LogZilla Automation

As a courtesy to our users, we've created a Github repository containing examples of user-contributed scripts which can be used for automated actions. Be sure to check there before writing your own.

Note: Users are also encouraged to contribute to the Github repo!

Script Environment

All triggers passed to a script contain all of the matched message information as environment variables. To manipulate any of the data, simply call that environment variable.

The following list of variables is passed into each script automatically:

Note: Some of the variables below are only available after LogZilla v5.70.3

# EVENT_CISCO_MNEMONIC          =   <string>
# EVENT_COUNTER                 =   <integer>
# EVENT_FACILITY                =   <integer>
# EVENT_FIRST_OCCURRENCE        =   <float>
# EVENT_HOST                    =   <string>
# EVENT_ID                      =   <int>
# EVENT_LAST_OCCURRENCE         =   <float>
# EVENT_MESSAGE                 =   <string>
# EVENT_PROGRAM                 =   <string>
# EVENT_SEVERITY                =   <integer>
# EVENT_STATUS                  =   <integer>
# EVENT_TRIGGER_AUTHOR          =   <string>
# EVENT_TRIGGER_AUTHOR_EMAIL    =   <string>
# EVENT_TRIGGER_ID              =   <integer>
# EVENT_USER_TAGS               =   <integer>
# TRIGGER_HITS_COUNT            =   <integer>

Calling a script in LogZilla

Note: scripts to be used by LogZilla must be placed in the /etc/logzilla/scripts directory.

From an SSH Console/Shell:

Create a new file /etc/logzilla/scripts/myscript
Add the script contents and save the file
Run the following commands to change ownership and permissions on the script:

    chown logzilla:logzilla /etc/logzilla/scripts/myscript
    chmod 755 /etc/logzilla/scripts/myscript

Next, log into the LogZilla Web Interface and:

Create a new trigger from the trigger menu
Select the execute script option.
Select myscript from the dropdown menu

Any patterns matching this trigger will now call myscript