LogZilla can take any type of executable script, for example:
- sh, bash, zsh, csh, etc.
- Compiled Executables
All triggers passed to a script contain all of the matched message information as environment variables. To manipulate any of the data, simply call that environment variable.
The following list of variables are passed into each script automatically:
# EVENT_CISCO_MNEMONIC = <string> # EVENT_COUNTER = <integer> # EVENT_FACILITY = <integer> # EVENT_FIRST_OCCURRENCE = <float> # EVENT_HOST = <string> # EVENT_ID = <int> # EVENT_LAST_OCCURRENCE = <float> # EVENT_MESSAGE = <string> # EVENT_PROGRAM = <string> # EVENT_SEVERITY = <integer> # EVENT_STATUS = <integer> # EVENT_TRIGGER_AUTHOR = <string> # EVENT_TRIGGER_AUTHOR_EMAIL = <string> # EVENT_TRIGGER_ID = <integer> # EVENT_USER_TAGS = <integer> # TRIGGER_HITS_COUNT = <integer>
Scripts may be run directly or on dedicated docker containers. The method used depends on your script requirements:
For simple scripts which do not require anything special other than what is
available in a standard Ubuntu install, simply copy your script to the
lz_watcher container and select it when creating a trigger in the UI. This directory resides on a docker volume, and its contents will persist even after lz_watcher removal.
Copy the file to the container where scripts are stored:
For scripts which require extra libraries or programs such as perl modules, you may use your own docker image containing all required modules. You may also use any images found on docker hub.
Custom Docker Container
In this example, we will use a container for fixing Cisco's CDP-4-DUPLEX_MISMATCH events, which uses perl to ssh/telnet into the device.
Create a new file named
Dockerfilewith the following content:
Run the following command from the same directory containing the
docker image lscommand:
Download the sample script from our github
Edit the script to fit your environment. If you don't use Slack, just comment that section out.
Make sure the script is executable, and move the script to the LogZilla scripts directory.
Next, log into the LogZilla Web Interface and:
- Create a new trigger from the trigger menu
- Select the
- From the dropdown menu, select your new script.
Any patterns matching this trigger will now be executed.
You may also find some useful scripts on our GitHub page to help you get started.