I am able to run my script resetmcvpn.sh with no issues from the ubuntu command line. The code below:
#!/usr/bin/expect -f
spawn ssh admin@10.2.1.59
expect "assword:"
send "thepassword\r"
expect "#"
send "config vdom\r"
expect "#"
send "edit root\r"
expect "#"
send "diagnose vpn tunnel reset 'my tunnel'\r"
expect "#"
send "exit\r"
The splunk triggered alert is not working for this. When I run:
/opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/resetmcvpn.sh
I get the error:
ssh: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by ssh)
I have tried the solutions posted in other answers, but they require bash where I believe I am using expect? (I only know linux from what I can get from google)
Any help is MUCH apprectiated.
Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.
To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:
#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh
Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.
From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh
The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.
Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.
To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:
#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh
Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.
From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh
The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.
FYI, here is a self-adjusting wrapper script that is based off of the name so no hardcoding is necessary:
#!/bin/bash
# You need this wrapper script if you are getting an error like this:
# 'OPENSSL_1.0.0' not found (required by /usr/bin/ssh)
# This is all the background that I could find on it:
# http://answers.splunk.com/answers/185635/why-splunk-triggered-alert-is-not-working-for-my-s.html
unset LD_LIBRARY_PATH
MYPATH=$( cd $(dirname ${BASH_SOURCE[0]}) ; pwd -P )
MYNAME=$(basename ${BASH_SOURCE[0]})
MYBASE=${MYNAME%.*}
MYLOG="${MYPATH}/${MYBASE}.log"
#echo "0=<$0>" > $MYLOG
#echo "MYPATH=<$MYPATH>" >> $MYLOG
#echo "MYNAME=<$MYNAME>" >> $MYLOG
#echo "MYBASE=<$MYBASE>" >> $MYLOG
#echo "*=<$*>" >> $MYLOG
#echo "1=<${1}>" >> $MYLOG
#echo "2=<${2}>" >> $MYLOG
#echo "3=<${3}>" >> $MYLOG
#echo "4=<${4}>" >> $MYLOG
#echo "5=<${5}>" >> $MYLOG
#echo "6=<${6}>" >> $MYLOG
#echo "7=<${7}>" >> $MYLOG
#echo "8=<${8}>" >> $MYLOG
${MYPATH}/${MYBASE}_real.sh "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}" "${8}"
#echo "rc=$?" >> $MYLOG