if {exists file “/etc/sd_pam.conf” AND now - modification time of file “/etc/sd_pam.conf” > 1*day}
wait /bin/sh –c logger -i -p “auth.info” bigfix_dev - /etc/sd_pam.conf has been modified
endif
I’m getting failed with exit code 2. any help appreciated
I always put quotes around the cmd after -c. Here tried single quotes since you have a double quote.
if {exists file "/etc/sd_pam.conf" AND now - modification time of file "/etc/sd_pam.conf" > 1*day}
wait /bin/sh –c 'logger -i -p "auth.info" bigfix_dev - /etc/sd_pam.conf has been modified'
endifFirst issue was my success criteria for fixlet rather than task, however I’m still getting exit code 2 ?
possibly permissions or format (lack of double quotes )
Do yo still get the same return if you run it manually?
I dont have access to test interactively. Essentially, this is the splunk forwarder command which executes when the relevance condition is met.
try this…
wait /bin/sh –c 'logger -i -p "auth.info" bigfix_dev - /etc/sd_pam.conf has been modified >> /tmp/logerror.log 2>&1'
Then use fast query to pull back the output from /tmp/logerror.log
appreciate the thought, but i need the alert to be fired into spunk directly from the endpoint.
I’m helping you troubleshoot why it’s failing. your only getting the error code. capturing the output of the error can be helpful.
ok that makes sense, will get back to you … thanks for your help so far
Any advice greatfully received -
Completed delete __appendfile
Completed appendfile #!/bin/sh
Completed appendfile
Completed appendfile logger -i -p “auth.info” "bigfix_dev - /var/ace/sdconf.rec has been modified."
Completed appendfile
Completed //modify appendfile to allow execution
Failed wait chmod 555 "{(client folder of current site as string) & “/__appendfile”}
//execute shell script as written
wait “{(client folder of current site as string) & “/__appendfile”}”
okay managed to fix this …