Script Types
LogZilla can take any type of executable script, for example:
- Perl
- Python
- sh, bash, zsh, csh, etc.
- Compiled Executables
Script Environment
All triggers passed to a script contain all of the matched message information as environment variables. To manipulate any of the data, simply call that environment variable.
The following list of variables are passed into each script automatically:
# EVENT_CISCO_MNEMONIC = <string>
# EVENT_COUNTER = <integer>
# EVENT_FACILITY = <integer>
# EVENT_FIRST_OCCURRENCE = <float>
# EVENT_HOST = <string>
# EVENT_ID = <int>
# EVENT_LAST_OCCURRENCE = <float>
# EVENT_MESSAGE = <string>
# EVENT_PROGRAM = <string>
# EVENT_SEVERITY = <integer>
# EVENT_STATUS = <integer>
# EVENT_TRIGGER_AUTHOR = <string>
# EVENT_TRIGGER_AUTHOR_EMAIL = <string>
# EVENT_TRIGGER_ID = <integer>
# EVENT_USER_TAGS = <integer>
# TRIGGER_HITS_COUNT = <integer>
Script Execution
Scripts may be run directly or on dedicated docker containers. The method used depends on your script requirements:
Simple Scripts
For simple scripts which do not require anything special other than what is
available in a standard Ubuntu install, simply copy your script to the lz_watcher
container and select it when creating a trigger in the UI. This directory resides on a docker volume, and its contents will persist even after lz_watcher removal.
For example:
Copy the file to the container where scripts are stored:
Custom Scripts
For scripts which require extra libraries or programs such as perl modules, you may use your own docker image containing all required modules. You may also use any images found on docker hub.
Custom Docker Container
In this example, we will use a container for fixing Cisco's CDP-4-DUPLEX_MISMATCH events, which uses perl to ssh/telnet into the device.
-
Create a new file named
Dockerfile
with the following content:FROM ubuntu:18.04 RUN apt update && apt install -y \ liblwp-protocol-https-perl \ libnet-ssh2-perl \ libcrypt-ssleay-perl \ cpanminus \ build-essential RUN cpanm \ Net::Telnet::Cisco \ Net::SSH2::Cisco \ HTTP::Request::Common \ LWP::UserAgent JSON
Run the following command from the same directory containing the
Once the build completes, verify that the image exists by using theDockerfile
file.docker image ls
command: -
Download the sample script from our github
-
Edit the script to fit your environment. If you don't use Slack, just comment that section out.
$posturl
$default_channel
$slack_user
$ciscoUsername
$ciscoPassword
Make sure the script is executable, and move the script to the LogZilla scripts directory.
Next, log into the LogZilla Web Interface and:
- Create a new trigger from the trigger menu
- Select the
execute script
option. - From the dropdown menu, select your new script.
Any patterns matching this trigger will now be executed.
You may also find some useful scripts on our GitHub page to help you get started.