Undocumented Logger API Endpoint

0 Likes

Hi, below is a simple shell script to retrieve useful metrics from ArcSight Logger using an undocumented endpoint utilized by the WebUI:

API_USER='xxx'
API_PASS='xxx'

# Login
SESSIONID=$(curl -sk 'https://localhost:9000/core-service/rest/LoginService/login?' -X POST -d "login=$API_USER&password=$API_PASS" -H 'Content-type: application/x-www-form-urlencoded' -c- | grep session_string | awk '{print $7}')

# Request API
curl -ks https://localhost:9000/logger/restApi/loggerNavBar/navBarStats  -H 'Accept: application/json, text/plain, */*'  -H 'Cookie: com.arcsight.product.platform.logger.client.session.SessionContext.productName=Logger; com.arcsight.product.platform.logger.client.session.SessionContext.arcsightProductName="ArcSight Logger"; session_string='"$SESSIONID"

# Logout
curl -ks 'https://localhost:9000/core-service/rest/LoginService/logout?authToken='"$SESSIONID" -o /dev/null

This Endpoint is used by the WebUI to display the EPS In, EPS Out and CPU in the top-right corner of the interface, and can be used to store these metrics on Zabbix, Nagios, etc...

Labels:

Support Tips/Knowledge Docs
Related
Recommended