2
responses

when i manually execute python script it works fine (cat /var/log/nxlog/pktdesign-alerts.log1|./sec-parse.py) , but whe nxlog calls keep on seeing the error messages below and scripot does not execute, 

 

===> when nxlog config was whats listed below produced error "2015-11-23 20:52:41 ERROR subprocess '4843' returned a non-zero exit value of 127"

<Output alertout-pktdesign>
    Module      om_file
    File        "/var/log/nxlog/pktdesign-alerts.log1"
    Exec        exec_async("/bin/sh", "-c", 'echo "' + $raw_event +  '"|./sec-parse.py' );
</Output>

 

 

===> when nxlog config was what's listed below produced error  "2015-11-23 21:25:41 ERROR subprocess '8319' returned a non-zero exit value of 1"

<Output alertout-pktdesign>
    Module      om_file
    File        "/var/log/nxlog/pktdesign-alerts.log1"
    Exec        exec_async("/bin/sh", "-c", 'echo "' + $raw_event +  '"|/etc/nxlog/sec-parse.py' );
</Output>

 

any help is appreciated.

thanks

 

AskedNovember 23, 2015 - 10:34pm

Answer (1)

You should test what you put in the config, i.e. run /bin/sh -c echo " test msg "|/etc/nxlog/sec-parse.py

Note that constructing a shell command without input validation and escaping is pretty unsafe. Think about it what would happen if $raw_event ends up containing something like this:

"; rm -rf /; echo"

Instead of using exec_async() I suggest using om_exec and piping the data into the script there but you will need to make sure it does not exit.

 

Comments (1)