...
- opEvents versions up to 2.0.3 do not support long-running programs in script actions, and opeventsd blocks until the action program terminates.
- From version 2.0.4 onwards,
scriptaction handling is asynchronous and parallel, and the event status gets updated whenever processing of a script action completes.
Because of the asynchronous processing your action policy does not have access to anyscript.<scriptname>event properties. - Up to version 2.0.6, script actions are excuted using the system shell.
- As a consequence you have to ensure your script
argumentsare shell-safe, ie. that spaces are escaped or suitably quoted, that quotes line up and that the arguments do not contain unescaped shell metacharacters (",',`,!, &...). - The exit code of the external program is not captured, only its output on STDOUT (and STDERR, unless the
execargument disposes of STDERR explicitely with a "2>..." construct). Argument substitution for
event.name andnode.name may need to be disabled (if your arguments need to contain a verbatim "event.sometext" string.
This can be done by escaping the "." with an (escaped) backslash. For exampleCode Block arguments => 'node.host event\\.event ...and other stuff to feed the program'
will cause the argument to contain the unsubstituted text 'event.event'. Node the use of single quotes.
- As a consequence you have to ensure your script
- Since the refresh of opEvents 2.0.6 on 2016-11-01, script actions are no longer executed using a shell, but directly by by
opeventsdinstead.
This is much safer from a security perspective, and also potentially generally faster.- It is recommended (but not required) that you change your script configuration to use the new list format for
arguments(andexec), as shown in the example above (see "future_proof").
If you use the list format, then each token is analysed for potential property substitution and then passed on to your program, separate from all other tokens.
Spaces, backticks or other shell metacharacters are thus no longer problematic in an event or node property. - You may can continue using the single-string
argumentsorexec, but then opEvents will perform the necessary word-splitting and minimal amendments for backwards-compatibility only:
If yourargumentsstring contains quoted tokens like"--some_program_arg=event.event", the surrounding double (or single) quotes are stripped.
Please note that this is not performed for quotes anywhere else in your arguments string; i.
I.e. for with an arguments string like--weird_argument=don't, the single quote will be passed through to your program as-is. - If you need to disable substitution (to pass in strings like "event.sometext" verbiatim), escape the "." with a backslash;.
as As a much better alternative you can also put verbatim arguments in theexeclist, because only theargumentslist is subject to substitution. - It is now possible to select whether the script exitcode should be captured and saved with the event.
This is enabled by default, unless you addexitcode=> 'false' to your script configuration. - It is now also possible to select which combination of STDOUT and STDERR output of a script should be captured and saved.
The config propertyoutputcovers STDOUT, the propertystderrSTDERR.stderrdefaults to the value ofoutput, if not given separatelyexplicitely.
Adding"2>&1" to your script arguments is no longer supported. - Should you absolutely require shell features in your script action, simply use
/bin/shas theexecand set theargumentsto your liking, but
please note that this is substantially less secure than direct execution ifevent.Xornode.Ysubstitutions are involved.
- It is recommended (but not required) that you change your script configuration to use the new list format for
Configuration for email()
...