vrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

Similar documents
vrealize Log Insight Developer Resources

VMware vrealize Log Insight Getting Started Guide

Using vrealize Operations Tenant App for vcloud Director as a Tenant Admin

Using vrealize Log Insight Importer. April 12, 2018 vrealize Log Insight 4.6

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5

PostgreSQL Solution 1.1

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Multi-Tenancy in vrealize Orchestrator. vrealize Orchestrator 7.4

Using VMware Identity Manager Apps Portal

Administering Cloud Pod Architecture in Horizon 7. Modified on 4 JAN 2018 VMware Horizon 7 7.4

vrealize Business for Cloud Troubleshooting Guide

Administering Cloud Pod Architecture in Horizon 7. Modified on 26 JUL 2017 VMware Horizon 7 7.2

Port Adapter Installation and Configuration Guide

Administering Cloud Pod Architecture in Horizon 7. VMware Horizon 7 7.1

vrealize Code Stream Trigger for Gerrit

Administering vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

vrealize Operations Compliance Pack for PCI

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

VMware vrealize Configuration Manager SQL Migration Helper Tool User's Guide vrealize Configuration Manager 5.8

Using vrealize Operations Tenant App as a Service Provider

VMware vrealize Log Insight Security Guide

Getting Started. Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

VMware Workspace Portal End User Guide

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

Administering vrealize Log Insight

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Using the Horizon vrealize Orchestrator Plug-In

Installing and Configuring vcloud Connector

Getting Started. April 12, 2018 vrealize Log Insight 4.6

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Getting Started. vrealize Log Insight 4.3 EN

Getting Started. 05-SEPT-2017 vrealize Log Insight 4.5

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

VMware vcenter Log Insight Administration Guide

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

Upgrading VMware Identity Manager Connector. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Upgrade to VMware Identity Manager 3.3 (Windows) SEP 2018 VMware Identity Manager 3.3

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Using vrealize Log Insight. Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

vcloud Director API for NSX Programming Guide

Unified Access Gateway Double DMZ Deployment for Horizon. Technical Note 04 DEC 2018 Unified Access Gateway 3.4

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

Installing and Configuring vcenter Multi-Hypervisor Manager

Using vrealize Log Insight

Upgrading VMware Identity Manager Connector

Upgrading VMware Identity Manager Connector. Modified on OCT 12, 2017 VMware Identity Manager 2.9.2

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Using vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

vrealize Hyperic Supported Configurations and System Requirements vrealize Hyperic 5.8.4

vrealize Orchestrator Load Balancing

vrealize Operations Management Pack for NSX for vsphere 3.5 Release Notes

Using vrealize Log Insight. 08-SEP-2017 vrealize Log Insight 4.5

Using the VMware vrealize Orchestrator Client

Upgrading to VMware Identity Manager 3.0. SEP 2017 VMware AirWatch 9.2 VMware Identity Manager 3.0

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Using vrealize Log Insight

vrealize Business System Requirements Guide

VMware Skyline Collector User Guide. VMware Skyline 1.4

vrealize Hyperic Supported Configurations and System Requirements

vrealize Operations Manager API Programming Guide vrealize Operations Manager 6.6

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

vcenter Support Assistant User's Guide

Migrating vrealize Automation 6.2 to 7.2

Installing vrealize Network Insight

vcloud Director Administrator's Guide

Administering View Cloud Pod Architecture. VMware Horizon 7 7.0

vrealize Network Insight Installation Guide

Using the Horizon vcenter Orchestrator Plug-In. VMware Horizon 6 6.0

AppDefense Getting Started. VMware AppDefense

Installing and Configuring vcloud Connector

VMware Identity Manager Administration

VMware vrealize Log Insight Getting Started Guide

Using vrealize Log Insight

vcenter Operations Management Pack for vcns

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

vrealize Operations Management Pack for NSX for vsphere 2.0

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

VMware vcenter Server Appliance Management Programming Guide. Modified on 28 MAY 2018 vcenter Server 6.7 VMware ESXi 6.7

VMware vfabric Data Director Installation Guide

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Installing and Configuring vcenter Support Assistant

Using the vcenter Orchestrator SOAP Plug-In 1.0.1

Programming Guide Guest SDK 3.5

vrealize Business for Cloud Troubleshooting Guide

vcloud Director User's Guide

Getting Started Guide. VMware NSX Cloud services

vrealize Code Stream Trigger for Git

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Transcription:

vrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright 2018 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 2

Contents 1 About 4 2 Enforce SSL-Only Connections 5 3 Using the vrealize Log Insight Ingestion API 6 Using the events/ingest Service 6 Using the messages/ingest Service (Deprecated) 8 The vrealize Log Insight REST API 10 VMware, Inc. 3

About vrealize Log Insight 1 Developer Resources provides information about the vrealize Log Insight Ingestion API. Intended Audience This information is intended for anyone who wants to use the vrealize Log Insight Ingestion API. You must be familiar with REST concepts and with the JSON serialization format. VMware, Inc. 4

Enforce SSL-Only Connections 2 You can use the vrealize Log Insight Web user interface to configure the vrealize Log Insight Agents and the Ingestion API to allow only SSL connections to the server. The vrealize Log Insight API is normally reachable through HTTP on port 9000 and through HTTPS on port 9543. Both ports can be used by the vrealize Log Insight Agent or custom API clients. All authenticated requests require SSL, but unauthenticated requests, including vrealize Log Insight Agent ingestion traffic, can be performed with either. You can force all API request to use SSL connections. This option does not restrict Syslog port 514 traffic and does not affect the vrealize Log Insight user interface, for which HTTP port 80 requests continue redirecting to HTTPS port 443. Prerequisites Verify that you are logged in to the vrealize Log Insight Web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vrealize Log Insight virtual appliance. Procedure 1 Click the configuration drop-down menu icon and select Administration. 2 Under Configuration, click SSL. 3 Under the API Server SSL, select Require SSL Connection. 4 Click Save. vrealize Log Insight API allows only SSL connections to the server. Non-SSL connections are refused. VMware, Inc. 5

Using the vrealize Log Insight 3 Ingestion API You can interact with the vrealize Log Insight Ingestion API to send events to the vrealize Log Insight server. All API request and response bodies are UTF8 encoded JSON strings with Content-Type: application/json header field. On success, all calls return HTTP response code 200. This chapter includes the following topics: Using the events/ingest Service Using the messages/ingest Service (Deprecated) The vrealize Log Insight REST API Using the events/ingest Service You can use the events/ingest service to send events to a vrealize Log Insight server using HTTP POST requests. The events/ingest service uses the following syntax. Protocol HTTP Value http://loginsight_host:9000/api/v1/events/ingest/agentid HTTPS https://loginsight_host:9543/api/v1/events/ingest/agentid HTTP Method POST Note The vrealize Log Insight Ingestion API has a limit of 4 MB per HTTP POST request. The maximum size of a single text field is 16 KB. VMware, Inc. 6

Parameters Where to Parameter Type pass Description agentid String In URL The ID of the sending agent should follow the UUID standard. The agent may be an official vrealize Log Insight Windows or Linux agent or any client leveraging the Ingestion API. Content-Type: application/json String In POST body The Content-Type parameter specifies the nature of the data in the POST body. Events array Array In POST body An array of events. Each event must have the following format. {"events": [{ "text": optional, message text as a string, "timestamp": optional, timestamp encoded as number of milliseconds since Unix epoch in UTC, "fields": optional array of [{ "name": the name of the field, "content": optional, the content of the field, "startposition": optional, the start position in the "text", "length": optional, the length of the string in the "text",,...],...] Note The vrealize Log Insight server compares the "timestamp" you provide with the local time on the vrealize Log Insight server. If you provide a "timestamp" outside of the default 10 minutes tolerated drift window, the vrealize Log Insight server ignores your "timestamp" and uses its local time. If "timestamp" is not present, vrealize Log Insight uses arrival time. Note If the "content" of a field is not present, then "startposition" and "length" must be present and must point to a valid position in the "text" field string. Return HTTP Values Name Type Description 200 OK Integer Standard HTTP response codes 400 Bad Request 500 Internal Server Error 503 Service Unavailable This response indicates that the server is overloaded. The Retry-After response header provides the suggested retry time in seconds. VMware, Inc. 7

Example Request POST http://loginsight:9000/api/v1/events/ingest/4c4c4544-0037-5910-805a-c4c04f585831 Host: loginsight:9000 Connection: keep-alive Content-Type: application/json charset: utf-8 Content-Length:?? {"events": [{ "fields": [ {"name": "Channel", "content": "Security", {"name": "EventID", "content": "4688", {"name": "EventRecordID", "content": "33311266", {"name": "Keywords", "content": "Audit Success", {"name": "Level", "content": "Information", {"name": "OpCode","content": "Info", {"name": "ProcessID", "content": "4", {"name": "ProviderName", "content": "Microsoft-Windows-Security-Auditing", {"name": "Task", "content": "Process Creation", {"name": "ThreadID", "content": "64" ], "text": "A new process has been created.", "timestamp": 1396622879241 ] Example Response HTTP/1.1 200 OK {"status":"ok","message":"events ingested","ingested":18 Using the messages/ingest Service (Deprecated) You can use the messages/ingest service to send events to a vrealize Log Insight server using HTTP POST requests. The messages/ingest service uses the following syntax. Protocol HTTP Value http://loginsight_host:9000/api/v1/messages/ingest/agentid HTTPS https://loginsight_host:9543/api/v1/messages/ingest/agentid VMware, Inc. 8

HTTP Method POST Note The vrealize Log Insight Ingestion API has a limit of 4 MB per HTTP POST request. The maximum size of a single text field is 16 KB. Parameters Where to Parameter Type pass Description agentid String In URL The ID of the sending agent should follow the UUID standard. The agent may be an official vrealize Log Insight Windows or Linux agent or any client leveraging the Ingestion API. Content-Type: application/json String In POST body The Content-Type parameter specifies the nature of the data in the POST body. Events array Array In POST body An array of events. Each event must have the following format. {"messages": [{ "text": optional, message text as a string, "timestamp": optional, timestamp encoded as number of milliseconds since Unix epoch in UTC, "fields": optional array of [{ "name": the name of the field, "content": optional, the content of the field, "startposition": optional, the start position in the "text", "length": optional, the length of the string in the "text",,...],...] Note The vrealize Log Insight server compares the "timestamp" you provide with the local time on the vrealize Log Insight server. If you provide a "timestamp" outside of the default 10 minutes tolerated drift window, the vrealize Log Insight server ignores your "timestamp" and uses its local time. If "timestamp" is not present, vrealize Log Insight uses arrival time. Note If the "content" of a field is not present, then "startposition" and "length" must be present and must point to a valid position in the "text" field string. Return HTTP Values Name Type Description 200 OK Integer Standard HTTP response codes 400 Bad Request VMware, Inc. 9

Name Type Description 500 Internal Server Error 503 Service Unavailable This response indicates that the server is overloaded. The Retry-After response header provides the suggested retry time in seconds. Example Request POST http://loginsight:9000/api/v1/messages/ingest/4c4c4544-0037-5910-805a-c4c04f585831 Host: loginsight:9000 Connection: keep-alive Content-Type: application/json charset: utf-8 Content-Length:?? {"messages": [{ "fields": [ {"name": "Channel", "content": "Security", {"name": "EventID", "content": "4688", {"name": "EventRecordID", "content": "33311266", {"name": "Keywords", "content": "Audit Success", {"name": "Level", "content": "Information", {"name": "OpCode","content": "Info", {"name": "ProcessID", "content": "4", {"name": "ProviderName", "content": "Microsoft-Windows-Security-Auditing", {"name": "Task", "content": "Process Creation", {"name": "ThreadID", "content": "64" ], "text": "A new process has been created.", "timestamp": 1396622879241 ] Example Response HTTP/1.1 200 OK {"status":"ok","message":"messages ingested","ingested":18 The vrealize Log Insight REST API The REST API provides programmatic access to vrealize Log Insight and to the data it collects. VMware, Inc. 10

You can use the API to insert events into the vrealize Log Insight data store, to query for events and to change product configuration. You can also use the API to install or upgrade vrealize Log Insight. For more information, see the vrealize Log Insight API reference at https://www.vmware.com/go/loginsight/api. VMware, Inc. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback