Smartevent automatic reaction external script

dehaasm · ‎2023-07-26

For smartevents server we would like to implement an external script for automatic reaction on correlated events and to send this event to syslog.

Now i found this article

https://community.checkpoint.com/t5/Management/SmartEvent-External-Script-for-Mail/td-p/78994#

So for my use case i would need something like this, we just want to send the entire event via syslog using Automatic Reaction

[Expert@checkpoint-management:0]# cat $RTDIR/bin/ext_commands/automaticreactionsyslog
#!/bin/bash
INPUT=$(cat);
EVENT="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}";

logger ......;

Does someone here perhaps has any guidence on how to achieve this?

PhoneBoy · ‎2023-07-26

The automatic reaction script should receive all the details on stdin.
Which means your script will simply need to parse that data and take whatever action is desired.

dehaasm · ‎2023-07-26

Yes so i guess above script is a good script to start with? I just have to define the syslog action with command logger correct?

I believe these two will collect the event data and then I should include $EVENT in logger command as the data to be send?

INPUT=$(cat);
EVENT="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}";

PhoneBoy · ‎2023-07-26

That's what it looks like to me.

Are you a member of CheckMates?

Smartevent automatic reaction external script