Enable and Execute Event Scripts
Event scripts are stored on a device’s hard disk in the
/var/db/scripts/event directory or on the flash
drive in the /config/scripts/event directory. Only
users in the super-user
login class can access and edit
files in these directories. For information about setting the storage
location for scripts, see Store and Enable Junos Automation Scripts and Store Scripts in Flash Memory.
To prevent the execution of unauthorized Python code on Junos devices, unsigned Python scripts
must meet certain requirements before you can execute the scripts on a
device. Unsigned Python scripts must be owned by either root or a user in
the super-user
login class, and only the file owner can
have write permission for the file. For detailed information about the
requirements for executing Python automation scripts, see Requirements for Executing Python Automation Scripts on Junos Devices.
If the device has dual Routing Engines and you want to
enable an event script to execute on both Routing Engines, you can
copy the script to the /var/db/scripts/event or /config/scripts/event directory
on both Routing Engines, or you can issue the commit synchronize
scripts
command to synchronize the configuration and copy the
scripts to the other Routing Engine as part of the commit operation.
You must enable an event script before you can execute it. To enable an event script, include the
file filename
statement
at the [edit event-options events-script]
hierarchy level,
and specify the filename of the event script. Only users in the
super-user
login class can enable event
scripts.
[edit event-options event-script] user@host# set file filename
SLAX and Python scripts must include the .slax or .py filename extension, respectively, in both the actual script name and the filename in the configuration. XSLT scripts do not require a filename extension, but we strongly recommend that you append the .xsl extension. In either case, the configured filename must exactly match the filename of the script in the directory. For example, if the XSLT script filename is script1.xsl, then you must include script1.xsl in the configuration. Likewise, if the XSLT script filename is script1, then you must include script1 in the configuration.
By default, you cannot execute unsigned Python scripts on Junos devices. To enable the execution
of unsigned Python automation scripts that meet the requirements outlined in
Requirements for Executing Python Automation Scripts on Junos Devices, you must configure the language python
or
language python3
statement at the [edit
system scripts]
hierarchy level.
[edit system scripts] user@host# set language (python | python3)
By default, Junos OS executes Python event scripts with the access privileges of the generic,
unprivileged user and group nobody
. To execute a Python
event script under the access privileges of a specific user, configure the
python-script-user username
statement at the [edit event-options event-script file
filename]
hierarchy level.
[edit event-options event-script file filename] user@host# set python-script-user username
To enable a user who does not belong to the file’s user or group class to execute an unsigned Python automation script, the script’s file permissions must include read permission for others.
To determine which event scripts are currently enabled on the device, display the files
configured at the [edit event-options event-script]
hierarchy level.
user@host> show configuration event-options event-script
To ensure that the enabled files are on the device, list the contents of the /var/run/scripts/event/ directory.
user@host> file list /var/run/scripts/event
When you issue the commit
command, event scripts
configured at the [edit event-options event-script]
hierarchy
level are placed into system memory and enabled for execution. After
the commit operation completes, an event policy can execute an event
script in response to an event notification.
Example: Enabling an Event Script
To enable an event script:
Ensure that the script is located in the correct directory:
/var/db/scripts/event directory on the hard disk
/config/scripts/event directory on the flash drive
If you store scripts on the flash drive, configure the
load-scripts-from-flash
statement.[edit system scripts] user@host# set load-scripts-from-flash
For unsigned Python scripts, ensure that the following requirements are met:
File owner is either root or a user in the
super-user
login class.Only the file owner has write permission for the file.
The
language python
orlanguage python3
statement is configured at the[edit system scripts]
hierarchy level.[edit system scripts] user@host# set language (python | python3)
Enable the script.
[edit event-options event-script] user@host# set file filename
For example:
[edit event-options event-script] user@host# set file ospf-neighbors.py
For Python scripts, configure the script to execute under the access privileges of a specific user.
[edit event-options event-script file filename] user@host# set python-script-user username
For example:
[edit event-options event-script file filename] user@host# set python-script-user admin
Commit the configuration.
[edit] user@host# commit
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
super-user
login class, and only the file owner can have write
permission for the file.