Alerting

Why Splunk triggered alert is not working for my script and getting error "'OPENSSL_1.0.0' not found (required by ssh)"?

antlefebvre
Communicator

I am able to run my script resetmcvpn.sh with no issues from the ubuntu command line. The code below:

#!/usr/bin/expect -f
spawn ssh admin@10.2.1.59
expect "assword:"
send "thepassword\r"
expect "#"
send "config vdom\r"
expect "#"
send "edit root\r"
expect "#"
send "diagnose vpn tunnel reset 'my tunnel'\r"
expect "#"
send "exit\r"

The splunk triggered alert is not working for this. When I run:
/opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/resetmcvpn.sh

I get the error:

ssh: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by ssh)

I have tried the solutions posted in other answers, but they require bash where I believe I am using expect? (I only know linux from what I can get from google)

Any help is MUCH apprectiated.

1 Solution

antlefebvre
Communicator

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

View solution in original post

antlefebvre
Communicator

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

woodcock
Esteemed Legend

FYI, here is a self-adjusting wrapper script that is based off of the name so no hardcoding is necessary:

#!/bin/bash
# You need this wrapper script if you are getting an error like this:
#    'OPENSSL_1.0.0' not found (required by /usr/bin/ssh)
# This is all the background that I could find on it:
# http://answers.splunk.com/answers/185635/why-splunk-triggered-alert-is-not-working-for-my-s.html
unset LD_LIBRARY_PATH
MYPATH=$( cd $(dirname ${BASH_SOURCE[0]}) ; pwd -P )
MYNAME=$(basename ${BASH_SOURCE[0]})
MYBASE=${MYNAME%.*}
MYLOG="${MYPATH}/${MYBASE}.log"

#echo "0=<$0>" > $MYLOG
#echo "MYPATH=<$MYPATH>" >> $MYLOG
#echo "MYNAME=<$MYNAME>" >> $MYLOG
#echo "MYBASE=<$MYBASE>" >> $MYLOG
#echo "*=<$*>" >> $MYLOG
#echo "1=<${1}>" >> $MYLOG
#echo "2=<${2}>" >> $MYLOG
#echo "3=<${3}>" >> $MYLOG
#echo "4=<${4}>" >> $MYLOG
#echo "5=<${5}>" >> $MYLOG
#echo "6=<${6}>" >> $MYLOG
#echo "7=<${7}>" >> $MYLOG
#echo "8=<${8}>" >> $MYLOG

${MYPATH}/${MYBASE}_real.sh "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}" "${8}"
#echo "rc=$?" >> $MYLOG
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...