How Do I Detect Router Restarts?
Mike Nipp has wondered which syslog message to use to reliably detect router reload under all circumstances:
The problem I had with the SYS-5-RESTART message is I don't think you will get one if the power is suddenly pulled from the router. It does do a SNMP-5-COLDSTART and SYS-6-BOOTTIME on boot up.
I did an actual power-cycle test of a router and the SYS-5-RESTART message is reliably generated at every startup, be it from the power cycle or the reload command (I was not able to provoke an on-demand crash ;).
http://www.cisco.com/warp/public/112/appA.htm
T1Router#test crash
WARNING: Command selections marked with '(crash router)' will crash
router when issued. However a selection 'C' will need to
be issued IMMEDIATELY before these selections to enable them.
Type the number for the selected crash:
--------------------------------------
1 (crash router) Bus Error, due to invalid address access
2 (crash router) Bus Error, due to parity error in Main memory
3 (crash router) Bus Error, due to parity error in I/O memory
4 (crash router) Address Error, due to fetching code from odd address
5 (crash router) Jump to zero
6 (crash router) Software forced crash
7 (crash router) Illegal read of address zero
8 (crash router) Divide by zero
9 (crash router) Corrupt memory
C Enable crash router selection marked with (crash router)
R (crash router) User enter read bus error address
U (crash router) User enter write bus error address
W (crash router) Software watchdog timeout (*** Watch Dog Timeout ***)
w (crash router) Process watchdog timeout (SYS-2-WATCHDOG)
d Disable crashinfo collection
e Enable crashinfo collection
i Display contents of current crashinfo flash file
m Write crashinfo on crashinfo RAM
n Change crashinfo flash file name
q Exit crash menu
s Save crashinfo to current crashinfo flash file
c Close current crashinfo flash file
t Write crashinfo on console TTY
x Exit crash menu
?
T1Router uptime is 31 minutes
System returned to ROM by error - a Software forced crash, PC 0x80204EEC at 04:46:03 UTC Thu Apr 28 2005
The @reboot command is nice, but have had issues getting it to work as expected. In the below example, the EEM script runs and the syslog msg (action 10) gets generated, but the route doesn't get put in. It seems like the syslog can be written, but the CLI can not. I've tried inserting 'wait' actions between 10 and 20 with sometimes successful results. Is there a better syslog message or another way to trigger the eem execution as soon as the CLI is available for EEM? This is the same case using the 'SYS-5-RESTART' trigger Ivan demonstrated. If it makes any difference, this is on the 4500E platform - we have triggered off of SSO being reached, but that is too late for what we are trying to do.
Thanks for any input
event manager applet eemscript authorization bypass
description This applet executes a CLI command after a switch reboot.
event timer cron cron-entry "@reboot" maxrun 100
action 10 syslog msg "EEM script has started."
action 20 cli command "enable"
action 30 cli command "configure terminal"
action 40 cli command "ip route (network) (mask)"
*Jan 2 00:00:02.339: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = ipbasek9 and License = ipbasek9
--More--
*Jan 2 00:00:02.535: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = securityk9 and License = securityk9
*Oct 6 07:57:37.619: c3600_scp_set_dstaddr2_idb(184)add = 80 name is Embedded-Service-Engine0/0
*Oct 6 07:57:44.715: %CTS-6-ENV_DATA_START_STATE: Environment Data Download in start state
*Oct 6 07:57:47.603: %PA-3-PA_INIT_FAILED: Performance Agent failed to initialize (Missing Data License)
*Oct 6 07:57:47.627: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Oct 6 07:57:47.631: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Oct 6 07:57:52.287: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Oct 6 07:57:52.287: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
*Oct 6 07:57:53.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Oct 6 07:57:53.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Oct 6 07:57:55.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel75, changed state to down
*Oct 6 07:57:55.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1001, changed state to down
*Oct 6 07:57:56.259: %SYS-5-CONFIG_I: Configured from memory by console
*Oct 6 07:57:56.603: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
*Oct 6 07:57:57.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
*Oct 6 07:57:59.759: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sat 25-Oct-14 01:02 by prod_rel_team
*Oct 6 07:57:59.799: %SNMP-5-COLDSTART: SNMP agent on host RTR_LODJA is undergoing a cold start
*Oct 6 07:57:59.811: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Oct 6 07:58:00.435: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Oct 6 07:58:00.435: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Oct 6 07:58:00.435: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Oct 6 07:58:00.435: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Oct 6 07:58:04.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1001, changed state to up
*Oct 6 07:59:54.295: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Oct 6 07:59:55.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
what can I do?