EEM config to monitor ping failure

Hello All,
Excellent forum...
I'm hoping someone can help me with my configuration...
I'm looking at setting up EEM on my switch to basically bounce a few selected ports once their is an ICMP failure.
Ideally i'll be conected to the device being monitored, and once their is a failure (ICMP failure), I'll like to trigger a reset on a few ports on the switch .
Anyt help would be greatly appreciated.
B.K

You can use IP SLA, object tracking, and EEM for this. For example:
ip sla 1
icmp-echo 10.1.1.1
ip sla schedule 1 life forever start now
track 1 ip sla 1 reachability
event manager applet ping-watch
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int range gi0/1 - 4"
action 4.0 cli command "shut"
action 5.0 cli command "end"

Similar Messages

IP SLA EEM to reload router after ping failure

Hi,
I have created the below configuration but it seems to be failing to trigger the reload. Anybody can please comment what is missing here?
track 1 ip sla 10 reachability
delay down 180 up 40 ***** this is in sec - since ping freq is 10 sec , after 18 ping failure and 3 mnts track reachability will be down - it will wait 40 sec before declaring UP *****
ip sla 10
icmp-echo 172.20.20.153
threshold 450 **** in millisec it is threshold value - no action will be taken ****
timeout 500 **** in millisec it is icmp timeout *****
frequency 10 *** icmp ping every 10 sec *****
ip sla schedule 10 life forever start-time now
event manager applet Router-Reload
event track 1 state down
action 1.0 syslog msg "Reply timed out; Router will Reload"
action 1.1 cli command "enable"
action 1.2 cli command "reload"

It worked. Thanks Joseph.
So what was the issue with my approach. Is it the sequence number?

Face intermittent ping failure

Hi Guys, i face intermittent ping failure to a server which is monitor using IP Sentry. But when i do a sh logging buffer on my 6509 switch, i nvr see the port which is connected to the server "leaves". Does that means that the physical connectivity is still there but somehow we just lose the net connection.
I've also sh counters on the port, it state 25 linkchange. but i cant seems to look for the date/time it has linkchange.
Are there any other more commands to troubleshoot this issue.
Pls advise on this.. need help badly

When you know that the linkstate-changecount was 25, you can deduct that the link has stayed up when the counter still reads 25 at any given later time.
Please do a sh int or show port and verifiy your speed/duplex settings. This command will also give you the amounts of errored frames. Check these for changes, if they increase rapidly, you probably have a cabling problem or some other layer2 issue.
Furthermore, you should inspect the data-path between the NMS and the server.
Regards,
Leo

How to configure CCMS alert to monitor Authorization failures?

Dear All,
How to configure CCMS alert to monitor Authorization failures?
Thanks
Ashok

Hello,
in case you have not yet set up your monitoring infrastructure, the following link will provide you with the information needed:
http://service.sap.com/monitoring
If everything is set up (Agents are installed and connected to your central monitoring system, ...) you can go to transaction RZ21, select Technical Infrastructure - Configure Central System - Assign Central Autoreactions to set up your alerts.
For the Update errors use the MTE CLass AbapErrorInUpdate. For the Lock please use the search Option.
Regards
Christian
Edited by: Christian Rose on Apr 25, 2011 7:59 PM

Cisco 3750 ping failures after stack upgrade

I just updated my 4 stack of 3750X switches from 12.x IOS to 15.0.2 IOS. Only 2 of them updated correctly the first time, I had to manually update to the other 2. After getting all of them upgrade I restarted the entire stack.
After that I cannot get PCs not on my default VLAN to talk to their DHCP servers or ping anywhere in the network. I get a "PING: transmit failed. General failure". I can however, ping into my default vlan from the switch and ping out to other locations from the switch.
I've tried the following:
Checking firewall status on several (WIN 7) pc's, it's off
Changing ports on switch (no change)
Restarting the PC (no change)
Release/renew ipconfig (no change)
flushdns (no change)
clear ARP table on switch
set un-set spanning-tree portfast (no change)
check interface status (up and up)
check vlan interface status (up and up)
changed vlans (no change)
checked VLAN help addresses (still there)
Any help at this point is appreciated as my network is entirely down right now.

I can set my laptop statically to a VLAN address, and I can ping out, get to the internet, ping between VLANs, etc. But if I just set a port (or leave it in the default VLAN) it will give me the “PING: transmit failed. General failure.” DHCP requests still aren’t getting fulfilled and even pings won’t go through if there’s not a statically set address. Nothing changed on my server configs and I even restarted my DHCP servers after encountered this problem. My guess is this is a new feature that’s turned on by default in the new IOS that needs to be disabled. Any help is appreciated.

EEM script to monitor OSPF neighbor not working

I'm trying to monitor a OSPF neighbor syslog notification event to trigger actions to remove a network statement. I shut down the interface to the monitored neighbor and it removes the network statement which is good. I am also trying to monitor the neighbor to come back up and then re add the removed network statement which is not working. This may be a two part problem but I am receiving warnings that not enough vty lines are available. I am not seeing that the network addition is working at all. Here is my configuration.
event manager applet ospf-watch-down
event syslog pattern "OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.2 on FastEthernet1/0 from FULL to DOWN"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "router ospf 100"
action 4.0 cli command "no network 2.2.2.0 0.0.0.255 area 0"
action 5.0 cli command "end"
action 6.0 cli command "exit"
event manager applet ospf-watch-up
event syslog pattern "OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on FastEthernet1/0 from LOADING to FULL"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "router ospf 100"
action 4.0 cli command "network 2.2.2.0 0.0.0.255 area 0"
action 5.0 cli command "end"
action 6.0 cli command "exit"
Here is the EM syslog error message " %HA_EM-3-FMPD_ERROR: Error executing applet ospf-watch-down statement 3.0" I am having the EM end and exit so I'm not sure why it's running out of CLI sessions. I'm also getting this one too " %HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session: no tty lines available, minimum of 2 required by EEM"
I've tested the ospf-watch-up and ospf-watch-down on its own after clearing all of the sessions and they each work on their own. I think this is a bug where eem won't release the session.
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
130 vty 0 idle 00:02:13 EEM:ospf-watch-up
131 vty 1 idle 00:00:10 EEM:ospf-watch-up
132 vty 2 idle 00:00:28 EEM:ospf-watch-down
Interface User Mode Idle Peer Address
R1#

I know this is a old post. I was able to use the solution below, but I am having one problem.
Using the below config I am able to receive a email anytime my voice port is in any other state than ON HOOK. The problem I have is the script runs every 30 seconds and I receive an email every 30 seconds the line is in any other state than "ON-HOOK".
Is there a way to have only one email generated ONLY when the state changes from the previous state?
example : the line is on-hook, changes to off-hook or park or whatever- a email would be generated. ( only One email). not one every 30 seconds...
The line goes from Off-Hook back to IDLE. - A email would be generated to advise the line has been restored to a IDLE state.
scheduler allocate 20000 1000
event manager environment _email_from [email protected]
event manager environment _email_to email [email protected]
event manager environment _email_server smtp-server.isp.net
event manager applet check_1/0/0_if_NOT_ONHOOK
event timer watchdog time 30
action 001 cli command "enable"
action 002 cli command "show voice port summ | include 1/0/0"
action 003 foreach line "$_cli_result" "\n"
action 004 regexp "on-hook" "$line"
action 005 if $_regexp_result eq "1"
action 006 exit 0
action 007 end
action 008 end
action 009 syslog msg "PORT_1_is_in_any_other_state_then_on-HooK!"
action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time:Test EEM port 1/0/0 is SHORTED ie IN ALARM" body "TEST Body"
end
Any ideas?

EEM config & Track delay

We have two iBGP peers with their own separate eBGP (Internet) peers.
We use them as an HSRP pair (over an L2 trunk) for our redundant Internet.
I've created an EEM script that will have the "secondary" router track the "primary" router's HSRP interface to ensure it's still up.
If the link goes down, the router immediately removes all of its iBGP static routes to avoid a routing black hole.
When the link comes back up, the secondary router re-adds the iBGP static routes.
The script works fine, but the maximum delay on the ip sla track command has a maximum of 180 seconds.
Since we're talking BGP, this short delay could wreak havoc if an Internet link is flapping or something.
Here's the track command:
track 1 ip sla 1 reachability
default-state up
delay down 30 up 180
I'm trying to think of a way to make it wait longer than 180 seconds. (900 seconds would be ideal to ensure the issue has been resolved before re-establishing the static routes.
Can anyone think of a way to increase the delay using the EEM commands? The track command is too limited here.
Thanks!
Ven

Looks like it's calling the add-ibgp, but it stops after the config t.
scp1001-a5t-3#
*Sep 25 15:26:23.680: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Sep 25 15:26:23.680: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : CTL : cli_open called.
*Sep 25 15:26:23.681: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3>
*Sep 25 15:26:23.681: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3>enable
*Sep 25 15:26:23.691: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3#
*Sep 25 15:26:23.691: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3#conf t
*Sep 25 15:26:23.801: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line. End with CNTL/Z.
*Sep 25 15:26:23.801: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config)#
*Sep 25 15:26:23.801: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config)#router bgp 27336
*Sep 25 15:26:23.911: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-router)#
*Sep 25 15:26:23.911: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-router)#neighbor 152.179.202.81 shutdown
*Sep 25 15:26:24.021: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-router)#
*Sep 25 15:26:24.021: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-router)#no event manager applet add-ibgp
*Sep 25 15:26:24.131: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config)#
*Sep 25 15:26:24.131: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config)#end
*Sep 25 15:26:24.138: %SYS-5-CONFIG_I: Configured from console by EEM on vty0 (EEM:track-bgp-down)
*Sep 25 15:26:24.141: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : OUT : scp1001-a5t-3#
*Sep 25 15:26:24.141: %HA_EM-5-LOG: track-bgp-down: SCP iBGP static routes deleted due to vlan200 failure
*Sep 25 15:26:24.141: %HA_EM-6-LOG: track-bgp-down : DEBUG(cli_lib) : : CTL : cli_close called.
*Sep 25 15:26:24.141: tty is now going through its death sequence
*Sep 25 15:26:31.530: %BGP-5-ADJCHANGE: neighbor 163.230.254.66 Down BGP Notification sent
*Sep 25 15:26:31.530: %BGP-3-NOTIFICATION: sent to neighbor 163.230.254.66 4/0 (hold time expired) 0 bytes
*Sep 25 15:26:31.530: %BGP_SESSION-5-ADJCHANGE: neighbor 163.230.254.66 IPv4 Unicast topology base removed from session BGP Notification sent
*Sep 25 15:26:47.964: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Sep 25 15:26:48.964: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
*Sep 25 15:26:47.964: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1, changed state to up
*Sep 25 15:26:49.909: %BGP-5-ADJCHANGE: neighbor 163.230.254.66 Up
*Sep 25 15:27:23.680: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
*Sep 25 15:27:23.680: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : CTL : cli_open called.
*Sep 25 15:27:23.681: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3>
*Sep 25 15:27:23.681: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3>enable
*Sep 25 15:27:23.691: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3#
*Sep 25 15:27:23.691: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3#conf t
*Sep 25 15:27:23.701: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line. End with CNTL/Z.
*Sep 25 15:27:23.701: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config)#
*Sep 25 15:27:23.701: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config)#event manager applet add-ibgp
*Sep 25 15:27:23.811: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:23.811: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#event timer countdown time 300
*Sep 25 15:27:23.921: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:23.921: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#action 1.0 cli command enable
*Sep 25 15:27:24.031: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:24.031: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#action 2.0 cli command " config t"
*Sep 25 15:27:24.141: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:24.141: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#action 3.0 cli command " router bgp 27336"
*Sep 25 15:27:24.251: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:24.251: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#action 4.0 cli command " no neighbor 152.179.202.81 shutdown"
*Sep 25 15:27:24.361: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:24.361: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#action 8.0 cli command end
*Sep 25 15:27:24.471: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3(config-applet)#
*Sep 25 15:27:24.471: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : IN : scp1001-a5t-3(config-applet)#end
*Sep 25 15:27:24.474: %SYS-5-CONFIG_I: Configured from console by EEM on vty0 (EEM:track-bgp-up)
*Sep 25 15:27:24.481: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : OUT : scp1001-a5t-3#
*Sep 25 15:27:24.481: %HA_EM-5-LOG: track-bgp-up: SCP iBGP static routes re-added - vlan200 UP
*Sep 25 15:27:24.481: %HA_EM-6-LOG: track-bgp-up : DEBUG(cli_lib) : : CTL : cli_close called.
*Sep 25 15:27:24.481: tty is now going through its death sequence
*Sep 25 15:27:42.058: %HSRP-5-STATECHANGE: GigabitEthernet0/0/1 Grp 1 state Speak -> Standby
*Sep 25 15:32:24.474: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : CTL : cli_open called.
*Sep 25 15:32:24.475: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : OUT : scp1001-a5t-3>
*Sep 25 15:32:24.475: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : IN : scp1001-a5t-3>enable
*Sep 25 15:32:24.485: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : OUT : scp1001-a5t-3#
*Sep 25 15:32:24.485: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : IN : scp1001-a5t-3# config t
*Sep 25 15:32:44.500: %HA_EM-6-LOG: add-ibgp : DEBUG(cli_lib) : : CTL : cli_close called.
*Sep 25 15:32:46.496: tty is now going through its death sequence

SSL WebServices config error ? trust failure

I’m at a loss in getting SSL to work with 7.0’s Web Services. I compiled and ran
the basic javaclass example using http. I’m using the demo cert provided with
WLS. I haven’t changed any admin console SSL settings. Then (I think) I followed
the directions for changing it to SSL. I have had no luck and I’ve looked through
many notes in the forums discussing the issue with some solutions and tried several
combinations. I must be overlooking something. Any help is greatly appreciated.
I’d love to see how anyone has modified the sample’s ant “run” task to execute
it.
I can’t get it to work using the web client or a Java client. I’ve also seen
different system property settings mentioned. My local docs mention -Dweblogic.webservice.client.ssl.trustedcerts
but the newer docs mention –Dtrustedfile.
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
the protocol: Write Channel Closed, possible SSL handshaking or trust failure”
error when I try to invoke the service. I have the same error from the Java client.
I tried entering the system password (weblogic). I assume I’m getting this because
of the demo certification issue. When starting the web server, I’ve tried the
following additions using the democert.pem and trusted.crt files. What file should
I reference?
Here is my WLS server startup option additions attempting to get it to run:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dtrustedfile=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.trustedcerts=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.strictcertchecking=false
On the Java client side, I have created a new runssl task with the additional
settings. Here is my latest version. I’ve tried multiple combinations. I get
the same error as the web app does.
<target name="runssl" depends="check">
<java classname="examples.webservices.basic.javaclass.Client"
fork="true">
<arg value="https://localhost:7002/basic_javaclass/HelloWorld?WSDL"/>
<sysproperty key="bea.home" value="c:\bea"/>
<sysproperty key="trustedfile" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="weblogic.webservice.client.ssl.trustedcerts" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="java.protocol.handler.pkgs" value="weblogic.webservice.client"/>
<sysproperty key="weblogic. webservice.client.ssl.strictcertchecking" value="false"/>
<sysproperty key="weblogic.webservice.verbose" value="true"/>
<classpath>
<pathelement location="${CLIENT_CLASSES}/${client_jar_file}"/>
<pathelement path="${java.class.path}"/>
<pathelement path="${CLIENT_CLASSES}"/>
<pathelement path="${CLIENT_CLASSES}/webserviceclient+ssl.jar"/>
</classpath>
</java>
</target>
Thanks in advance,
Dave

Hi Dave,
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
Sounds like the server side is not setup for SSL yet. A quick check is to use netstat -a and see if port 7002 is active. Be sure to
follow the docs (System Admin) carefully and work this issue first, making sure you can at least get to the WSDL before addressing the
other issues. Take a quick look at your server config.xml and there should be a section in the server for SSL that looks something like
this:
<SSL Enabled="true" Name="myserver"
ServerCertificateChainFileName="ca1024.der"
ServerCertificateFileName="democert1024.pem" ServerKeyFileName="demokey1024.pem"
TrustedCAFileName="client2certs.pem"/>
Hope this helps,
Brtuce
Dave Lyons wrote:
I’m at a loss in getting SSL to work with 7.0’s Web Services. I compiled and ran
the basic javaclass example using http. I’m using the demo cert provided with
WLS. I haven’t changed any admin console SSL settings. Then (I think) I followed
the directions for changing it to SSL. I have had no luck and I’ve looked through
many notes in the forums discussing the issue with some solutions and tried several
combinations. I must be overlooking something. Any help is greatly appreciated.
I’d love to see how anyone has modified the sample’s ant “run” task to execute
it.
I can’t get it to work using the web client or a Java client. I’ve also seen
different system property settings mentioned. My local docs mention -Dweblogic.webservice.client.ssl.trustedcerts
but the newer docs mention –Dtrustedfile.
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
the protocol: Write Channel Closed, possible SSL handshaking or trust failure”
error when I try to invoke the service. I have the same error from the Java client.
I tried entering the system password (weblogic). I assume I’m getting this because
of the demo certification issue. When starting the web server, I’ve tried the
following additions using the democert.pem and trusted.crt files. What file should
I reference?
Here is my WLS server startup option additions attempting to get it to run:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dtrustedfile=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.trustedcerts=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.strictcertchecking=false
On the Java client side, I have created a new runssl task with the additional
settings. Here is my latest version. I’ve tried multiple combinations. I get
the same error as the web app does.
<target name="runssl" depends="check">
<java classname="examples.webservices.basic.javaclass.Client"
fork="true">
<arg value="https://localhost:7002/basic_javaclass/HelloWorld?WSDL"/>
<sysproperty key="bea.home" value="c:\bea"/>
<sysproperty key="trustedfile" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="weblogic.webservice.client.ssl.trustedcerts" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="java.protocol.handler.pkgs" value="weblogic.webservice.client"/>
<sysproperty key="weblogic. webservice.client.ssl.strictcertchecking" value="false"/>
<sysproperty key="weblogic.webservice.verbose" value="true"/>
<classpath>
<pathelement location="${CLIENT_CLASSES}/${client_jar_file}"/>
<pathelement path="${java.class.path}"/>
<pathelement path="${CLIENT_CLASSES}"/>
<pathelement path="${CLIENT_CLASSES}/webserviceclient+ssl.jar"/>
</classpath>
</java>
</target>
Thanks in advance,
Dave[att1.html]

Naming Networks in EEM route table monitor

I have the following EEM applet running on one of my core devices to monitor any changes in the routing table.
event manager applet route-table-monitor
event routing network 0.0.0.0/0 ge 1
action 0.5 set msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"
action 1.0 syslog msg "$msg"
action 2.0 cli command "enable"
action 3.0 info type routername
action 4.0 mail server "*.*.*.*" to "roger@*********" from "Core1" subject "Routing Table Change" body "$msg $_cli_result"
action 8.0 set msg "Route changed: Type: "
This works brilliantly however the email I get lists the networks by IP and I am trying to get it to identify them by name
Email Output
Route changed: Type: modify, Network: 10.8.4.0, Mask/Prefix: 255.255.255.0, Protocol: BGP, GW: 10.1.1.1, Intf: N/A
The script is running on a 3750
I tried putting ip host info on the switch but that did not work.
I am not sure if there is an extra line I can add to the script or if anyone else has done this?
Thanks
Roger

I don't understand the request. Where would the network "name" come from? Networks are unnamed on IOS.

Ping failure

Hi All,
I have a an issue which i think/hope is an easy one but i cannot see it. hopefully i am missing something obvious:
A device (music player: 10.1.47.251) in a remote site is not responding to ping from our head office.
the device responds ok from the router and from within the remote lan
if i try and ping from the local router to the device and set the source as Dialer0 (internet) the ping fails
If i try and ping the device from head office it fails
If i try and ping 10.1.47.250 (a pc in same remote lan connected to same switch) from head office it responds ok
I have connected the music device directly to the router and to the switch but behaviour is the same no matter which device it is connected to.
Head office lan 192.168.100/24
remote site lan 10.1.47.0/24
head office peer 88.88.88.88 (not actual)
remote site peer 99.99.99.57 (not actual)
router config with certain info redacted with ??????? and changed
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ???????????
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 10000
no aaa new-model
dot11 syslog
ip source-route
ip dhcp excluded-address 10.1.47.1 10.1.47.10
ip dhcp excluded-address 10.1.47.50 10.1.47.254
ip dhcp pool Music
   network 10.1.47.0 255.255.255.0
   default-router 10.1.47.254
   dns-server 192.168.101.100
ip cef
no ip domain lookup
ip domain name ?????????????
username raadmin privilege 15 password 7 ???????????????????
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key ?????? address 88.88.88.88
crypto isakmp key ?????? address ??????????
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map ????????? ipsec-isakmp
description Head Office VPN
set peer 88.88.88.88 (not actual ip)
set transform-set ESP-3DES-MD5
match address 102
crypto map ?????? ipsec-isakmp
description ??????
set peer ???????
set transform-set ESP-3DES-MD5
match address 103
archive
log config
hidekeys
ip tftp source-interface Vlan1
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address 10.1.47.254 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer0
description ADSL line number: ??????????
ip address 99.99.99.57 255.255.255.248 (not actual ip)
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname ??????????????????
ppp chap password 7 ???????????????????
crypto map ??????????????????
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip nat inside source route-map Natted interface Dialer0 overload
logging history critical
access-list 100 remark Dialer0 Access List
access-list 100 permit tcp any host ?????????? established
access-list 100 permit tcp host ??????????? host 99.99.99.57 eq 22
access-list 100 permit tcp host ??????? host 99.99.99.57 eq 22
access-list 100 permit icmp host ????? host 99.99.99.57
access-list 100 permit icmp host ??????? host 99.99.99.57
access-list 100 permit udp host ????????? host 99.99.99.57 eq isakmp
access-list 100 permit esp host ???????? host 99.99.99.57
access-list 100 permit icmp host 88.88.88.88 host 99.99.99.57
access-list 100 permit tcp host 88.88.88.88 host 99.99.99.57 eq 22
access-list 100 permit udp host 88.88.88.88 host 99.99.99.57 eq isakmp
access-list 100 permit esp host 88.88.88.88 host 99.99.99.57
access-list 100 deny   icmp any any timestamp-reply
access-list 100 deny   icmp any any timestamp-request
access-list 100 deny   ip any any log
access-list 101 deny   ip any host ?????????????
access-list 101 deny   ip any host ???????????
access-list 101 deny   ip 10.1.47.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 deny   ip 10.1.47.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip any host ???????????
access-list 101 permit ip any host ?????????????????
access-list 101 permit ip any host ?????????????
access-list 101 permit ip any host???????????????
access-list 101 permit ip any host ???????????????
access-list 101 permit ip any host ???????????????
access-list 101 permit ip any host ?????????????????
access-list 101 permit ip any host ??????????????
access-list 101 permit ip any host ??????????????
access-list 101 permit ip any host ????????????????
access-list 101 permit ip any any
access-list 101 deny   ip any any
access-list 102 permit ip 10.1.47.0 0.0.0.255 192.168.96.0 0.0.31.255
access-list 102 permit ip 10.1.47.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 103 permit ip 10.1.47.0 0.0.0.255 192.168.51.48 0.0.0.15
dialer-list 1 protocol ip permit
route-map Natted permit 1
match ip address 101
snmp-server community ???????????????? RO
control-plane
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
transport input ssh
scheduler max-task-time 5000
end

Hi Jawad,
Thanks for your response. Unfourtunately i do not think this is the issue.
Access-list 103 is an acl for a VPN to a third party support partner. It is not related to Head Office traffic.
Access-list 102 is the access list for the VPN from Head Office to remote site and is the acl of interest here.
Access-list 102 is configured correctly and this is borne out by the fact i can ping 10.1.47.250 (but not 251)
thanks again
Brendan

Cannot access ASA5510 for first time config ASDM or PING

     Hi
I have a fresh out the box asa5510 with 8.4 on it.
I have built these before but for some reason cannot get this one to work. I am consoled on, have applied the following config but can still not ping to or from, can not asdm, cannot http/s. Arp table shows device it tries to ping, but device trying to pping it has incomplete arp entry.
I am really stumped, does anyone have any idea?
Please also see attached diagram for topology.
Thanks in advance
ciscoasa(config)# show run
: Saved
ASA Version 8.4(4)1
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 0
ip address 10.90.255.99 255.255.255.128
ftp mode passive
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list MANAGEMENT extended deny ip any any
pager lines 24
logging enable
logging console debugging
logging buffered warnings
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
no asdm history enable
arp timeout 14400
route management 0.0.0.0 0.0.0.0 10.90.255.126 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:79dc4cfc6161dcbd01a016ad9a2a2ca5
: end
%ASA-7-111009: User 'enable_15' executed cmd: show running-config
ciscoasa(config)#

Hi,
In this configuration:
interface Management0/0
nameif management
security-level 0
ip address 10.90.255.99 255.255.255.128
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0         // ACE1
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0    // ACE2
access-list MANAGEMENT extended deny ip any any                                                       // ACE3
In ACE1 the network 10.0.0.0/8 in the destination is not in the same network with 10.90.255.0/25 (MGMT interface)
Can you try these ACEs:
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.90.255.0 255.255.255.128
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.90.255.0 255.255.255.128
access-list MANAGEMENT extended deny ip any any
I agree with Jouni, in first time use a PC directly to the MGMT interface.
and use the clear arp command to clear the ARP cache
Best regards

EEM Applet to Monitor CPU

I need to what the PID using CPU utilization at 50%.
All i see on the syslog server is " %HA_EM-2-LOG: highcpu: HIGH CPU"
EEM doesnt tell me what process is consuming the CPU at 50%
Any ideas?
event manager applet highcpu
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.10.1 get-type exact entry-op ge entry-val 50 poll-interval 5
action 1.0 cli command "enable"
action 2.0 cli command "show proc cpu sorted"
action 3.0 syslog priority critical msg "HIGH CPU"
Francisco.

Joe,
I have uploaded the script in to flash and trying to register it, i get error below.
R1(config)#event manager policy tm_alert_high_cpu.tcl
Compile check and registration failed:Wrong # args, usage is "::cisco::eem::event_register_timer watchdog|countdown|absolute|cron name ? cron_entry ? time ? queue_priority normal|low|high maxrun ? nice ?"
while executing
"::cisco::eem::event_register_timer watchdog time $high_cpu_poll_freq
Tcl policy execute failed: Wrong # args, usage is "::cisco::eem::event_register_timer watchdog|countdown|absolute|cron name ? cron_entry ? time ? queue_priority normal|low|high maxrun ? nice ?"
Embedded Event Manager configuration: failed to retrieve intermediate registration result for policy tm_alert_high_cpu.tcl: Unknown error 0
R1(config)#event manager policy tm_alert_high_cpu.tcl
Compile check and registration failed:Wrong # args, usage is "::cisco::eem::event_register_timer watchdog|countdown|absolute|cron name ? cron_entry ? time ? queue_priority normal|low|high maxrun ? nice ?"
while executing
"::cisco::eem::event_register_timer watchdog time $high_cpu_poll_freq
Tcl policy execute failed: Wrong # args, usage is "::cisco::eem::event_register_timer watchdog|countdown|absolute|cron name ? cron_entry ? time ? queue_priority normal|low|high maxrun ? nice ?"
Embedded Event Manager configuration: failed to retrieve intermediate registration result for policy tm_alert_high_cpu.tcl: Unknown error 0
R1(config)#event manager policy tm_alert_high_cpu.tcl

T61 External Monitor Port Failure Question

I have a Lenovo T61 8897-cto (purchased 4/2008) with what I believe is a failing backlight. In dim environments I can still see the screen. I've been temporarily using an external monitor, but the external monitor just went blank and I can't get it back, (the external monitor works fine with another laptop which I'm using now). My question is, does this new fault point to a system board failure? I suppose it could be a connector but I don't move the system often and not recently. The only other things that comes to mind is that the battery is dying and only has 50% of its capacity left, (but I always run it with the AC cable plugged in).
I'm just wonder if it is worth putting any money into this laptop or to parts it out. I've already ordered a replacement W510 which I should get in under 2 weeks. I was thinking about using the T61 as a backup or dedicated to Ubuntu, but I can buy a used one for under $600 so I don't want to dump $400 into to have it repaired.
Any suggestions/prior experience with failing LCD displays and external video port?

1400x1050 is the highest screen resolution, so I guess that is SXGA+ No, I've never spilled anything on the laptop. I'm running Windows Vista Pro latest Service Pack. I rebooted the system this morning and the external display was detected and used during the boot process. It started to work again under Windows. I'm starting to think that it was some sort of power saving mode that failed to re-initialize. The main laptop screen is still dim, but readable in a dark room. It does have a bit of a tint to it, which I've read is an indicator of a failing backlight. I've checked the warranty on the Lenovo website and they've indicated that it has expired.

SCOM 2012 SP1 - Setup SNMP monitoring = ping OK, no response SNMP.

Hello,
I've tried the snmp monitoring in lab domain, everthing work. Now I work in the production environment, but I can't make work the snmp. I've tried only snmp, but the same error occure. The Ping is ok, all my firewalls rules allows snmp and ping over
the domain.
But when I launche the discovery, I've got an error after "No Response SNMP". I've analized the network with wireshark, I see the snmp get send to scom to the network device, but the netowrk device, reply " Destionation unreachable (Port unreachable)".
I've check with "netstat -ano -p udp" but I don't see the port 162, the 161 is open and snmp.exe service use it. But 162 is not open and Healthservice.exe doesn't use it.
I tried to reboot the server, but nothing change. And I check all my configuration, and it's the same in my lab domain and te production.
Anybody have the same issue? Or a workaround?
Thank you in advance.
KimBaxZ

Hello Roger,
1. Windows Firewall
a. SNMP service authorized
b. SNMP trap not authorized
c. PING.exe authorized
d. HealthService.exe authorized
2. SNMP service configuration
a. Security => Community name + Right OK
b. Security => Accept SNMP packets from any host
3. SNMP trap service disabled
4. The network device (cisco switch is already configured and the snmp work well)
a. It's possible to execute a snmp walk on the switch, and we get all the data (we use a différents
computer to do this, like a linux server on the same network)
5. We use snmp v2 on the switch, and during the discovery scom, send v2c snmp get to the switch with the good community name.
6. I tried to forge a snmp v2 packet and send them to the scom server, wireshark see the packet
During the discovery the switch get the snmp request, but he can't reply, the snmp trap port (162) on the scom server is not open. And I don't know why.

Export config on monitored objects?

Hi
I've been asked to document what is monitored on each system/server/DA that is present in the SCOM2012 solution we have.
However, I find it quite time-consuming to copy/paste the individual settings from the gui, by right-clicking on the object, open healthexplorer, and then look at every monitor to see what the thresholds and overrides are and then paste it into a worddoc.
There are hundred of servers and DAs in this system, and with the current method is going to take a year to document it, then its probably changed, and I have to start all over again.
Does it exist a third-party or MS tool or powershell-script that I may use to dump the config on an object (with all its monitors and overrides)?
Thanks in advance
/Peter

Hi,
Please refer to the link below:
What Monitors, Rules and Discoveries are running on an OpsMgr Agent?
http://blogs.technet.com/b/stefan_stranger/archive/2010/11/30/what-monitors-rules-and-discoveries-are-running-on-an-opsmgr-agent.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

EEM config to monitor ping failure

Similar Messages

Maybe you are looking for