Setting the source-interface in a tcl script for email.

tschouten · ‎07-29-2013

So once again I am trying to figure this out and failing miserably. The only thin I can think of at the moment is that I need to tell it to source from a specific vrf interface. I've tried looking through possible enviornment variables. Hoping I could set it that way but have yet to find one. I have read varios settings for source-interface and attempted them. But fail every time with:

vpn_failure.tcl: smtp_send_email: error connecting to mail server:

EEM Version:

sho event manager version

Embedded Event Manager Version 4.00

Component Versions:

eem: (rel4)1.0.4

eem-gold: (rel1)1.0.2

eem-call-home: (rel2)1.0.0

Below is the stock format for sending the email from the script. If someone could guide me in the correct way to set this up to source the interface that would be awesome.

# create mail form

action_syslog msg "Creating mail header for vpn_failure.tcl script..."

set body [format "Mailservername: %s" "$_email_server"]

set body [format "%s\nFrom: %s" "$body" "$_email_from"]

set body [format "%s\nTo: %s" "$body" "$_email_to"]

set _email_cc ""

set body [format "%s\nCc: %s" "$body" ""]

set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]

set body [format "%s\n%s" "$body" "Report Summary:"]

set body [format "%s\n%s" "$body" " - syslog message"]

set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]

set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]

set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]

set body [format "%s\n%s" "$body" " - show crypto session detail"]

set body [format "%s\n%s" "$body" " - show crypto engine connection active"]

set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]

set body [format "%s\n%s" "$body" " - show log"]

set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]

set body [format "%s\n%s" "$body" "$syslog_msg"]

set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]

set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_route"]

set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]

set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]

set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]

set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]

set body [format "%s\n\n%s" "$body" "---------- show log ----------"]

set body [format "%s\n\n%s" "$body" "$show_log"]

if [catch {smtp_send_email $body} result] {

action_syslog msg "smtp_send_email: $result"

}

Joe Clarke · ‎07-29-2013

After Cc: you can add some other meta-headers:

Sourceintf:

Vrf:

That should get the email to go out from the right interface using the right VRF.

tschouten · ‎07-29-2013

Feel free to call me a moron. But I'm not sure how I would set the meta-headers? Would I use another set command for this or would I just place it after the Cc? As you can see I am clueless here.

Joe Clarke · ‎07-29-2013

They would be set right after Cc:

set body [format "%s\nSourceintf: %s" "$body" "GigabitEthernet0/0"]

a.alekseev · ‎09-12-2016

Hi,

I just want add a coin

I tested it with c800-universalk9-mz.SPA.155-3.M1.bin.

This is not working.

set body [format "%s\nCc: %s" "$body" ""]
set body [format "%s\nSourceintf: %s" "$body" "$_sourceintf"]
set body [format "%s\nVrf: %s" "$body" "$_vrf"]

But this works

set body [format "%s\nCc: %s" "$body" ""]
set body [format "%s\nSOURCEINTF: %s" "$body" "$_sourceintf"]
set body [format "%s\nVrf: %s" "$body" "$_vrf"]

Best,

Alexey

Joe Clarke · ‎09-12-2016

I just checked the code, and Sourceintf is correct. Unless you have some other code that normalizes the case, SOURCEINTF will not work. SOURCEINTF will be ignored as a term, so you're really not specifying a source interface in that case.

tschouten · ‎07-29-2013

My first assumption is something like the following and adding the variables. But would that work?

set body [format "Sourceintf: %s" "$_email_sourceintf"]

set body [format "Vrf: %s" "$_email_vrf"]

Joe Clarke · ‎07-29-2013

Yes, that will work as well.

Joe Clarke · ‎07-29-2013

Well, you need to retain the body portion, or you'll override your message.

tschouten · ‎07-29-2013

So it should look overall like the following?

# create mail form

action_syslog msg "Creating mail header for vpn_failure.tcl script..."

set body [format "Mailservername: %s" "$_email_server"]

set body [format "%s\nFrom: %s" "$body" "$_email_from"]

set body [format "%s\nTo: %s" "$body" "$_email_to"]

set _email_cc ""

set body [format "Sourceintf: %s" "$_sourceintf"]

set body [format "Vrf: %s" "$_vrf"]

set body [format "%s\nCc: %s" "$body" ""]

set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]

set body [format "%s\n%s" "$body" "Report Summary:"]

set body [format "%s\n%s" "$body" " - syslog message"]

set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]

set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]

set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]

set body [format "%s\n%s" "$body" " - show crypto session detail"]

set body [format "%s\n%s" "$body" " - show crypto engine connection active"]

set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]

set body [format "%s\n%s" "$body" " - show log"]

set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]

set body [format "%s\n%s" "$body" "$syslog_msg"]

set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]

set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_route"]

set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]

set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]

set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]

set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]

set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]

set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]

set body [format "%s\n\n%s" "$body" "---------- show log ----------"]

set body [format "%s\n\n%s" "$body" "$show_log"]

if [catch {smtp_send_email $body} result] {

action_syslog msg "smtp_send_email: $result"

}

Joe Clarke · ‎07-29-2013

No. You're not preserving the body, and the Sourceintf and Vrf has to come after you set the Cc header. So:

...

set body [format "%s\nCc: %s" "$body" ""]

set body [format "%s\nSourceintf: %s" "$body" "$_sourceintf"]

set body [format "%s\nVrf: %s" "$body" "$_vrf"]

...

tschouten · ‎07-29-2013

Thanks, I just caught that after I saw your post.Total fool I am. Thanks will try that out and see if it works.

tschouten · ‎07-29-2013

Argg, what if I want to use an ip instead of the Mailservername: ?

Joe Clarke · ‎07-29-2013

Just use an IP address in _email_server.

tschouten · ‎07-29-2013

Sorry Joseph, that was one of my stupid moments. I had failed to remove the lines not preserving the body of the message. And kept seeing the error that it couldn't list the mail server. I fixed all that but still get the following. I keep seeing the error connecting to mail server which is why it is going into the MAXRUN expire. I can telnet to the mail server on the vrf on port 25 just fine. Run an EHLO and get a list, etc. etc. So something tells me the use of the vrf and sourceintf with variables isn't working. Going to try your original suggestion. See if that resolves the issue will let you know.

Jul 29 13:45:56.919: %HA_EM-6-LOG: vpn_failure.tcl: smtp_send_email: error connecting to mail server:

couldn't open socket: connection timed outProcess Forced Exit- MAXRUN timer expired.

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: while executing

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: "action_syslog msg "vpn_failure.tcl script completed""

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: "$slave eval $Contents"

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: (procedure "eval_script" line 7)

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: "eval_script slave $scriptname"

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: "if {$security_level == 1} { #untrusted script

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: interp create -safe slave

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdin slave

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdout slave

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: ..."

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: Tcl policy execute failed:

Jul 29 13:45:56.921: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.