ACE probe TCL script database

Hello everyone, okay?
I was thinking of a possibility to use my ACE to monitor a database, in this case a MySQL database Today I use a TCP probe, monitoring the port, but I would go one step further and try to make a connection in the DATABASE.
I would like to see the possibility of a guideline in creating a TCL script to make a simple connection to a database.
The idea is to try to make a connection in a database, run a query / select on any table just to validate its functionality and not just checking if the port is responding.
I do not know how complex it is or what would be my pre -requisites required, but any help would be welcome.
I thought about using an HTTP probe to make this validation and use a web page making the connection to the database, but it ended up creating another layer and if there is any problem in web service, the database would be affected indirectly.
Thank you. All suggestions are welcome.

Hi Plinio,
I cannot see any support for testing authentication, SQL queries or connections to a database that is supported directly in TCL at this time.
Here is the TCL guide that expalains the supported commands ( there is a HTTP example probe at the bottom )
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_2_0/configuration/slb/guide/script.html
Beyond a TCL TCP probe to the port to test the listener is running, I believe your suggestion of a HTTP TCL script is probably the most accurate way to check the integrity of the database. You could write code to set a certain response to all types of failure scenarios and on the ACE you could then use a HTTP TCL script to parse the response from the web server to identify exactly what has failed in your database and act accordingly.
cheers,
Chris

Similar Messages

  • Looking for ACE Probe TCL script specific for LDAPS

    Hello Everyone,
    I have searched the forum, and i am having difficulty finding an example of how to modify the LDAP TCL probe from port 389 to secure LDAP port 636.
    Could someone kindly point me or provide me the modified TCL script if you happen to have it.
    During my search I also found a config that someone had provided, which contained the following probe:
    probe tcp LDAPS_Probe
      port 636
    probe tcp LDAP_Probe
      port 389
    I was trying to figure out if this a modified TCL script for LDAP or modifed TCP TCL script specific for port 636.
    This is how I applied the script for LDAP port 389.
    script file 1 LDAP_PROBE
    probe scripted LDAP_PROBE_389
    interval 5
    passdetect interval 30
    receive 5
    script LDAP_PROBE
    serverfarm host SF-LDAP-389
    description SF LDAP Port 389
    predictor leastconns
    probe LDAP_PROBE_389
    rserver LDAP-RS1-389
    inservice
    I will be more than glad to provide you any additional information that you need.
    As always thanks for your input.
    Raman Azizian
    SAIC/NISN Network services

    normally you would engage a TCL developer or ciso advanced services to develop a custom script for anything other than what Cisco provides in canned scripts. If you are comfortable with tcl you can do it yourself. Here is an example of the LDAP script modified to include initiation via ssl.  default port is 389 when you implement you would specify 636.
    #!name = LDAP_PROBE
    # Description:
    #    LDAP_PROBE opens a TCP connection to an LDAP server, sends a bind request. and
    #    determines whether the bind request succeeds.  LDAP_PROBE then closes the
    #    connection with a TCP RST.
    #    If a port is specified in the "probe scripted" configuration, the script probes
    #     each suspect on that port. If no port is specified, the default LDAP port 389
    #     is used.
    # Success:
    #   The script succeeds if the server returns a bind response indicating success
    #    (status code 0x0a0100) to the bind request.
    #   The script closes the TCP connection with a RST following a successful attempt.
    # Failure:
    #   The script fails due to timeout if the response is not returned.  This
    #    includes a failure to receive ARP resolution, a failure to create a TCP connection
    #    to the port, or a failure to return a response to the LDAP bind request.
    #   The script also fails if the server bind response does not indicate success.
    #    This specific error returns the 30002 error code.
    #   The script closes any attempted TCP connection, successful or not, with a RST.
    #  PLEASE NOTE:  This script expects the server LDAP bind response to specify length
    #   in ASN.1 short definite form.  Responses using other length forms (e.g., long
    #   definite length form) will require script modification to achieve success.
    # SCRIPT version: 1.0       April 1, 2008
    # Parameters:
    #   [DEBUG]
    #      username - user login name
    #      password - password
    #      DEBUG        - optional key word 'DEBUG'. default is off
    #         Do not enable this flag while multiple probe suspects are configured for this
    #         script.
    # Example config :
    #   probe scripted USE_LDAP_PROBE
    #         script LDAP_PROBE
    #   Values configured in the "probe scripted" configuration populate the
    #   scriptprobe_env array.  These may be accessed or manipulated if desired.
    # Documentation:
    #    A detailed discussion of the use of scripts on the ACE is included in
    #       "Using Toolkit Command Language (TCL) Scripts with the ACE"
    #    in the "Load-Balancing Configuration Guide" section of the ACE documentation set.
    # Copyright (c) 2005-2008 by Cisco Systems, Inc.
    # debug procedure
    # set the EXIT_MSG environment variable to help debug
    # also print the debug message when debug flag is on
    proc ace_debug { msg } {
        global debug ip port EXIT_MSG
        set EXIT_MSG $msg
        if { [ info exists ip ] && [ info exists port ] } {
         set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
        if { [ info exists debug ] && $debug } {
         puts $EXIT_MSG
    # main
    # parse cmd line args and initialize variables
    ## set debug value
    set debug 0
    if { [ regsub -nocase "DEBUG" $argv "" argv] } {
        set debug 1
    ace_debug "initializing variable"
    set EXIT_MSG "Error config:  script LDAP_PROBE \[DEBUG\]"
    set ip $scriptprobe_env(realIP)
    set port $scriptprobe_env(realPort)
    # if port is zero the use well known ldap port 389
    if { $port == 0 } {
        set port 389
    # PROBE START
    # open connection
    ace_debug "opening socket"
    set sock [  socket -sslversion all -sslcipher RSA_WITH_RC4_128_MD5 $ip $port ]
    fconfigure $sock -buffering line -translation binary
    # send a standard anonymous bind request
    ace_debug "sending ldap bind request"
    puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
    flush $sock
    #  read string back from server
    ace_debug "receiving ldap bind result"
    set line [read $sock 14]
    binary scan $line H* res
    binary scan $line @7H6 code
    ace_debug "received $res with code $code"
    #  close connection
    ace_debug "closing socket"
    close $sock
    #  make probe fail by exit with 30002 if ldap reply code != success code  0x0a0100
    if {  $code != "0a0100" } {
        ace_debug " probe failed : expect response code \'0a0100\' but received \'$code\'"
        exit 30002
    ## make probe success by exit with 30001
    ace_debug "probe success"
    exit 30001

  • ACE - LDAP TCL Script

    Hi,
    we are using the TCL LDAP_Script as a probe scripted for LDAP server farm. The default script the Cisco provided is sending only an anonymous binding to the LDAP servers, we are trying to modify this script to sned a credential binding with username and password. Anyone done something like that before!
    Your contribution is appreciated.
    Hadi

    Hi Habeel,
    I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
    The text is here:
    The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
    The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
    I've done this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
    If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
    0x30 The start of a universal constructed sequence
    0x0c The length of the sequence minus the tag and length bytes = 12 bytes
    0x02 Next field is an integer
    0x01 The length of the next field (1 byte)
    0x01 Value (this is the message ID)
    0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
    0x07 Length of data to follow.
    0x02 Integer
    0x01 Length 1
    0x03 3 - this is the LDAP version.
    0x04 String
    0x00 Length 0
    0x80 Simple Authentication
    0x00 Length 0
    Just keep the id the same in the unbind.
    The string I use is:
    302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
    where I've replaced the 9 character password with 9*x'ff'.
    The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
    Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
    HTH
    Cathy

  • ACE TCL Script Probe for Websphere MQ

    Have anyone written a TCL script to probe MQ from the ACE?  Our app guys are saying that a Layer 4 probe (TCP port check) is generating errors in the QManager logs because there is no data exchange, just TCP connection setup, then tear-down.
    Thought I would check here to see if anyone has written a TCL Script for this before or has any other suggestions.
    Thanks!                  

    Hi,
    What do you need to check exactly on the server?  will be an specific uri?
    Cesar R
    ANS Team

  • TCL scripted probes on ACE

    Hi,
    I have two questions about TCP scripts on ACE :
    1. TCP source code
    How can I browse the TCL source code of predefined probe scripts on the ACE (for instance HTTPCONTENT_PROBE) '
    2. Script parameters
    How do I retrieve in the TCL script the parameters passed to the script in the command < script script_name [script_arguments] >  ?
    Thank you,
    Yves

    Yves,
    you can download all the scripts from the download software page.
    http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=A2%283.2%29&mdfid=280557289&sftType=Application+Control+Software+Scripts&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+ACE+Application+Control+Engine+Module&treeMdfId=268437639&treeName=Application+Networking+Services&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y
    # Copyright (c) 2005-2008 by Cisco Systems, Inc.
    # debug procedure
    # set the EXIT_MSG environment variable to help debug
    # also print the debug message when debug flag is on
    proc set_exit_msg { msg } {
        global debug ip port EXIT_MSG
        set EXIT_MSG $msg
        if { [ info exists ip ] && [ info exists port ] } {
            set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
        if { [ info exists debug ] && $debug } {
            puts $EXIT_MSG
    # main
    # Parse cmd line args and initialize variables
    set_exit_msg "initializing variable"
    if { $argc <  2 } {
        set_exit_msg "[ info script ] parameters :
        exit 30002
    set ip $scriptprobe_env(realIP)
    set port $scriptprobe_env(realPort)
    # If port is zero then use well known HTTP port 80
    if { $port == 0} {
        set port 80
    set requestHeader [ lindex $argv 0 ]
    set expectFileType [ lindex $argv 1 ]
    set debug [ lindex $argv 2 ]
    if { $debug == "" } {
        set debug 0
    # Open connection
    set_exit_msg "opening socket"
    set sock [ socket $ip $port ]
    # Send HTTP request to server
    set_exit_msg "sending request : $requestHeader"
    puts -nonewline $sock "$requestHeader\n\n"
    flush $sock
    # Read string back from server
    set_exit_msg "receiving response"
    set lines [ read $sock ]
    # Close connection
    set_exit_msg "closing socket"
    close $sock
    # Parse the HTTP response
    # All the following conditions cause probe failure, returning exit code 30002
    # Unable to recognize the HTTP response
    if { ![ regexp -nocase "^HTTP/1\.\[0-9\] (\[0-9\]\[0-9\]\[0-9\])" $lines match s
    tatuscode ] } {
        set_exit_msg "probe fail : can't find status code"
        exit 30002
    # HTTP response is not 200 OK
    if { $statuscode != "200" } {
        set_exit_msg "probe fail : status code is $statuscode"
        exit 30002
    # Unable to find Content-type header
    if { ![ regexp  -nocase  "Content-Type *:(.*)\n" $lines match foundContentType]
        set_exit_msg "probe fail : can't find \'Content-Type\' header"
        exit 30002
    # Content-type value does not contain the requested string
    if { ![ regexp "$expectFileType" $foundContentType]  } {
        set_exit_msg "probe fail : expect content-type \'$expectFileType\', but got
    \'$foundContentType\'"
        exit 30002
    # Indicate probe success with exit code 30001
    set_exit_msg "probe success"
    exit 30001

  • ACE TCL Script to retrieve Cookie

    I am in need to to do a post instead of a Get with a probe. So I have configured a TCL script to perform this. The issue I have is that I also need to parse the Cookie instead of the http1. response. Any ideas? Or does anyone have a variable indetifiers for TCL scripting that Cisco uses?
    Thank you,
    Tim

    HI Thulin,
    Health probe scripts have access to many configured items through a predefined TCL array. The most common use of this array is to find the current real server IP addresses of the suspect during any particular launch of the script.
    Whenever the ACE executes a script probe, a special array called scriptprobe_env is passed to the script. This array holds important parameters that may be used by the script.
    Member name Content
    realIP
    Suspect IP address
    realPort
    Suspect IP port
    intervalTimeout
    Configured probe interval in seconds
    openTimeout
    Configured socket open timeout for this probe (tbd)
    recvTimeout
    Configured socket receive timeout for this probe
    failedTimeout
    Configure failed timeout
    retries
    Configured retry count
    healthStatus
    Current suspect health status
    contextID
    The ID for the context running this script
    failedRetries
    Consecutive successful retries on a failed server before marking it as passed
    isRouted
    Boolean to determine if this IP address is a routed address
    pid
    Process identifier of the TCL process
    runID
    Pointer to the event structure (em_event_t)
    Kindly refer to the following url to get more info regarding your tcl variables:
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/script.html#wp1082112
    http://www.cisco.com/univercd/cc/td/doc/solution/dc_ap11i.pdf
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/ace/ace_301/slbgd/script.pdf
    Regards,
    Sachin Garg

  • Simultaneous tcl script probes on csm-s

    Hi there,
    is there anybody who kows how many simultaneous tcl script probes can run on the csm-s ?
    I know that i can only open 255 simultaneous sockets. when i have one connection(open socket) per script, there should be only 255 probes that can be run Simultaneously.
    is that right ?
    Thanks a lott.
    Bye Dirk

    gdufour-cat6k1#show mod csm 5 tech probe
    Software version: 4.1(5)
    ------------------ Health Monitor Statistics -----------------
    Probe templates: 0
    Suspects created: 0
    Open Sockets in System : 8 / 240
    Active Suspect(no ICMP): 0 / 200
    Active Script Suspect : 0 / 50
    Num events : 0
    This command gives you how many socket/script task are running and the limit.
    So, only 50 scripts.
    Gilles.

  • ACE TCL script debug.

    Hi all,
    I would like to write custom TCL script in ACE. I would like to write some info for debugging to the console with "puts $VAR ", but nothing is shown.
    What could be the problem ? I have debug hm all on.
    Regards,
    szicsu

    Look into an existing script and reuse the same debug function
    proc ace_debug { msg } {
    global debug ip port EXIT_MSG
    set EXIT_MSG $msg
    if { [ info exists ip ] && [ info exists port ] } {
    set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
    if { [ info exists debug ] && $debug } {
    puts $EXIT_MSG
    Gilles.

  • ACE probe to test telnet

    Is there a way to create a probe in the ACE that can telnet into a rserver login with a uid/pass and pass the probe when a expected return message is sent back from the rserver?  I have been looking into way to do this for days.  I thought I might be able to create a tcl script for it, but have had no luck.  Then I thought I could modify the imap probe but I keep getting an error "Invalid server greeting" in the probe state.  Has any one done this type of probe or can point me in the correct direction?

    The problem is that the telnet protocol use some communication parameters negotiation before you can start transmitting your text.
    You need to take into account when designing your tcl probe.
    The best is to capture a sniffer trace going to your server, extract the negotiation part and replay it from within your probe.
    Gilles.

  • Use of gset in CSM TCL Script

    Hello,
    I am trying to write a TCL script on a CSM (Code Ver 4.1) that retains the value of a variable between probe instances (so I can increment and check a variable in each probe attempt). Looking at the documentation there is supposed to be a 'gset' command that does this but cannot make this work.
    The example says 'gset var 1 ; incr var'.
    I have several problems with this:
    1. I would think that this would set the value of var to 1 each time it runs and then increment it (maybe)
    2. How can I read the value of the persistent variable without it causing an error if it doesn't exist?
    3. It doesn't seem to work anyway as var doesn't appear in the Persistent Variables section of 'show mod csm x tech script'
    Any ideas on this or on where I can get some examples where the gset command is used?
    Many Thanks
    LP

    it works for me:
    I just added the gset and incr commands to the echo probe and it I do see the counter increasing.
    gset counter 1
    # parse cmd line args and initialize variables
    puts "initializing variable 2"
    set EXIT_MSG "Error config: script ECHO_PROBE "
    incr counter
    puts "Counter: $counter"
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.48:21: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.48:21: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.48:21: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: probe failed : expect 'csm_test' but got '220 Welcome to Linux1 FTP service.'
    initializing variable 2
    Counter: 7
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.24:7: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.24:7: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.24:7: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.24:7: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.24:7: probe success
    initializing variable 2
    Counter: 7
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.24:21: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.24:21: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.24:21: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.24:21: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.24:21: probe failed : expect 'csm_test' but got '220 Welcome to Linux1 FTP service.'
    initializing variable 2
    Counter: 8
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.48:7: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.48:7: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.48:7: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.48:7: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.48:7: probe success
    initializing variable 2
    Counter: 8
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.48:21: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.48:21: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.48:21: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: probe failed : expect 'csm_test' but got '220 Welcome to Linux1 FTP service.'
    initializing variable 2
    Counter: 8
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.24:7: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.24:7: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.24:7: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.24:7: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.24:7: probe success
    initializing variable 2
    Counter: 8
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.24:21: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.24:21: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.24:21: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.24:21: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.24:21: probe failed : expect 'csm_test' but got '220 Welcome to Linux1 FTP service.'
    initializing variable 2
    Counter: 9
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.48:7: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.48:7: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.48:7: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.48:7: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.48:7: probe success
    initializing variable 2
    Counter: 9
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.48:21: opening socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: sending resquest string
    ECHO_PROBE_SCRIPT:192.168.30.48:21: receiving response
    ECHO_PROBE_SCRIPT:192.168.30.48:21: closing socket
    ECHO_PROBE_SCRIPT:192.168.30.48:21: probe failed : expect 'csm_test' but got '220 Welcome to Linux1 FTP service.'
    initializing variable 2
    Counter: 9
    Script start
    this is a csm echo request
    ECHO_PROBE_SCRIPT:192.168.30.24:7: opening socket

  • Cannot generate IP using TCL script

    I'm trying to pull in a customized PCIe block from a .xci file using my TCL script with Vivado 2015.2 on Ubuntu 12.04.  I then want to generate all the IP output products and run through the entire design flow (to eventually generate a bitfile).  When I try to call create_fileset on my PCIe IP, I get the following error:
    ERROR: [Vivado 12-3563] The Nested sub-design '/home/coreyolson/workspace/build/EX850_GUPS/EX850_GUPS.srcs/sources_1/ip/pcie3_ultrascale_0/ip_0/pcie3_ultrascale_0_gt.xci' can only be generated by its parent sub-design.
    I'm attaching my vivado log file, which hopefully will provide some insight into the problem...

    I'm not well versed in TCL, It seems the prob in the SIP sessions. Can u enable PRACK on the Dial peer and the SIP profile associated SIP trunk and chk. U can enable by folowing the below steps.
    CUBE
    dial-peer level:
                                  dial-peer voice XXXX voip
                  voice-class sip rel1xx require 100rel
    CUCM
                   Device -> Device settings -> Sip profile -> Trunk Specific Configuration
                                  SIP Rel1XX Options Required Field : Send Prack if 1xx contains SDP
    Thx
    M

  • Cisco's Network Registrar and LDAP (tcl script)

    Hi all,
    I use CNR version 7.1. I use ldap for authentication user. I have a problem if ldap server not available. I want with tcl script to know what ldap not available and send to user default configuration (ip,dns) 
    How I can transfer in tcl a script that the server ldap isn't accessible? where i can found error code for this ?
    Thanks
    Roman

    Hi Habeel,
    I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
    The text is here:
    The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
    The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
    I've done this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
    If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
    0x30 The start of a universal constructed sequence
    0x0c The length of the sequence minus the tag and length bytes = 12 bytes
    0x02 Next field is an integer
    0x01 The length of the next field (1 byte)
    0x01 Value (this is the message ID)
    0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
    0x07 Length of data to follow.
    0x02 Integer
    0x01 Length 1
    0x03 3 - this is the LDAP version.
    0x04 String
    0x00 Length 0
    0x80 Simple Authentication
    0x00 Length 0
    Just keep the id the same in the unbind.
    The string I use is:
    302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
    where I've replaced the 9 character password with 9*x'ff'.
    The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
    Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
    HTH
    Cathy

  • ACE Probes for authentication to imaps, smpts or pop3s servers

    Dear all,
    we have the demand to do health checks using authentication for servers running SSL-encrypted services like imaps, smpts or pop3s. Has someone implemented tcl scripts for that ? Unfortunately the "SSL_PROBE_SCRIPT" provided by Cisco does only do a "Client Hello". Maybe it is possible to enhance that script in order to test authentication ?
    Thank you very much in advance.
    Bernd

    Dear Gilles,
    thank you very much for your reply. This answers my question.
    But ... I would like to turn this into a feature request, because I believe this demand is not that much out of common. There already is a https probe which works in a similar way, so it should be easy for Cisco to add probes for common ssl-encrypting protocols or - even better - add a generic ssl probe.
    Best regards,
    Bernd

  • Custom tcl scripts

    Hello,
    For one of my customer, I have to write two csm probes:
    - One that connects on tcp port 6200, sends the following message "test\\n" and verifies that the answer is "UP"
    - Another that checks if ICAP is working or not. To test this, I need to write a probe that makes an "OPTION" ICAP request.
    Is it something possible ? If yes, where can I find some guidelines.
    Thanks

    simply go to the CSM software download page and get the TCL scripts file (*.tcl)
    Edit the file and should have many examples to use. For your probe #1, you could reuse the echo_probe that sends a line and check the response from the server.
    For the 2nd probe, you should probably get more info on how the "option" request works and what response to expect.
    This is however definitely possible to do.
    Gilles

  • Tcl scripting for snmp

    I am trying to make a script that will give me the uptime of the router and send it to a database. The problem I have, the part of the script that doesn't work, work if I execute it from the tclshell on the router.
    tcl
    set value [snmp_getone public 1.3.6.1.2.1.1.3.0]
    regexp {oid='(.*)'.*val='(.*)'} $value ignore oid _snmp_result
    set _snmp_result [expr $_snmp_result]
    Has you can see, it work well and give me the information I want.
    router#tclsh
    router(tcl)#set value [snmp_getone public 1.3.6.1.2.1.1.3.0]
    {<obj oid='sysUpTime.0' val='1810190'/>}
    stnley600(tcl)#regexp {oid='(.*)'.*val='(.*)'} $value ignore oid _snmp_result
    1
    router(tcl)#set _snmp_result [expr $_snmp_result]
    1810190
    But if I execute from a tcl file I have an error that tell me it didn't recognize the command snmp_getone
    router#event manager run routeruptime.tcl
    invalid command name "snmp_getone"
        while executing
    "snmp_getone public 1.3.6.1.2.1.1.3.0"
        invoked from within
    "$slave eval $Contents"
        (procedure "eval_script" line 7)
        invoked from within
    "eval_script slave $scriptname"
        invoked from within
    "if {$security_level == 1} {       #untrusted script
         interp create -safe slave
         interp share {} stdin slave
         interp share {} stdout slave
        (file "tmpsys:/lib/tcl/base.tcl" line 50)
    Tcl policy execute failed: invalid command name "snmp_getone"
    I am wondering if I need to import something else. Right now, all I have is this
    ::cisco::eem::event_register_none
    namespace import ::cisco::eem::*
    namespace import ::cisco::lib::*
    I am not a pro in tcl scripting so your help would be very appreciated.
    Thanks

    You are mixing tclsh code with EEM Tcl code.  The snmp_* commands are not available in EEM Tcl.  If you want to get SNMP data in an EEM Tcl policy, you need to use the sys_reqinfo_snmp command.  In your example, this code should work:
    array set snmp_res [sys_reqinfo_snmp oid 1.3.6.1.2.1.1.3.0 get_type exact]set snmp_val $snmp_res(value)action_syslog msg "Uptime is $snmp_val timeticks"

Maybe you are looking for

  • Displaying of Blobs

    Hello All, after reading<br> Downloading BLOB from a table. <br> I created a stored procedure for uploading the BLOB and displayed it in a report with<br> select<br> img src="#OWNER#.show_pic?p_image_id='||p.id || ' " height="50" width="33" >' img<br

  • Form Based Role Validation

    I am trying to use the form based security role validation. I am using JDeveloper's built in OC4J. I am getting to my login form but when I try to submit I get the following: java.lang.IllegalArgumentException: Resource /j_security_check?j_username=m

  • HT1218 can't find airplay icon

    Can't locate the airply icon in any of my devises. iPad, iPhone and MacPro. Any help?

  • TS1702 Having a problem downloading previously downloaded Apps on a MacBook with OS 10.6.8 with Snow Leopard.

    Having a problem downloading previously downloaded Apps to iTune 11.0.2 on a MacBook with OS 10.6.8 with Snow Leopard. Any suggestions?

  • Reference Movies and Streaming Server

    I have compressed my movie in multiple streaming sizes, 56k-T1. I have tried several times to use MakeRefMovie app to make a MSTR movie that will deliver up the propery version of the movie on the Streaming server they will reside. I get an error eve