Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why Splunk triggered alert is not working for my script and getting error "'OPENSSL_1.0.0' not found (required by ssh)"?

antlefebvre
Communicator
‎11-06-2014 12:09 PM

I am able to run my script resetmcvpn.sh with no issues from the ubuntu command line. The code below:

#!/usr/bin/expect -f
spawn ssh admin@10.2.1.59
expect "assword:"
send "thepassword\r"
expect "#"
send "config vdom\r"
expect "#"
send "edit root\r"
expect "#"
send "diagnose vpn tunnel reset 'my tunnel'\r"
expect "#"
send "exit\r"

The splunk triggered alert is not working for this. When I run:
/opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/resetmcvpn.sh

I get the error:

ssh: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by ssh)

I have tried the solutions posted in other answers, but they require bash where I believe I am using expect? (I only know linux from what I can get from google)

Any help is MUCH apprectiated.

Reply
1 Solution
Solved! Jump to solution
Solution

antlefebvre
Communicator
‎11-07-2014 11:35 AM

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

View solution in original post

Reply
Solved! Jump to solution
Solution

antlefebvre
Communicator
‎11-07-2014 11:35 AM

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎01-06-2017 11:15 AM

FYI, here is a self-adjusting wrapper script that is based off of the name so no hardcoding is necessary:

#!/bin/bash
# You need this wrapper script if you are getting an error like this:
#    'OPENSSL_1.0.0' not found (required by /usr/bin/ssh)
# This is all the background that I could find on it:
# http://answers.splunk.com/answers/185635/why-splunk-triggered-alert-is-not-working-for-my-s.html
unset LD_LIBRARY_PATH
MYPATH=$( cd $(dirname ${BASH_SOURCE[0]}) ; pwd -P )
MYNAME=$(basename ${BASH_SOURCE[0]})
MYBASE=${MYNAME%.*}
MYLOG="${MYPATH}/${MYBASE}.log"

#echo "0=<$0>" > $MYLOG
#echo "MYPATH=<$MYPATH>" >> $MYLOG
#echo "MYNAME=<$MYNAME>" >> $MYLOG
#echo "MYBASE=<$MYBASE>" >> $MYLOG
#echo "*=<$*>" >> $MYLOG
#echo "1=<${1}>" >> $MYLOG
#echo "2=<${2}>" >> $MYLOG
#echo "3=<${3}>" >> $MYLOG
#echo "4=<${4}>" >> $MYLOG
#echo "5=<${5}>" >> $MYLOG
#echo "6=<${6}>" >> $MYLOG
#echo "7=<${7}>" >> $MYLOG
#echo "8=<${8}>" >> $MYLOG

${MYPATH}/${MYBASE}_real.sh "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}" "${8}"
#echo "rc=$?" >> $MYLOG
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...