This EEM script (TCL policy) monitors the I/O memory of an IOS router and also keeps track of the IKE buffers. It sends a syslog when the memory drops below EEM_IKE_BUFF_INCR_THRES % level while the IKE buffers have dropped EEM_IKE_BUFF_INCR_THRES consecutive times. If the IKE buffers are freed at some point the counter starts counting from scratch. After generating the memory leak syslog the script re-initializes and will throw a new syslog when the conditions are met again.

This policy requires the followin EEM environment variables to be set:

• EEM_MEM_LEAK_INTERVAL <1-100> (seconds)
• EEM_MEM_LEAK_MAX_RUNTIME <1-100> (seconds)
• EEM_IKE_BUFF_INCR_THRES <1-200>
• EEM_FREE_MEMORY_THRES <1-100 percent>.

An example of the EEM policy commands commands that are needed on the router after copying the tcl script eem_ike_mem_leak.tcl in the router flash: are

event manager environment EEM_MEM_LEAK_INTERVAL 20
event manager environment EEM_MEM_LEAK_MAX_RUNTIME 5
event manager environment EEM_IKE_BUFF_INCR_THRES 50
event manager environment EEM_FREE_MEMORY_THRES 10
event manager directory user policy "flash:/"
event manager policy eem_ike_mem_leak.tcl

Note for IOS-XE: The script will not work with IOS-XE devices as is because the output of "show buffers leak resource user" does not include "Crypto IKE" output buffers. For IOS-XE, substitute "show buffers leak resource user | include Crypto IKE" in the script with "show buffers leak resource user | include IPSEC key".