Testing of alert fails

Hi guys,
when i try to test the alert it only says;
Testing the notification Test_Splunk failed. Alert script failed.

The splunk configuration is correct, it doesn’t matter which method i am using;
send to, scp…

thank you for your help!

GVM versions

gsa: (‘gsad --version’)
Greenbone Security Assistant 9.0.1~git-f4a4658fb-gsa-9.0
gvm: (‘gvmd --version’)
Greenbone Vulnerability Manager 9.0.1~git-0aae9d25-gvmd-9.0
openvas-scanner: (‘openvassd --version’)
OpenVAS 7.0.1
gvm-libs 11.0.1


Operating system:
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal

Kernel: (‘uname -a’)

Installation method / source:

I had to resolve this issue recently. I found that the cause was missing dependencies.

When testing the alerts from the alerts page, I found that while an indication that the alert had been tested appeared in gvmd.log, no corresponding error message appeared. However, when I went into Scans > Reports, selected a report and then “Trigger Alert” in the top left, I could run the alert from there with the selected report, and doing so seemed to produce the missing error message, similar to below:

event alert:MESSAGE:2020-10-08 20h18.22 UTC:176036: The alert Export Reports was triggered (Event: Task status changed to 'Done', Condition: Always)
GLib:CRITICAL:2020-10-08 20h18.23 UTC:176043: g_file_get_contents: assertion 'contents != NULL' failed
md manage:WARNING:2020-10-08 20h18.23 UTC:176036: alert_script_exec: child failed, /usr/share/gvm/gvmd/global_alert_methods/4a398d42-87c0-11e5-a1c0-28d24461215b/alert '' '4343' /tmp/gvmd_alert_ofXITd/report > /dev/null 2> /tmp/gvmd_alert_ofXITd/error_AlGe6d

I took particular notice of the last line, which had a path to a script that controlled how the method being used, in this case Send To, functioned. Fortunately it was simply a short shell script,

cat $3 | socat -t 0 - TCP:$1:$2

I quickly found that socat was not installed on my machine. Running “apt install socat”, it immediately started to work, both from the Scans > Reports page and Configuration > Alerts page. I repeated this process with the SCP method, and found sshpass was missing in that case. Likewise after running “apt install sshpass”, that method began working as well.


While the error message handling of missing dependencies could be improved please note that such dependencies like “socat” and “sshpass” are listed for each alert at the following part of the install document:

1 Like