Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why Splunk triggered alert is not working for my script and getting error "'OPENSSL_1.0.0' not found (required by ssh)"?

antlefebvre
Communicator
‎11-06-2014 12:09 PM

I am able to run my script resetmcvpn.sh with no issues from the ubuntu command line. The code below:

#!/usr/bin/expect -f
spawn ssh admin@10.2.1.59
expect "assword:"
send "thepassword\r"
expect "#"
send "config vdom\r"
expect "#"
send "edit root\r"
expect "#"
send "diagnose vpn tunnel reset 'my tunnel'\r"
expect "#"
send "exit\r"

The splunk triggered alert is not working for this. When I run:
/opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/resetmcvpn.sh

I get the error:

ssh: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by ssh)

I have tried the solutions posted in other answers, but they require bash where I believe I am using expect? (I only know linux from what I can get from google)

Any help is MUCH apprectiated.

Reply
1 Solution
Solved! Jump to solution
Solution

antlefebvre
Communicator
‎11-07-2014 11:35 AM

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

View solution in original post

Reply
Solved! Jump to solution
Solution

antlefebvre
Communicator
‎11-07-2014 11:35 AM

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎01-06-2017 11:15 AM

FYI, here is a self-adjusting wrapper script that is based off of the name so no hardcoding is necessary:

#!/bin/bash
# You need this wrapper script if you are getting an error like this:
#    'OPENSSL_1.0.0' not found (required by /usr/bin/ssh)
# This is all the background that I could find on it:
# http://answers.splunk.com/answers/185635/why-splunk-triggered-alert-is-not-working-for-my-s.html
unset LD_LIBRARY_PATH
MYPATH=$( cd $(dirname ${BASH_SOURCE[0]}) ; pwd -P )
MYNAME=$(basename ${BASH_SOURCE[0]})
MYBASE=${MYNAME%.*}
MYLOG="${MYPATH}/${MYBASE}.log"

#echo "0=<$0>" > $MYLOG
#echo "MYPATH=<$MYPATH>" >> $MYLOG
#echo "MYNAME=<$MYNAME>" >> $MYLOG
#echo "MYBASE=<$MYBASE>" >> $MYLOG
#echo "*=<$*>" >> $MYLOG
#echo "1=<${1}>" >> $MYLOG
#echo "2=<${2}>" >> $MYLOG
#echo "3=<${3}>" >> $MYLOG
#echo "4=<${4}>" >> $MYLOG
#echo "5=<${5}>" >> $MYLOG
#echo "6=<${6}>" >> $MYLOG
#echo "7=<${7}>" >> $MYLOG
#echo "8=<${8}>" >> $MYLOG

${MYPATH}/${MYBASE}_real.sh "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}" "${8}"
#echo "rc=$?" >> $MYLOG
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...