Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Peter_Baumann
Contributor

Debugging User Alert Scripts

Hi all,

We try to setup a user alert script 1 which is blocking hosts when there is an event for "sweep scan" or "host port scan" in the core protections.

We setup the script in Global Properties -- Log and Alerts -- Alerts -- Run UserDefinded Script (alert no. 1).
The script is in $CPDIR/bin/scriptname.sh

In the core protections "sweep scan" and "host port scan" we select Logging settings -- Track -- User Alert 1.

The result is that the script is not running.

So how can we debug the starting of the script?
Is there any logfile which shows when the management system tries to start the script etc.?

Thanks,
Peter

4 Replies
PhoneBoy
Admin
Admin

What is your precise User Defined script call in Global Properties?
0 Kudos
Peter_Baumann
Contributor

scriptname.sh
0 Kudos
David_T
Participant

i added a custom debug command do the script.

echo "$(date) ---- " >> /tmp/debug.txt

with that i can now see that the call to the script works.

but the parameter handling in the script does not work.

i saw in another thread in checkmates that i have to read the input with the following command:

read input

and i can output the result to the debug file:

echo $input >> /tmp/debug

i know need to get the source ip from the input. i think i need to do this with an regex. 

Does someone knows a better way to read the values from the log entry in my script?

PhoneBoy
Admin
Admin

You should specify the full pathname to execute the script in Global Properties.
And you have to process input from standard input.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events