java对接SCOM微软监控系统告警()

  本篇文章为你整理了java对接SCOM微软监控系统告警()的详细内容,包含有 java对接SCOM微软监控系统告警,希望能帮助你了解 java对接SCOM微软监控系统告警。

  项目上需要对接scom微软监控系统告警,能够拿到手的资料十分有限,只有几个官方文档地址:

  Operations Manager REST API Reference - Operations Manager REST API Microsoft Learn

  SCOM: Quick Start - REST API - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

  SCOM告警仪表盘页面展示:
 

  仅支持 System Center Operations Manager 1801 及以上版本有RESTAPI,千万注意;

  官网正好有一个获取告警的示例,但是是powershell版本的:

  

#Set Headers for the request

 

  $userName ="domain\username";

  $password ="Password";

  $AuthenticationMode= "Network"

  $scomHeaders = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”

  $scomHeaders.Add(Content-Type,application/json; charset=utf-8)

  $bodyraw = "($AuthenticationMode):$($userName):$($password)” //官网这里写的还有问题,少了个$

  $Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)

  $EncodedText =[Convert]::ToBase64String($Bytes)

  $jsonbody = $EncodedText ConvertTo-Json

  $uriBase = http:// scomserver /OperationsManager

  #Authenticate

  $auth = Invoke-WebRequest -Method POST -Uri $uriBase/authenticate -Headers $scomheaders -body $jsonbody -UseDefaultCredentials -SessionVariable $websession

  #Include CSRF Token

  $csrfTocken = $websession.Cookies.GetCookies($uriBase) ? { $_.Name -eq SCOM-CSRF-TOKEN }

  $scomHeaders.Add(SCOM-CSRF-TOKEN, [System.Web.HttpUtility]::UrlDecode($csrfTocken.Value))

  #Examples to Invoke the required SCOM API

  #Data/alertDescription/{alertid}

  $alertid="6A88FBC1-0EDC-4173-9BB1-30FFEC296672"

  $uri = "$uriBase/data/alertDetails"

  $Response = Invoke-WebRequest -Uri "$uriBase/data/alertDetails/$alertid" -Headers $scomheaders -Method Get -WebSession $websession

  $Response.Content Convertto-json

  
#Criteria: Enter the displayname of the SCOM object

  $Criteria = "DisplayName LIKE %SQL%"

  #Convert our criteria to JSON format

  $JSONBody = $Criteria ConvertTo-Json

  $Response = Invoke-WebRequest -Uri "$uriBase/data/class/monitors" -Method Post -Body $JSONBody -WebSession $WebSession

  $Response.Content Convertto-json

  
$response = Invoke-WebRequest -Uri "$uriBase/monitoring/dashboard" -Headers $scomheaders -Method POST -Body $dashboardbody -ContentType "application/json" -UseDefaultCredentials -WebSession $websession

  

 

  流程就是:

  
第一步: 拿到username(用户名) password(账密码) AuthenticationMode(认证模式,示例中是Network) domain(域) 四个配置信息

  
第二步: 将信息按照 AuthenticationMode:domain\username:password 拼接在一起然后通过base64加密:

  "TmV0d29yazphYmNcYWRtaW51c2VyOlBXRDEyMw=="

  
第三步:调用认证接口 POST: http:// Servername /OperationsManager/authenticate ,将上一步的字符串放到请求体,Content-Type设置为application/json

  
第四步:将响应头的Set-Cookie里面的SCOM-CSRF-TOKEN 设置到请求头中,发起查询告警列表请求

  POST http:// Servername /OperationsManager/data/alert

  
刚开始以为是用户名密码或者权限问题,联系确认了web页面直接访问 http://IP/OperationsManager/ 该账号可以正常登录查询,有操作员权限,百思不得其解,意外打开F12发现页面上也是用的这个接口,于是决定抓包

  打开fidder/wireshark,抓包认证接口发现居然发起了三次请求

  查看response header

  反应过来原来还有一层NTLM认证,于是调整java代码,使用httpclient发起NTLM请求,核心代码如下:

  

 public static final String AUTH_URL = "/authenticate";

 

  // 获取NTLM认证client

  public CloseableHttpClient getBasicAuthHttpClient(String username, String password, String workStation, String domain) {

   CredentialsProvider provider = new BasicCredentialsProvider();

   NTCredentials ntCredentials = new NTCredentials(username, password, workStation, domain);

   provider.setCredentials(AuthScope.ANY, ntCredentials);

   return HttpClients.custom().setDefaultCredentialsProvider(provider).useSystemProperties().build();

  // 认证接口,获取token

  public String askForToken() {

   String result = "";

   HttpPost httppost = new HttpPost(baseUrl + AUTH_URL);

   CloseableHttpClient basicAuthHttpClient;

   try {

   httppost.addHeader("Content-Type", "application/json;charset=UTF-8");

   BASE64Encoder base64Encoder = new BASE64Encoder();

   String encodedText = base64Encoder.encode((authMode + ":" + domain + "\\" + username + ":" + password).getBytes(StandardCharsets.UTF_8));

   httppost.setEntity(new StringEntity("\""+encodedText+"\"", DEFAULT_CHARSET));

   basicAuthHttpClient = getBasicAuthHttpClient(username, password, authMode, domain);

   HttpResponse response = basicAuthHttpClient.execute(httppost);

   Header[] headers = response.getHeaders("Set-Cookie");

   for (Header r : headers) {

   String value = r.getValue();

   if (value.startsWith("SCOM-CSRF-TOKEN")) {

   return value.split(";")[0].split("=")[1] ;

   if (log.isDebugEnabled()) {

   log.debug("Request url:{},Request Parameter:{},Response:{}", baseUrl + AUTH_URL, encodedText, result);

   } catch (Exception e) {

   throw new SystemException(e);

   return result;

  

 

  非常顺利,成功拿到token,然后遭遇了新的问题

  
问题二 :查询告警接口依然401

  查询告警http://ip/OperationsManager/data/alert,直接拿上一步获取的token加入请求Header中,

  

SCOM-CSRF-TOKEN: yjihbfEsRFLd9fMRgT_Rxf4MzDiact3jgvyXZBrMnQRA4MoKtaO8_si891ahn6Pm98SJltLoiQYQrEENBWhJXX5WkQbLa2hqI6gVG96Hj0Y1%3a5dV5XX9rOLp5850DHjRsJ93ioKTP_Fw2AakOi1QN35SI_Vr0nBYrw4n8bUzh_vbNLxKIek_7w9lHSlftqOA0TfKs6Rs0oU7O3w8GIegHvpPtYt_0fTgktvzq4nL7MTxF0

 

  

 

  过滤条件官网给的非常模糊没有解释,这里直接跟scom控制台保持一致,请求体:

  

{"classId":null,"objectIds":{},"criteria":"((Severity = 0) OR (Severity = 1) OR (Severity = 2)) AND ((Priority = 2) OR (Priority = 1) OR (Priority = 0)) AND ((ResolutionState != 255)) AND TimeRaised = Sun, 30 Jan 2022 07:34:42 GMT","displayColumns":["severity","monitoringobjectdisplayname","name","lastmodified","description","sitename","alertsource","netbiosdomainname"]}

 

  

 

  依然抓包页面请求,发现依然发起三个

  
 

  所以NTLM每个请求都要用上一步的getBasicAuthHttpClient()返回的client来发起请求

  问题三: 报错 索引超出了数组界限

  排查发现是header中的SCOM-CSRF-TOKEN需要先URLDecoder一下,不然会解析报错。

  SCOM-CSRF-TOKEN: yjihbfEsRFLd9fMRgT_Rxf4MzDiact3jgvyXZBrMnQRA4MoKtaO8_si891ahn6Pm98SJltLoiQYQrEENBWhJXX5WkQbLa2hqI6gVG96Hj0Y1:5dV5XX9rOLp5850DHjRsJ93ioKTP_Fw2AakOi1QN35SI_Vr0nBYrw4n8bUzh_vbNLxKIek_7w9lHSlftqOA0TfKs6Rs0oU7O3w8GIegHvpPtYt_0fTgktvzq4nL7MTxF0

  问题四:提示会话已过期

  到这里我们已经接近成功了,原因是因为光设置token到Header还不够,还要请求的时候还需要携带Cookie,把第一步认证接口返回的Set-Cookie里面的值设置到Cookie中,

  

httppost.addHeader("Content-Type", "application/json;charset=UTF-8");

 

  httppost.addHeader("SCOM-CSRF-TOKEN", token);//这个token需要decode

  httppost.addHeader("Cookie", "SCOM-CSRF-TOKEN="+originToken+";SCOMSessionId="+sessionId+";SCOMUserStatus=loggedIn"); //这个token不需要decode

  

 

  响应格式:

  

{

 

   "tableColumns": [

   "field": "ageinmilliseconds",

   "header": "",

   "type": null,

   "hidden": true

   "field": "severity",

   "header": "Severity",

   "type": null,

   "hidden": false

   "field": "monitoringobjectdisplayname",

   "header": "Source",

   "type": null,

   "hidden": false

   "field": "monitoringobjectpath",

   "header": "Path",

   "type": null,

   "hidden": false

   "field": "name",

   "header": "Name",

   "type": null,

   "hidden": false

   "field": "age",

   "header": "Age",

   "type": null,

   "hidden": false

   "field": "description",

   "header": "Description",

   "type": null,

   "hidden": false

   "field": "owner",

   "header": "Owner",

   "type": null,

   "hidden": false

   "field": "timeadded",

   "header": "Created",

   "type": null,

   "hidden": false

   "field": "id",

   "header": "Id",

   "type": null,

   "hidden": true

   "rows": [

   "id": "d3144ac9-4316-45ce-94b9-f50936219e24",

   "severity": "Error",

   "monitoringobjectdisplayname": "Test Service Group",

   "monitoringobjectpath": null,

   "name": null,

   "age": "6137 days, 6 hours",

   "ageinmilliseconds": 530260033217.2775,

   "description": "",

   "owner": "DXPSQYVCYBXGIUDZJZVWNLFDYEKA",

   "timeadded": "2022-05-17T03:29:36.7330000Z"

   "id": "d3144ac9-4316-45ce-94b9-f50936219e24",

   "severity": "Error",

   "monitoringobjectdisplayname": "Test Service Group",

   "monitoringobjectpath": null,

   "name": null,

   "age": "6137 days, 6 hours",

   "ageinmilliseconds": 530260149093.94025,

   "description": "",

   "owner": "DXPSQYVCYBXGIUDZJZVWNLFDYEKA",

   "timeadded": "2022-05-17T03:29:36.7330000Z"

  

 

  解析告警,做属性转换:

  

alarmId- 告警唯一ID

 

  netbioscomputername- 计算机名(可能为空)

  monitoringobjectdisplayname- 源

  description- 告警描述

  lastmodified- 上次更新时间

  principalname- 站点

  severity- 告警级别

  

 

  1.获取认证信息,确认认证方式是否开启NTLM

  2.发起认证NTLM请求,从response header获取SCOM-CSRF-TOKEN,以及SCOMSessionId

  3.发起查询告警请求,将上一步的token urldecode后设置到request header,将原始token和sessionId设置到Cookie

  以上就是java对接SCOM微软监控系统告警()的详细内容,想要了解更多 java对接SCOM微软监控系统告警的内容,请持续关注盛行IT软件开发工作室。

郑重声明:本文由网友发布,不代表盛行IT的观点,版权归原作者所有,仅为传播更多信息之目的,如有侵权请联系,我们将第一时间修改或删除,多谢。

留言与评论(共有 条评论)
   
验证码: