Alerting

Adding custom alert action for launching python script

sherkhan6ad6oy
Explorer

In short, I have a router with an IP address on a virtual machine, and I need that when I receive a log that one of its interfaces has turned off, a trigger is triggered and my script runs.

test1.py

from netmiko import ConnectHandler

R1 = {
"device_type": "cisco_ios",
"host": "R1",
"ip": "192.168.12.130",
"username": "admin",
"password": "admin1"
}

def main():
commands = ['int fa3/0',
'no sh'
]

connect = ConnectHandler(**R1)
connect.enable()
output = connect.send_config_set(commands)
print(f"\n\n-------------- Device {R1['ip']} --------------")
print(output)
print("-------------------- End -------------------")


if __name__ == '__main__':
main()

 

Login to splunk I get, the Add to Triggered Alerts trigger is triggered. But the .py file itself does not run. Checked through ".../splunk.exe cmd python .../test1.py " it starts and works.

alert_actions.conf

[test1]
is_custom = 1
label = Change_interface_state
description = Change_interface_state
icon_path = test1.png

alert.execute.cmd = test1.py



app.conf

[install]
is_configured = 1
state = enabled

[ui]
is_visible = 1
label = test

[launcher]
author = QAZxsw
description = This is custom
version = 1.0.0

 

test1.html

<from class="from-horizontal from-complex">
<p>Change state of interface</p>
</from>

 

 

Help (._.)

Labels (2)
0 Karma
1 Solution

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

View solution in original post

0 Karma

Stefanie
Builder

@sherkhan6ad6oy 

Are there any messages in the splunkd.log that suggests that the script was not able to be ran? 

sherkhan6ad6oy
Explorer
Alert script returned error code 1
0 Karma

Stefanie
Builder

Could you try editing alert_actions.conf to include the correct Python version?

 

 

python.version = {default|python|python2|python3}
* For Python scripts only, selects which Python version to use.
* Set to either "default" or "python" to use the system-wide default Python
  version.
* Optional.
* Default: Not set; uses the system-wide Python version.

 

 

https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf

0 Karma

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

0 Karma

sherkhan6ad6oy
Explorer

Hello @Stefanie 

Unfortunately, the problem will not be solved. Python in the bar works on a different principle. There is an error in the code in the logs, on line N. Importing other libraries is not possible. There is a similar question where the problem was in the import. She decided to import the app to add the numpy library.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...