Enable and Execute Event Scripts

Event scripts are stored on a device’s hard disk in the /var/db/scripts/event directory or on the flash drive in the /config/scripts/event directory. Only users in the Junos OS super-user login class can access and edit files in these directories. For information about setting the storage location for scripts, see Store and Enable Junos Automation Scripts and Store Scripts in Flash Memory.

To prevent the execution of unauthorized Python code on devices running Junos OS, unsigned Python scripts must meet certain requirements before you can execute the scripts on a device. Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file. Prior to Junos OS Release 16.1R3, unsigned Python scripts must only be owned by the root user. For detailed information about the requirements for executing Python automation scripts on devices running Junos OS, see Requirements for Executing Python Automation Scripts on Junos Devices.

You must enable an event script before it can be executed. To enable an event script, include the file filename statement at the [edit event-options events-script] hierarchy level, and specify the name of the file containing the event script. Only users who belong to the Junos super-user login class can enable event scripts.

SLAX and Python scripts must include the .slax or .py filename extension, respectively, in both the actual script name and the filename in the configuration. XSLT scripts do not require a filename extension, but we strongly recommend that you append the .xsl extension. Whether or not you choose to include the .xsl extension on the file, the filename that you add at the [edit event-options event-script file] hierarchy level must exactly match the filename of the script in the directory. For example, if the XSLT script filename is script1.xsl, then you must include script1.xsl in the configuration hierarchy to enable the script; likewise, if the XSLT script filename is script1, then you must include script1 in the configuration hierarchy.

By default, you cannot execute unsigned Python scripts on devices running Junos OS. To enable the execution of unsigned Python automation scripts that meet the requirements outlined in Requirements for Executing Python Automation Scripts on Junos Devices, you must configure the language python or language python3 statement at the [edit system scripts] hierarchy level.

By default, Junos OS executes Python event scripts with the access privileges of the generic, unprivileged user and group nobody. Starting in Junos OS Release 16.1R3, you can specify the user under whose access privileges the Python script will execute. To execute a Python event script under the access privileges of a specific user, configure the python-script-user username statement at the [edit event-options event-script file filename] hierarchy level.

To determine which event scripts are currently enabled on the device, use the show command to display the files configured at the [edit event-options event-script] hierarchy level.

To ensure that the enabled files are on the device, list the contents of the /var/run/scripts/event/ directory using the file list /var/run/scripts/event operational mode command.

When you issue the commit command, event scripts configured at the [edit event-options event-script] hierarchy level are placed into system memory and enabled for execution. After the commit operation completes, an event policy can execute an event script in response to an event notification.