Execute

Function

Execute a command or an inline shell script (bash, perl, python) on the collector configured for the job or on a remote host specified by the IP address of the device via ssh. The command that should be run can be entered either by the command’s path with optional command arguments or via an inline script.

Alarming

Running time, Exit code, Return value <0-n>, String value <0-n>

Execute jobs may only be created/edited by users of type Administrator since they allow executing arbitrary code on the SKOOR collector or server (in the case of the collector-local).
The executable or code entered in the inline text box is executed with the eranger user’s permissions. Therefore only limited commands can be executed, unless the Linux administrator (root) enables additional commands using e.g. sudo.

Execute detail

When selecting the Execute remotely checkbox, the dialog changes and allows entering the ssh port and credentials to run the command or script remotely:

Remote executed jobs can not send alarmfiles to the server. The files can only be processed on the collector, not on remote systems

When selecting the Inline script radio button the dialogue changes and allows entering scripting code inside a larger text box:

Execute parameters

Parameter

Description

Execute remotely

Activate this checkbox to run the command or script via ssh

SSH port

The TCP port that the ssh server listens on

Username

An existing user account on the remote machine

Password

A correct password for the user account on the remote machine

Execute

Program:
Run a single executable

Inline Script:
Run a whole script (sequence of commands), allowing to feed the script's output to the individual return values, string values and info message

Program path

The absolute path to the command (script or binary) to be executed

Inline script

A text box where commands and whole scripts can be entered. Inline scripts are run using the /bin/sh shell by default, but using pre-existing include functions (see below), bash, perl and python scripting can be used (see below). One advantage of adding scripts inside the Inline script is that they are stored in the SKOOR configuration database and no external code needs to be managed on the file system level.

Comments can be entered with a hash character (#).

Argument <n>

One or multiple arguments can be passed to the command. Click the + button to add additional arguments.

Save output to file

By default the file name entered here is stored under /var/opt/run/eranger/collector/tmp on the SKOOR Engine collector and will contain the command's standard output and/or standard error contents. It is strongly recommended to use a unique filename, for example by using the $ID$ tag which will be replaced by the job id (e.g. my_output_$ID$.out). If simple filenames are used, it can happen that multiple jobs write to the same file 

Suppress running time

If this checkbox is enabled, the running time of each check is ignored and not saved to the database and its value is no longer visible in the values section. Its value is also no longer available for use in alarm limit specifications.

Exit code

The Unit button allows specifying a name for the executable's exit code, as well as a unit, divisor, description and numerical precision.

Return values

Allows adding any number of return values by clicking the + button. For each of the return values, a Unit button appears and allows to specify the return value's name as well as its unit, divisor, description and numerical precision (the number of decimal places). If no return values are defined, only the exit code is read.

String values

Allows adding any number of string values by clicking the + button. For each of the string values, a Unit button appears and allows to specify the string value's name as well as its unit and description. Use only for a limited set of known static strings, not for strings which change very often (which contain e.g. the time and date).

The Tags dropdown list allows entering pre-defined variables into the fields above, e.g. $NAME$ for the name of the job.

The working directory of the script execution is /var/opt/run/eranger/collector, thus specifying a relative file path like bin/script.sh inside the Inline script or Program path will reference /var/opt/run/eranger/collector/bin/script.sh.

Execute include functions for bash, perl and python

Selecting the Inline script radio button allows entering a script in the large text box. Bash, perl and python scripting languages are supported. The Execute job offers various include functions for these languages to map script output to return values, string values and the info message. To be able to use these functions, they must be included first by pointing the cursor to the first line in the Inline script text box and selecting the corresponding include function for one of the 3 scripting languages from the Tags dropdown list:

For example, adding the sh/bash include function item adds the following code to the Inline script:

Now the following functions can be used inside the script to map numeric values and strings to return values, string values and the info message:

Function

Description

setErangerValue

Map a single numeric value to a return value identified by its index (1-n)

setErangerValues

Map multiple numeric values to multiple return values, adding return values according to the number of specified input values

setErangerStringValue

Map a single string to a string value identified by its index (1-n)

setErangerStringValues

Map multiple strings to string values, adding string values according to the number of specified input strings

setErangerInfoMessage

Map a numeric value or string to the contents of the job's info message

addErangerInfoMessage

Add a numeric value or string to the contents of the job's info message

getLastErangerValue

Get value from the last measurement by index (1-n). If no previous measurement is available, the function will return 0

getLastErangerStringValue

Get string value from the last measurement by index (1-n). The function will return an empty string if now previous measurement is available

outputErangerValues

If any return values, string values or info message contents are added using the functions above, this function needs to be added as the last item in the script

Execute values and alarm limits

Value / Alarm limit

Description

Running time

The time it took to execute the command or script (except if disabled by checking the Suppress running time parameter)

Exit code

The exit code of the command or script

Return value <0-n>

A numerical value with integer or floating point precision. Alarm limits can be defined on all of the configured return values.

String value <0-n>

A string value. Use only for a limited set of known static strings, not for strings which change very often (which contain e.g. the time and date). Alarm limits can be defined on all of the configured string values.

Error code

Generic job error code (see section Job error codes)

Execute examples

Example 1 - Run a single command with multiple commandline arguments

The following parameters will run the sudo command to run a script to restart the report service in SKOOR Engine:

No return or string values need to be defined, only the exit code of the combined command will be checked.

Output 1

Should the command not work for some reason, enter a file name in the Save output to file parameter text box:

The standard output and/or standard error of the command will be redirected into that file. It can be viewed from the job's value section:

Click the Update file button, the file name turns into a link:

Click the link to view the command output in a separate browser tab or window:

Running /opt/eranger/bin/eRanger.sh with root privileges...
eRanger Server installation...
waiting up to 15 seconds for 7090 to terminate 

Stopping eranger-report[  OK  ]
Starting eranger-report[  OK  ]

Example 2 - Run an Inline script with bash include functions

Inline script text box contents for a simple calculation of a random number:

. /opt/eranger/collector/eranger_exec_values.sh

newValue=$RANDOM
lastValue=$(getLastErangerValue 1)

diffValue=$(expr $newValue - $lastValue)

setErangerValues $newValue $diffValue
outputErangerValues

Two return values need to be defined as configured in the Inline script. In the following example, New Value and Difference have been defined:

Clicking the Unit button allows specifying the value details:

Output 2

Example 3 - Run an inline script with bash include functions and using the job's custom properties as script variables

The following will run a script specified as a variable with script arguments passed from a custom property. The script downloads a specified file (argument 2) from an FTP server (argument 1).

The custom property for the command line arguments needs to be defined first using the Admin menu. Click the Admin button in the upper right corner of the configuration view, then select Custom properties from the Search dropdown list:


Click the + button at the bottom of the screen. A Newly added properties section appears:

Give the custom property a name, then specify that this custom property should only be available for job objects:

Click Apply, then find the newly added property ID by hovering over its name with the mouse:

Exit the Admin menu by clicking the Admin button again in the upper right corner. The custom property is now available to be added to every job.

Add it to the Execute job and fill in the command line parameter(s) for the script referenced in the Inline script:

In this case there are 2 command line arguments, delimited by a space.

Now add the Inline script text box contents:

. /opt/eranger/collector/eranger_exec_values.sh

SCRIPT="/var/opt/run/eranger/bin/ftp_download_local.sh"

PARAMS="$OID_74$"

VALUE=$(${SCRIPT} ${PARAMS})
setErangerValue 1 $VALUE
outputErangerValues

Then add 1 return value:

The script returns the FTP download speed in kB/s, so a divisor needs to be added to convert to MBit/s.

The main advantage of using custom properties to feed arguments is that one can re-use the same Inline script code block for many jobs using a job template (see section Templates) and only have the custom property differ between the various jobs.

Output 3

Example 4 - Run an inline script with bash include functions and using a remote ssh call

The following Inline script runs a command remotely using the ssh command. The assumption is, that ssh authentication is already configured using passwordless public-keys, so no password is asked when connecting to the remote ssh server.

The command reads the number of remotely running ddclient processes. The internal variable $DEVICE_ADDRESS$ is used.

. /opt/eranger/collector/eranger_exec_values.sh

cmd="ps -u root | grep 'ddclient - ' | wc -l"
num_procs=$(ssh -o ConnectTimeout=15 -o ConnectionAttempts=1 eranger@$DEVICE_ADDRESS$ "$cmd")

setErangerValue 1 $num_procs
outputErangerValues

Add 1 return value:

Output 4

Example 5 - Run command remotely via ssh

The following example uses the Execute remotely checkbox to be able to enter ssh authentication credentials and run a command on a remote machine:

No return values or string values can be used when executing remotely, only the exit code is checked.

Output 5

Example 6 - Run a WMI query against a Windows 2000 server & read its event log

Use the following Inline script:

. /opt/eranger/collector/eranger_exec_values.sh

# this does a wmi query to windows 2000 servers
# for server 2003 upwards, use the dedicated "Agent Eventlog"
# job plugin directly.
# for the query to work, port tcp135 and the portrange tcp1025-tcp65535 
# must be accessible from this collector to the remote windows server

# BEWARE: when querying the eventlog for lots of events, especially events
# of severity 3, the query can take a very long time, sometimes hours.
# However, the maximum allowed runtime of a SKOOR execute job is merely 5
# minutes after which the job will kill this script and exit with a warning

# login credentials for wmi query (needs to be either an administrator 
# account or must have sufficient privileges to do remote wmi queries

USER=skoor
PWD=<fill in password here>

# Filter parameters (uncomment only parameters that are used)

# Logfile can be \'Application\', \'Security', 
# \'System\', or e.g. \'CustomEventLog\'
Logfile=\'Application\'

# Event source (always enclose in \'....\')
SourceName=\'FEP\'

# Event ID
#EventCode=203

# Severity (1=Error, 2=Warning, 3=Information, 
# 4=Security Audit Success, 5=Security Audit Failure)
EventType=1

# Event description (find events that contain the following string(s) 
# anywhere in the event description)
#Message='string1'
#Message='string1|string2' (for filtering multiple strings inside message field, use pipe delimiter)
Message='WSAECONNREFUSED'

# search only events which have been logged
# during the last XXX minutes (always adapt 
# to job execution interval)
Maxage=3

################################################3

Maxagesec=$((Maxage*60))
Tepoch=$(date +%s)
Tstart=$((Tepoch-Maxagesec))
# get start time in UTC
Tstart_datetime=\'$(date -u -d @$Tstart +%Y%m%d%H%M00.000000+000)\'

# construct query
Query="Select Logfile,Message,RecordNumber from Win32_NTLogEvent where Logfile=${Logfile} and TimeWritten>${Tstart_datetime}"
[ ! -z "${SourceName}" ] && Query+=" and SourceName=${SourceName}"
[ ! -z "${EventCode}" ] && Query+=" and EventCode=${EventCode}"
[ ! -z "${EventType}" ] && Query+=" and EventType=${EventType}"
echo "WMI Query is ${Query}"

wmic -U ${USER}%${PWD} //$DEVICE_ADDRESS$ "${Query}" > $DEVICE_NAME$_$ID$_eventlog.out
RC=$?

if [ ! -z "${Message}" ]; then
   Eventcount=$(grep -v dcerpc_connect $DEVICE_NAME$_$ID$_eventlog.out | grep -v 'Login to remote object' | egrep ${Message} | wc -l)
else
   Eventcount=$(grep -v dcerpc_connect $DEVICE_NAME$_$ID$_eventlog.out | grep -v 'Login to remote object' | wc -l)
fi

setErangerValue 1 $Eventcount
setErangerValue 2 $RC
outputErangerValues

Then add 2 return values:


Output 6

Example 7 - wget download with automatic termination after 45 seconds

Use the following notation to make sure the external command (wget in this case) is automatically terminated if it runs longer than 45 seconds:

(sleep 45; kill -9 -$$) &
wget -O /dev/null http://www.debian.org/netinst.iso