Cybersecurity
DevOps Cloud
IT Operations Cloud
Hi, below is a simple shell script to retrieve useful metrics from ArcSight Logger using an undocumented endpoint utilized by the WebUI:
API_USER='xxx'
API_PASS='xxx'
# Login
SESSIONID=$(curl -sk 'https://localhost:9000/core-service/rest/LoginService/login?' -X POST -d "login=$API_USER&password=$API_PASS" -H 'Content-type: application/x-www-form-urlencoded' -c- | grep session_string | awk '{print $7}')
# Request API
curl -ks https://localhost:9000/logger/restApi/loggerNavBar/navBarStats -H 'Accept: application/json, text/plain, */*' -H 'Cookie: com.arcsight.product.platform.logger.client.session.SessionContext.productName=Logger; com.arcsight.product.platform.logger.client.session.SessionContext.arcsightProductName="ArcSight Logger"; session_string='"$SESSIONID"
# Logout
curl -ks 'https://localhost:9000/core-service/rest/LoginService/logout?authToken='"$SESSIONID" -o /dev/null
This Endpoint is used by the WebUI to display the EPS In, EPS Out and CPU in the top-right corner of the interface, and can be used to store these metrics on Zabbix, Nagios, etc...