Alerting

Adding custom alert action for launching python script

sherkhan6ad6oy
Explorer

In short, I have a router with an IP address on a virtual machine, and I need that when I receive a log that one of its interfaces has turned off, a trigger is triggered and my script runs.

test1.py

from netmiko import ConnectHandler

R1 = {
"device_type": "cisco_ios",
"host": "R1",
"ip": "192.168.12.130",
"username": "admin",
"password": "admin1"
}

def main():
commands = ['int fa3/0',
'no sh'
]

connect = ConnectHandler(**R1)
connect.enable()
output = connect.send_config_set(commands)
print(f"\n\n-------------- Device {R1['ip']} --------------")
print(output)
print("-------------------- End -------------------")


if __name__ == '__main__':
main()

 

Login to splunk I get, the Add to Triggered Alerts trigger is triggered. But the .py file itself does not run. Checked through ".../splunk.exe cmd python .../test1.py " it starts and works.

alert_actions.conf

[test1]
is_custom = 1
label = Change_interface_state
description = Change_interface_state
icon_path = test1.png

alert.execute.cmd = test1.py



app.conf

[install]
is_configured = 1
state = enabled

[ui]
is_visible = 1
label = test

[launcher]
author = QAZxsw
description = This is custom
version = 1.0.0

 

test1.html

<from class="from-horizontal from-complex">
<p>Change state of interface</p>
</from>

 

 

Help (._.)

Labels (2)
0 Karma
1 Solution

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

View solution in original post

0 Karma

Stefanie
Builder

@sherkhan6ad6oy 

Are there any messages in the splunkd.log that suggests that the script was not able to be ran? 

sherkhan6ad6oy
Explorer
Alert script returned error code 1
0 Karma

Stefanie
Builder

Could you try editing alert_actions.conf to include the correct Python version?

 

 

python.version = {default|python|python2|python3}
* For Python scripts only, selects which Python version to use.
* Set to either "default" or "python" to use the system-wide default Python
  version.
* Optional.
* Default: Not set; uses the system-wide Python version.

 

 

https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf

0 Karma

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

0 Karma

sherkhan6ad6oy
Explorer

Hello @Stefanie 

Unfortunately, the problem will not be solved. Python in the bar works on a different principle. There is an error in the code in the logs, on line N. Importing other libraries is not possible. There is a similar question where the problem was in the import. She decided to import the app to add the numpy library.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...