kapacitor icon indicating copy to clipboard operation
kapacitor copied to clipboard

Published 20 hours ago verified publisher icon influxdata

Kapacitor .exec() not working

Open italianoaj opened this issue 5 years ago • 4 comments

Hi everyone, I am fairly new to TICK and I am trying to have kapacitor run a bash script then email me a notification. The following is my tickscript:

`var db = 'telegraf'

var rp = 'autogen'

var measurement = 'syslog'

var groupBy = []

var whereFilter = lambda: ("appname" == 'sshd') AND ("facility" == 'authpriv') AND ("hostname" == 'vyos') AND ("severity" == 'notice')

var period = 10s

var every = 30s

var name = 'Brute Force Attack'

var idVar = name

var message = ''

var idTag = 'alertID'

var levelTag = 'level'

var messageField = 'message'

var durationField = 'duration'

var outputDB = 'chronograf'

var outputRP = 'autogen'

var outputMeasurement = 'alerts'

var triggerType = 'threshold'

var details = 'script has been ran'

var crit = 3

var data = stream |from() .database(db) .retentionPolicy(rp) .measurement(measurement) .groupBy(groupBy) .where(whereFilter) |window() .period(period) .every(every) .align() |count('timestamp') .as('value')

var trigger = data |alert() .exec('/usr/bin/bash', '/scripts/script.sh') .crit(lambda: "value" >= crit) .message(message) .id(idVar) .idTag(idTag) .levelTag(levelTag) .messageField(messageField) .durationField(durationField) .details(details) .email() .to('italianoaj@**********')

trigger |eval(lambda: float("value")) .as('value') .keep() |influxDBOut() .create() .database(outputDB) .retentionPolicy(outputRP) .measurement(outputMeasurement) .tag('alertName', name) .tag('triggerType', triggerType)

trigger |httpOut('output') `

the script reads:

`#!/bin.bash

echo "test" > /var/lib/kapacitor/test.txt`

When the script fires, the email is sent but the script doesn't run being the test.txt file is not created. Am I using .exec() properly? Again I am very new to this and would like to implement TICK for some of my system's syslogs and have scripts run in response to certain log anomalies. Thank you in advance for your help.

italianoaj avatar Mar 27 '19 20:03 italianoaj

Hi,

I guess that you need to put the path as first arg and the program as second like: .exec('/usr/bin/bash/scripts', 'script.sh')

Hope this works!!

arturo-mondelo avatar Mar 27 '19 21:03 arturo-mondelo

@arturo-mondelo Thanks Ill give that a shot a let you know if it works!

italianoaj avatar Mar 27 '19 21:03 italianoaj

@arturo-mondelo That did not work. When inside of the directory /usr/bin/bash/scripts and I run 'sudo -u kapacitor bash script.sh' the script works. My inital concern was that the kapacitor user could not run the script but that proved to be false. Any other advice would be helpful. Thanks again!

italianoaj avatar Mar 27 '19 21:03 italianoaj

The .exec() command syntax is .exec('command', 'arg') so make the script executable, that is 'chmod +x /scripts/script.sh' and then try .exec('/scripts/script.sh', '')

SailingGreg avatar Jul 08 '21 16:07 SailingGreg