For those of you who are interested I have updated the API based audit and remediation tool with a couple new features. After all, what is the use of automation if it isn’t user friendly?
1. Better error handling of remediation errors: In the past you would just get a message to the effect of “Something went wrong” but now the tool will pass the HTTP status code and Error Details from the Log Insight Server’s response to your remediation request. In the below example you can see this in action.
2. Now includes a wizard to help build a simplified JSON configuration file! Now, without having to create a single bit of JSON you can quickly get value from the tool. The wizard is simplified because let’s be honest, if you want the wizard you don’t want to answer 250 questions. Because of this some things are assumed/disabled. If you want them then you can simply add it to the code or use the template in the included docs (use the -d switch).
I hope that this helps you get started in seeing the value of using Configuration APIs to manage your Log Insight Servers!
For those of you who have followed my blog you will know that I deal with Log Insight quite a bit in our production environments. Because of this I was excited that in the latest release of Log Insight 3.3 there are several new Configuration API’s released under Tech Preview status. That said, the documentation around these APIs is very difficult to nail down. The exciting part is that I’ve just uploaded a new and unofficial standalone audit and remediation tool to my github repo! As always this code is my personal code and not supported or officially recognized by VMware.
Here’s how it works:
The tool reads the desired state of your Log Insight Server from a JSON file that you define. It can use that file to then connect to the Log Insight Server and audit it to see if it matches your desired state. If you wish you can throw in the -r switch and the script will make the Log Insight Server match your desired state.
Let’s see it in action:
First up, let’s pull up the embedded documentation by running the script with the -d switch to see what the JSON file needs to look like. I’ve taken pains to try and include complex examples so that you won’t be left in the dark on anything.
After creating a new JSON file with our desired state it’s time to run the tool in audit only mode by just specifying the -f flag and the name of our JSON file. The results that come back are that we have several areas that need remediation (email, event forwarders) and 1 (content packs) that cannot be remediated yet (hopefully in a later version).
That’s all good but we want the tool to fix those issues so we append the -r flag
If you run the tool again the output comes back as all objects matching desired state but the nice thing is that you don’t need to run it again. Once the remediation HTTP POST is sent to the server the tool will automatically go back and query the server for the configuration to verify that your changes have been implemented and the server is now set correctly. It will then show you success in the message immediately following the remediation step.
The portions of Log Insight that the tool has the ability to configure are:
Event Forwarder Configuration
Active Directory Configuration
Content Packs (audit only right now)
Stay tuned as I plan on updating the tool over time as more APIs are released and as my python knowledge increases. In the meantime happy auditing and automatic remediation!