populated into the $_cli_result system variable.

The next line (2.0) does a regular expression match on the output, capturing the IP address. Note the (.*) part of the regexp string, which captures the IP address. It is then pushed into the _ip variable (the _match variable gets the whole match of the regexp, and we do not care about it)

So at this point $_ip has the IP address...

In your use case, you would have to compare it to your reference IP (using an "if" action), and perform any relevant actions if you detect a change.

Arie

Marcos Martinez Garcia · ‎11-09-2012

Hi Arie,

thank you again. I understand the code know, but I think it will not be executed automatically because I have to introduce the command event manager run RESOLVE. The point is that the device has to realise the IP of the DNS entry for host1 has been changed and it will execute the actions that will change the access-lists.

In other devices (.in which we can monitor an IP and not a host name DNS entry) we use this code:

ip sla 1
icmp-echo 10.10.10.10
timeout 1000
threshold 1000
frequency 10
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability
delay down 30

event manager applet SCRIPT

event track 1 state down

action 1.0 cli command "enable"

action 1.1 cli command "configure terminal"

action 2.0 cli command "ip dhcp pool POOL1"

action 2.1 cli command "dns-server 10.10.10.11"

action 2.2 cli command "exit"

action 3.0 cli command "ip access-list extended ACCESSLIST1"

action 3.1 cli command "no 10 deny ip any 10.10.0.0 0.0.255.255"

action 3.2 cli command "10 deny ip any 10.10.0.0 0.0.255.255"

action 4.0 cli command "end"

action 4.1 cli command "wr mem"

So it changes automatically when the IP stops answer to the ping. (Then there is another similar code which do the opposite)

How I could automate your code?

Thanx in advance!

avayner · ‎11-09-2012

Indeed, I just provided the above example to demonstrate how we can force a DNS lookup and parse the IP address...

I was actually thinking about using the IP SLA DNS probe, but I could not find a way to get the IP address from the results... It just shows the response time.

In order to make the script work, we would most likely need to use some timer to trigger it periodically.

This is an adaptation of my previous example to actually accomplish a periodic check:

event manager applet CHECK-DNS

event timer watchdog time 60

action 1.0 cli command "ena"

action 1.1 cli command "ping host1 repeat 1 timeout 0"

action 2.0 regexp "ICMP Echos to (.*), timeout is 0 seconds:" "$_cli_result" _match _ip

action 3.0 if $_ip ne 1.1.1.1

action 4.0 syslog msg "host1 is now $_ip"

action 5.0 end

If you want to do something as a reaction to detecting the change, that would have to go into the "4.0" block (you can use 4.1, 4.2 etc)

Another thing to consider is that this script would run every minute, so as long as the DNS query resolves to anything but 1.1.1.1 we would re-apply the config changes, which is not that good...

A way to solve this can be seen in the next example:

event manager applet HOST1-NOT-1.1.1.1

event timer watchdog time 60

action 1.0 cli command "ena"

action 1.1 cli command "ping host1 repeat 1 timeout 0"

action 2.0 regexp "ICMP Echos to (.*), timeout is 0 seconds:" "$_cli_result" _match _ip

action 2.1 track read 100

action 3.0 if $_ip eq 1.1.1.1

action 4.0 if $_track_state eq down

action 4.1 track set 100 state up

action 4.2 syslog msg "host1 is now 1.1.1.1 again"

action 4.9 end

action 5.0 else

action 6.1 if $_track_state eq up

action 6.2 track set 100 state down

action 6.3 syslog msg "host1 is not 1.1.1.1, new ip is $_ip"

action 6.9 end

action 7.0 end

Basically we are using a stub tracking object to maintain state. Track object 100 would be up if we know host1=1.1.1.1, but if we detect it is something else we change it to down. Only after we detect that host1=1.1.1.1 again we change the track object back to up, which would enabled detecting another change...

Any actions you want to take should go into section "6" and any clean up (when host1=1.1.1.1 again) has to go into section "4".

It is possible to make this detect any change and not just have a static 1.1.1.1 value by assigning the newly detected value to a variable and basically look for a change... Not sure what is your requirement.

The output below shows how this works...

Router#show run | inc ip host

ip host host1 1.1.1.1

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip hos

Router(config)#ip host host1 2.2.2.2

Router(config)#^Z

Router#

*Nov 9 18:23:18.009: %TRACKING-5-STATE: 100 stub Up->Down

*Nov 9 18:23:18.021: %HA_EM-6-LOG: HOST1-NOT-1.1.1.1: host1 is not 1.1.1.1, new ip is 2.2.2.2

Router#

*Nov 9 18:23:18.065: %SYS-5-CONFIG_I: Configured from console by console

Router#

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip host host1 1.1.1.1

Router(config)#^Z

Router#

*Nov 9 18:23:42.805: %SYS-5-CONFIG_I: Configured from console by console

Router#

*Nov 9 18:24:18.025: %TRACKING-5-STATE: 100 stub Down->Up

Router#

*Nov 9 18:24:18.033: %HA_EM-6-LOG: HOST1-NOT-1.1.1.1: host1 is now 1.1.1.1 again