Send e-mail after a router reload

In previous posts, I’ve explained how you can use the SYS-5-RESTART syslog message to detect router reloads and execute commands (for example, fix router configuration or enable debugging) right after the reload. If you want to perform actions that require network connectivity (for example, send an e-mail when a router is reloaded), you cannot execute them right away, as the routing protocols might not have converged yet (in our example, the e-mail server might not be reachable).

You can use the timer countdown event to execute an EEM applet within a fixed delay after the reload. When the router is reloaded, all EEM applets stored in the startup configuration are registered and the one-time countdown timer will fire after the specified time.

For example, to execute an EEM applet that will send an e-mail twenty seconds after the router reload, you could use this configuration:

hostname test
!
service timestamps debug uptime
service timestamps log uptime
!
event manager applet ReloadNotify 
 event timer countdown name Delay time 20
 action 1.0 info type routername
 action 1.1 mail server "mail.example.com" →
   to "ops@example.com" from "$_info_routername@example.com" →
   subject "Router reload: $_info_routername"
 action 1.01.2 syslog msg "E-mail was sent"

After the router is reloaded, the following syslog messages are generated (the exact timing might vary):

00:00:20: %SYS-5-CONFIG_I: Configured from memory by console 00:00:21: %SYS-5-RESTART: System restarted -- 00:00:21: %SNMP-5-COLDSTART: SNMP agent on host c7200 is undergoing a cold start 00:00:40: %HA_EM-6-LOG: ReloadNotify: E-mail was sent

16 comments:

  1. Nice scrip!

    I've configured this on a 878 12.4-22T. The result has been a really big crashdump ending in a force reload (it's not a good think to happen with something that executes at each reload...).

    Maybe some of the commands are incompatible with the lowest of the ISRs?

    ReplyDelete
  2. Nothing in the script should be platform-dependent. They did introduce some new EEM functionality in IOS release 12.4(20)T and it might cause the crash dump you're experiencing (but that's a bug; in principle, the script should work anywhere).

    I was probably testing this particular script on 12.4(15)Tx. I usually use the latest maintenance build of 12.4(15)T unless I'm testing newer features.

    ReplyDelete
  3. Thanks for your response. I've tested with a 1751 I'm using for telephony with IOS 12.4-15T8.

    Changing 1.0 to 1.2 in the last line of the script works like a charm!

    In the test with the 1700 I've seen that the last sentence (1.0 syslog) erase the first sentence (1.0 info type routername). This makes the router stop the script telling there is an error (non configured variable $_info_routername). Maybe the 878 is unable to give that information and simply hangs (new error reporting system in 22T doesn't work?). I'll give a next try with the modified script and the 878 reporting results.

    It's always good to know when the remote routers are reloaded, it would be good to have another variable for adding inside the mail the reason of the reload (sci-fi?)

    ReplyDelete
  4. I couldn't wait to test and report (it's 2AM here in Spain) but I've finished testing with the 878. It works like a charm!!!

    I've had to upper the countdown timer for the applet to 110 seconds due to a PPP DSL delay with high load on start with the 870 loading IPSs. (Maybe IOS stop binding PPP dialing till all the IPS are loaded? The interface dialer is binding and unbinding till all IPSs are loaded, high load? IOS protecting on start?). I've tried all, generate traffic, but only worked uppering the delay...

    In the next days I'll begin a deploy in all the (870-2800) remote routers...

    Thanks for the info!

    ReplyDelete
  5. @Pau: thanks for the fix. Stupid typo ...

    ReplyDelete
  6. How can i specify username and password for SMTP authentication as well as a different port for SMTP. Does EEM also support SSL-SMTP?

    Thanks.

    Peter

    ReplyDelete
  7. I haven't found anything that would allow you to do that with the "action mail" command (unless there's something new in EEM 3.0, I haven't checked that one yet).

    You can always write a Tcl policy that handles the SMTP protocol (but of course that's much more complex than a simple EEM applet).

    ReplyDelete
  8. Update for Mr. Anonymous: I've just checked the latest-and-greatest IOS release (12.4(24)T) which includes EEM 3.0 and the only option they've added to the 'action mail' command is the ability to specify source interface (or IP address).

    If you really need this functionality and have a big enough network, you could try asking for the feature through your Cisco SE/AM.

    ReplyDelete
  9. Considering most SMTP implementations require some sort of authentication I'd say this is am much needed item. However not exactly sure how involved it would be to get something like this programmed into EEM. Would love to see it though.

    ReplyDelete
  10. Ivan Pepelnjak14 August, 2009 22:47

    Server-to-server SMTP (at least inter-domain ones) is never authenticated. Only the workstation-to-server sessions are (trying to minimize the spam).

    ReplyDelete
  11. Hi There,

    I was just browsing some of the EEM articles here and came across this one (sorry for ressurecting an old thread).

    I'm new to the whole EEM scene, but from the documentation I've been reading from Cisco, you can set the _email_server environment variable to use a username:password@host format. Does that accomplish the authentication you're looking for?

    ReplyDelete
  12. Interesting observation ... will try how it works. And, BTW, as long as there's Cisco IOS it's never too late to resurrect and old thread ;)

    ReplyDelete
  13. SMTP AUTH was added in EEM version 2.4 and later by CSCsf13878.

    ReplyDelete
  14. Hello Ivan,
    Thanks for the information it was very beneficial, however when I tried to do it on my 2620XM but there's an error as shown below:

    Toot_Router#show run | s event manager
    event manager applet TEST
    event syslog pattern "down"
    action 1 cli command "enable"
    action 2 cli command "configure terminal"
    action 3 cli command "interface Loopback0"
    action 4 cli command "no shutdown"
    action 5 mail server "mail.gmail.com" to "ahmedemadeldin.89@gmail.com" from "ahmedemadeldin.89@gmail.com" subject "TEST" body "Hello"

    .Sep 12 03:23:14: %HA_EM-3-FMPD_SMTP: Error occured when sending mail to SMTP server: ahmedemadeldin.89@gmail.com : error in connecting to SMTP server

    Can you help with that? Thanks in advance.

    ReplyDelete
    Replies
    1. Did you configure a DNS server that your router could use to resolve gmail.com? Also, gmail does not use SMTP, read their specs.

      Delete
    2. Thanks for your reply, yes my DNS resolves gmail.com, do you have a real example of this so I can check my syntax? Thanks in advance.

      Delete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.