vrealize Log Insight Developer Resources

Similar documents
vrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

VMware vrealize Log Insight Getting Started Guide

Using vrealize Operations Tenant App for vcloud Director as a Tenant Admin

PostgreSQL Solution 1.1

Using vrealize Log Insight Importer. April 12, 2018 vrealize Log Insight 4.6

Using VMware Identity Manager Apps Portal

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5

Port Adapter Installation and Configuration Guide

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

vrealize Operations Compliance Pack for PCI

Multi-Tenancy in vrealize Orchestrator. vrealize Orchestrator 7.4

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

vrealize Code Stream Trigger for Gerrit

VMware vrealize Configuration Manager SQL Migration Helper Tool User's Guide vrealize Configuration Manager 5.8

Administering Cloud Pod Architecture in Horizon 7. Modified on 4 JAN 2018 VMware Horizon 7 7.4

vrealize Business for Cloud Troubleshooting Guide

Administering Cloud Pod Architecture in Horizon 7. Modified on 26 JUL 2017 VMware Horizon 7 7.2

VMware Workspace Portal End User Guide

Administering Cloud Pod Architecture in Horizon 7. VMware Horizon 7 7.1

VMware vrealize Log Insight Security Guide

Administering vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

Installing and Configuring vcloud Connector

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Using vrealize Operations Tenant App as a Service Provider

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

Administering vrealize Log Insight

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Using the Horizon vrealize Orchestrator Plug-In

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

Getting Started. April 12, 2018 vrealize Log Insight 4.6

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Getting Started. Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

Installing and Configuring vcenter Multi-Hypervisor Manager

Getting Started. vrealize Log Insight 4.3 EN

Getting Started. 05-SEPT-2017 vrealize Log Insight 4.5

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

vcloud Director API for NSX Programming Guide

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

Upgrading VMware Identity Manager Connector

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

vrealize Business System Requirements Guide

VMware vcenter Log Insight Administration Guide

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

Upgrading VMware Identity Manager Connector. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

vrealize Hyperic Supported Configurations and System Requirements

Using the VMware vrealize Orchestrator Client

vcenter Support Assistant User's Guide

Migrating vrealize Automation 6.2 to 7.2

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

Installing vrealize Network Insight

Unified Access Gateway Double DMZ Deployment for Horizon. Technical Note 04 DEC 2018 Unified Access Gateway 3.4

vrealize Network Insight Installation Guide

Using vrealize Log Insight

vcloud Director Administrator's Guide

vcenter Operations Management Pack for vcns

Installing and Configuring vcloud Connector

VMware Identity Manager Administration

Upgrading VMware Identity Manager Connector. Modified on OCT 12, 2017 VMware Identity Manager 2.9.2

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

vrealize Operations Management Pack for NSX for vsphere 2.0

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

vrealize Hyperic Supported Configurations and System Requirements vrealize Hyperic 5.8.4

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Using vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

Using the vcenter Orchestrator SOAP Plug-In 1.0.1

VMware vfabric Data Director Installation Guide

vrealize Orchestrator Load Balancing

vrealize Operations Management Pack for NSX for vsphere 3.5 Release Notes

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

Installing and Configuring vcenter Support Assistant

Using vrealize Log Insight

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

vcloud Director User's Guide

vrealize Code Stream Trigger for Git

VMware Skyline Collector User Guide. VMware Skyline 1.4

Using vrealize Log Insight. Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0

vrealize Operations Manager API Programming Guide vrealize Operations Manager 6.6

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

vcenter Support Assistant User's Guide

Administering View Cloud Pod Architecture. VMware Horizon 7 7.0

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

Request Manager User's Guide

Upgrade to VMware Identity Manager 3.3 (Windows) SEP 2018 VMware Identity Manager 3.3

Lifecycle Manager User's Guide

Using the Horizon vcenter Orchestrator Plug-In. VMware Horizon 6 6.0

AppDefense Getting Started. VMware AppDefense

VMware vrealize Log Insight Getting Started Guide

VMware vfabric Data Director Installation Guide

VMware Identity Manager Administration

Upgrading to VMware Identity Manager 2.4. x from 2.4

vcenter Operations Management Pack for NSX-vSphere

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Using vrealize Log Insight

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

vcenter CapacityIQ Installation Guide

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

Transcription:

vrealize Log Insight Developer Resources vrealize Log Insight 4.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN- -00

vrealize Log Insight Developer Resources You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.

Contents 1 About vrealize Log Insight Developer Resources 5 2 Enforce SSL-Only Connections 7 3 Using the vrealize Log Insight Ingestion API 9 Using the events/ingest Service 9 Using the messages/ingest Service (Deprecated) 11 The vrealize Log Insight REST API 13 Index 15 VMware, Inc. 3

vrealize Log Insight Developer Resources 4 VMware, Inc.

About vrealize Log Insight Developer 1 Resources vrealize Log Insight Developer Resources provides information about the vrealize Log Insight Ingestion API. Intended Audience This information is intended for anyone who wants to use the vrealize Log Insight Ingestion API. You must be familiar with REST concepts and with the JSON serialization format. VMware, Inc. 5

vrealize Log Insight Developer Resources 6 VMware, Inc.

Enforce SSL-Only Connections 2 You can use the vrealize Log Insight Web user interface to configure the vrealize Log Insight Agents and the Ingestion API to allow only SSL connections to the server. The vrealize Log Insight API is normally reachable through HTTP on port 9000 and through HTTPS on port 9543. Both ports can be used by the vrealize Log Insight Agent or custom API clients. All authenticated requests require SSL, but unauthenticated requests, including vrealize Log Insight Agent ingestion traffic, can be performed with either. You can force all API request to use SSL connections. This option does not restrict Syslog port 514 traffic and does not affect the vrealize Log Insight user interface, for which HTTP port 80 requests continue redirecting to HTTPS port 443. Prerequisites Verify that you are logged in to the vrealize Log Insight Web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vrealize Log Insight virtual appliance. Procedure 1 Click the configuration drop-down menu icon and select Administration. 2 Under Configuration, click SSL. 3 Under the API Server SSL, select Require SSL Connection. 4 Click Save. vrealize Log Insight API allows only SSL connections to the server. Non-SSL connections are refused. VMware, Inc. 7

vrealize Log Insight Developer Resources 8 VMware, Inc.

Using the vrealize Log Insight 3 Ingestion API You can interact with the vrealize Log Insight Ingestion API to send events to the vrealize Log Insight server. All API request and response bodies are UTF8 encoded JSON strings with Content-Type: application/json header field. On success, all calls return HTTP response code 200. This chapter includes the following topics: Using the events/ingest Service, on page 9 Using the messages/ingest Service (Deprecated), on page 11 The vrealize Log Insight REST API, on page 13 Using the events/ingest Service You can use the events/ingest service to send events to a vrealize Log Insight server using HTTP POST requests. The events/ingest service uses the following syntax. Protocol HTTP HTTPS Value http://loginsight_host:9000/api/v1/events/ingest/agentid https://loginsight_host:9543/api/v1/events/ingest/agentid HTTP Method POST Note The vrealize Log Insight Ingestion API has a limit of 4 MB per HTTP POST request. The maximum size of a single text field is 16 KB. VMware, Inc. 9

vrealize Log Insight Developer Resources Parameters Parameter Type Where to pass Description agentid String In URL The ID of the sending agent should follow the UUID standard. The agent may be an official vrealize Log Insight Windows or Linux agent or any client leveraging the Ingestion API. Content-Type: application/json String In POST body The Content-Type parameter specifies the nature of the data in the POST body. Events array Array In POST body An array of events. Each event must have the following format. {"events": [{ "text": optional, message text as a string, "timestamp": optional, timestamp encoded as number of milliseconds since Unix epoch in UTC, "fields": optional array of [{ "name": the name of the field, "content": optional, the content of the field, "startposition": optional, the start position in the "text", "length": optional, the length of the string in the "text", },...] },...] } Note The vrealize Log Insight server compares the "timestamp" you provide with the local time on the vrealize Log Insight server. If you provide a "timestamp" outside of the default 10 minutes tolerated drift window, the vrealize Log Insight server ignores your "timestamp" and uses its local time. If "timestamp" is not present, vrealize Log Insight uses arrival time. Note If the "content" of a field is not present, then "startposition" and "length" must be present and must point to a valid position in the "text" field string. Return HTTP Values Name Type Description 200 OK Integer Standard HTTP response codes 400 Bad Request 500 Internal Server Error 503 Service Unavailable This response indicates that the server is overloaded. The Retry-After response header provides the suggested retry time in seconds. Example Request POST http://loginsight:9000/api/v1/events/ingest/4c4c4544-0037-5910-805a-c4c04f585831 Host: loginsight:9000 Connection: keep-alive Content-Type: application/json charset: utf-8 10 VMware, Inc.

Chapter 3 Using the vrealize Log Insight Ingestion API Content-Length:?? {"events": [{ "fields": [ {"name": "Channel", "content": "Security"}, {"name": "EventID", "content": "4688"}, {"name": "EventRecordID", "content": "33311266"}, {"name": "Keywords", "content": "Audit Success"}, {"name": "Level", "content": "Information"}, {"name": "OpCode","content": "Info"}, {"name": "ProcessID", "content": "4"}, {"name": "ProviderName", "content": "Microsoft-Windows-Security-Auditing"}, {"name": "Task", "content": "Process Creation"}, {"name": "ThreadID", "content": "64"} ], "text": "A new process has been created.", "timestamp": 1396622879241 } ] } Example Response HTTP/1.1 200 OK {"status":"ok","message":"events ingested","ingested":18} Using the messages/ingest Service (Deprecated) You can use the messages/ingest service to send events to a vrealize Log Insight server using HTTP POST requests. The messages/ingest service uses the following syntax. Protocol HTTP HTTPS Value http://loginsight_host:9000/api/v1/messages/ingest/agentid https://loginsight_host:9543/api/v1/messages/ingest/agentid HTTP Method POST Note The vrealize Log Insight Ingestion API has a limit of 4 MB per HTTP POST request. The maximum size of a single text field is 16 KB. VMware, Inc. 11

vrealize Log Insight Developer Resources Parameters Parameter Type Where to pass Description agentid String In URL The ID of the sending agent should follow the UUID standard. The agent may be an official vrealize Log Insight Windows or Linux agent or any client leveraging the Ingestion API. Content-Type: application/json String In POST body The Content-Type parameter specifies the nature of the data in the POST body. Events array Array In POST body An array of events. Each event must have the following format. {"messages": [{ "text": optional, message text as a string, "timestamp": optional, timestamp encoded as number of milliseconds since Unix epoch in UTC, "fields": optional array of [{ "name": the name of the field, "content": optional, the content of the field, "startposition": optional, the start position in the "text", "length": optional, the length of the string in the "text", },...] },...] } Note The vrealize Log Insight server compares the "timestamp" you provide with the local time on the vrealize Log Insight server. If you provide a "timestamp" outside of the default 10 minutes tolerated drift window, the vrealize Log Insight server ignores your "timestamp" and uses its local time. If "timestamp" is not present, vrealize Log Insight uses arrival time. Note If the "content" of a field is not present, then "startposition" and "length" must be present and must point to a valid position in the "text" field string. Return HTTP Values Name Type Description 200 OK Integer Standard HTTP response codes 400 Bad Request 500 Internal Server Error 503 Service Unavailable This response indicates that the server is overloaded. The Retry-After response header provides the suggested retry time in seconds. Example Request POST http://loginsight:9000/api/v1/messages/ingest/4c4c4544-0037-5910-805a-c4c04f585831 Host: loginsight:9000 Connection: keep-alive Content-Type: application/json charset: utf-8 12 VMware, Inc.

Chapter 3 Using the vrealize Log Insight Ingestion API Content-Length:?? {"messages": [{ "fields": [ {"name": "Channel", "content": "Security"}, {"name": "EventID", "content": "4688"}, {"name": "EventRecordID", "content": "33311266"}, {"name": "Keywords", "content": "Audit Success"}, {"name": "Level", "content": "Information"}, {"name": "OpCode","content": "Info"}, {"name": "ProcessID", "content": "4"}, {"name": "ProviderName", "content": "Microsoft-Windows-Security-Auditing"}, {"name": "Task", "content": "Process Creation"}, {"name": "ThreadID", "content": "64"} ], "text": "A new process has been created.", "timestamp": 1396622879241 } ] } Example Response HTTP/1.1 200 OK {"status":"ok","message":"messages ingested","ingested":18} The vrealize Log Insight REST API The REST API provides programmatic access to vrealize Log Insight and to the data it collects. You can use the API to insert events into the vrealize Log Insight data store, to query for events and to change product configuration. You can also use the API to install or upgrade vrealize Log Insight. For more information, see the vrealize Log Insight API reference at https://www.vmware.com/go/loginsight/api. VMware, Inc. 13

vrealize Log Insight Developer Resources 14 VMware, Inc.

Index A api, use 9 API messages/ingest service 11 events/ingest service 9 E enforce SSL connection 7 I intended audience 5 R REST API, reference 13 VMware, Inc. 15

vrealize Log Insight Developer Resources 16 VMware, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback