Solved: Re: Why Splunk triggered alert is not working for ...

antlefebvre · ‎11-06-2014

I am able to run my script resetmcvpn.sh with no issues from the ubuntu command line. The code below:

#!/usr/bin/expect -f
spawn ssh admin@10.2.1.59
expect "assword:"
send "thepassword\r"
expect "#"
send "config vdom\r"
expect "#"
send "edit root\r"
expect "#"
send "diagnose vpn tunnel reset 'my tunnel'\r"
expect "#"
send "exit\r"

The splunk triggered alert is not working for this. When I run:
/opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/resetmcvpn.sh

I get the error:

ssh: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by ssh)

I have tried the solutions posted in other answers, but they require bash where I believe I am using expect? (I only know linux from what I can get from google)

Any help is MUCH apprectiated.

antlefebvre · ‎11-07-2014

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

View solution in original post

antlefebvre · ‎11-07-2014

Much googling and trial and error got me to a solution. Hopefully someone hits this answer in the future and doesn't have to go through what I did.

To get the script above to work I had to call it with another script. I called it kickoffresetmcvpn.sh and the contents are:

#!/bin/bash
unset LD_LIBRARY_PATH
/opt/splunk/bin/scripts/resetmcvpn.sh

Make sure you enter the full path to the script you want this script to run. That caused me an hour of problems when I was running this in the same directory from the CLI, but it wasn't working from the triggered alert.

From the CLI I verified but entering /opt/splunk/bin/splunk cmd /opt/splunk/bin/scripts/kickoffresetmcvpn.sh

The end result of script kicking off the other script is that I can set a triggered alert to login to the firewall and reset a tunnel when the ping monitor shows the VPN status as down.

woodcock · ‎01-06-2017

FYI, here is a self-adjusting wrapper script that is based off of the name so no hardcoding is necessary:

#!/bin/bash
# You need this wrapper script if you are getting an error like this:
#    'OPENSSL_1.0.0' not found (required by /usr/bin/ssh)
# This is all the background that I could find on it:
# http://answers.splunk.com/answers/185635/why-splunk-triggered-alert-is-not-working-for-my-s.html
unset LD_LIBRARY_PATH
MYPATH=$( cd $(dirname ${BASH_SOURCE[0]}) ; pwd -P )
MYNAME=$(basename ${BASH_SOURCE[0]})
MYBASE=${MYNAME%.*}
MYLOG="${MYPATH}/${MYBASE}.log"

#echo "0=<$0>" > $MYLOG
#echo "MYPATH=<$MYPATH>" >> $MYLOG
#echo "MYNAME=<$MYNAME>" >> $MYLOG
#echo "MYBASE=<$MYBASE>" >> $MYLOG
#echo "*=<$*>" >> $MYLOG
#echo "1=<${1}>" >> $MYLOG
#echo "2=<${2}>" >> $MYLOG
#echo "3=<${3}>" >> $MYLOG
#echo "4=<${4}>" >> $MYLOG
#echo "5=<${5}>" >> $MYLOG
#echo "6=<${6}>" >> $MYLOG
#echo "7=<${7}>" >> $MYLOG
#echo "8=<${8}>" >> $MYLOG

${MYPATH}/${MYBASE}_real.sh "${1}" "${2}" "${3}" "${4}" "${5}" "${6}" "${7}" "${8}"
#echo "rc=$?" >> $MYLOG

Why Splunk triggered alert is not working for my script and getting error "'OPENSSL_1.0.0' not found (required by ssh)"?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life