For those of you who have followed my blog you will know that I deal with Log Insight quite a bit in our production environments. Because of this I was excited that in the latest release of Log Insight 3.3 there are several new Configuration API’s released under Tech Preview status. That said, the documentation around these APIs is very difficult to nail down. The exciting part is that I’ve just uploaded a new and unofficial standalone audit and remediation tool to my github repo! As always this code is my personal code and not supported or officially recognized by VMware.
Here’s how it works:
The tool reads the desired state of your Log Insight Server from a JSON file that you define. It can use that file to then connect to the Log Insight Server and audit it to see if it matches your desired state. If you wish you can throw in the -r switch and the script will make the Log Insight Server match your desired state.
Let’s see it in action:
First up, let’s pull up the embedded documentation by running the script with the -d switch to see what the JSON file needs to look like. I’ve taken pains to try and include complex examples so that you won’t be left in the dark on anything.
After creating a new JSON file with our desired state it’s time to run the tool in audit only mode by just specifying the -f flag and the name of our JSON file. The results that come back are that we have several areas that need remediation (email, event forwarders) and 1 (content packs) that cannot be remediated yet (hopefully in a later version).
That’s all good but we want the tool to fix those issues so we append the -r flag
If you run the tool again the output comes back as all objects matching desired state but the nice thing is that you don’t need to run it again. Once the remediation HTTP POST is sent to the server the tool will automatically go back and query the server for the configuration to verify that your changes have been implemented and the server is now set correctly. It will then show you success in the message immediately following the remediation step.
The portions of Log Insight that the tool has the ability to configure are:
Event Forwarder Configuration
Active Directory Configuration
Content Packs (audit only right now)
Stay tuned as I plan on updating the tool over time as more APIs are released and as my python knowledge increases. In the meantime happy auditing and automatic remediation!
For those of you out there who use VMware vCloud Director and Log Insight you may be interested in a content pack that we have built for use by the OneCloud team to help make our cloud run smoother and to give us a ton of (wait for it) Insight into our environment. It’s been a work in progress for about 9 months off and on but has served us very well. I hope that it serves you just as well.
Here are some screenshots:
I hope that this content pack is able to help you better manage your VMware vCloud Director environment. You can download the Content Pack here
just be aware that this is not released by VMware and is not supported by them. Like everything else on my blog it just came from a random blogger on the internet 🙂