2
answers

Hi, I'm trying to execute the following bash command using NXLog's im_exec input module:
/usr/sbin/route -n | grep 'UG[ \t]' | awk '{print $2}'
From the Linux terminal that command will give the local gateway.

When I attempt to run the command in NXLog I get the following:

2020-01-24 13:43:09 WARNING im_exec process /usr/sbin/route exited
2020-01-24 13:43:10 ERROR subprocess '8114' returned a non-zero exit value of 3

Input module I'm using to execute the command:

<Input Bash>
   Module  im_exec
                Restart true
                Command /usr/sbin/route
              Arg -n | grep 'UG[ \t]' | awk '{print $2}'
              Arg grep 'UG[ \t]'
              Arg awk '{print $2}'
              Arg sleep 30
        <Exec>
       $gateway = $raw_event;
    </Exec>
</Input>

I've tried various combinations of configuring the Arg's but so far no luck.
If I try putting everything in the Command field I get this error:
/usr/sbin/route -n |grep 'UG[ \t]'| awk '{print $2}';sleep 30;No such file or directory

Can someone help me with the correct syntax?

NOTE: It seems like the problem is with using the | character in the command. Anyone know if NXLog will accept this argument or what syntax I need to use?

Thanks in advance!!

AskedJanuary 24, 2020 - 8:06pm

Answers (2)

The above is a shell command while im_exec can not evaluate shell commands. You'll need to run all that via bash -c.

Comments (1)

  • casey1234's picture

    Hi,

    That didn't seem to work:

    ERROR couldn't execute process bash -c /usr/sbin/route -n |grep 'UG[ \t]'| awk '{print $2}';No such file or directory

    <Input Bash>
       Module  im_exec
                    Restart true
                    Command bash -c /usr/sbin/route -n |grep 'UG[ \t]'| awk '{print $2}'
    <Exec>
    $gateway = $raw_event;
    </Exec>
    </Input>
    

Got it working with the help of b0ti:

<Input Bash>
   Module  im_exec
                Restart true
                Command /bin/bash
                Arg -c
                Arg /usr/sbin/route -n |grep 'UG[ \t]'| awk '{print $2}'
    <Exec>
        $gateway = $raw_event;
    </Exec>
</Input>

Hopefully this helps someone in the future,

Have a great day!