Skip to content

Log Insight Webhook Shim Updated

In Log Insight 3.3, webhooks were introduced as an alert type. Shortly after the Log Insight 3.3 announcement, Alan Castonguay and I published some webhook shims that could be used with Log Insight to provide integration to a variety of third-party destinations. I am happy to announce a major update to the existing shim including support for vRealize Operations Manager. Read on to learn more!
webhook-512

Background

Webhooks provide a simple and extensible way to map Log Insight alerts to third-party actions. Of course, you need to translate webhooks from the output format of Log Insight into the input format of the third-party destination. This can be done via a shim.
As part of the 1.0 shim made available on GitHub, the following integrations were possible:

  • PagerDuty
  • Slack
  • Socialcast

NOTE: Socialcast offers native integration meaning use of a shim is not required

Update

Since the shim’s release, several people have contributed additional integrations. At this point, version 2.1 of the shim has been published and contains even more integrations including:

  • Bugzilla
  • HipChat
  • Jenkins
  • OpsGenie
  • ServiceNow
  • PushBullet
  • vRealize Orchestrator
  • ZenDesk

Not only that, but some new features have been added as well including:

  • Ability to accept incoming vRealize Operations Manager REST plugin┬ánotifications
  • Ability to use basic auth for incoming webhooks to third-party destinations from the shim
  • Support for encrypted traffic (https in addition to http)
  • Ability to specify web server port for shim
  • Ability to support Log Insight test alerts (works for vRealize Operations Manager as well)
  • Ability to support multiple teams/channels with Slack integration (works with HipChat as well)

As you can see, this is a major update! Of course, given the change to the existing Slack integration, it is recommended you test the update before applying to your environment.

vRealize Operations Manager REST plugin

One of the big changes in the updated shim is that it now supports output from the vRealize Operations Manager REST plugin. Let me walk you through how to configure this.
First, in vROps go to Administration > Outbound Settings > Select the green plus icon to add a new one > For plugin type select Rest Notification Plugin. Next, fill in all the options. Note, all fields are required even if you are not using them. Since outbound webhooks to the shim do not support authentication today, it does not matter what you input for the username and password fields. Also, if the shim is not configured to accept requests over TLS then the input for certificate thumbprint does not matter either. For content type, ensure you select JSON.
vrops-rest-test
In my example, I set the URL to point to /endpoint/test to validate the shim is receiving the data properly. With this configuration, I can hit the test button.
vrops-rest-test2
One known issue with this new integration is that vROps always displays an error when using the shim. I assume this is because of the fake authentication and certificate thumbprint options, but might also have to do with PUT requests versus POST requests. In either case, you can confirm the shim is working by checking the log output on the shim:

Bingo! As you can see, the test message from vROps was successfully received and parsed! The best part is all of the integrations into third-party products are supported for vROps REST notification plugins as well.

Summary

Webhooks are awesome and the updated shim now available for Log Insight and vRealize Operations Manager is a huge improvement. As always, you can get the latest version of the shims here. What do you think of the shim? What other integrations would you like to see? When will you contribute a new integration to the shim? Let me know in the comments!

© 2016, Steve Flanders. All rights reserved.

Published inVMware

8 Comments

  1. Paul S Paul S

    Another great post on shims Steve, we would love to get vROPs sending alert data to SCOM. Will this be possible?

    • Hey Paul, SCOM supports and API so this should be possible through a webhook. You could contribute a shim to the github project or suggest it for someone else to implement.

  2. mike mike

    Hello
    is there any way to use mutiple endpoints at the same time like slack and pd endpoints together

  3. Pramod Nair Pramod Nair

    Hello Steve,
    Is it possible for SHIM server to parse the source details also to vRO,
    I am working on multiple vROPS to Single vRO Mapping scenario, So in that case just i am worried when vRO will try to call the vROPS with alertID to fetch more details it will be confused as there will be multiple vROPS in the END bounded to same SHIM and vRO

    • Hey Pramod — I do not believe there is anything in the vROps payload that would assist, however getting source information from the incoming API request is possible. This is a good question for John Dias. Let me message him and let him reply as well.

    • Hi Pramod,
      It is indeed possible to get the source details. You could do this through a callback within the shim. In fact I implemented this in the Moogsoft shim if you want an example.
      To the second question, you might want to include a second input for your vRO workflow for the vROps source IP, which you could extract from the flask request data in the shim.

    • Pramod it is possible to get more source detail from vROps from the shim – see the Moogsoft shim as an example of making a callback into vROps for impacted resource properties.
      For your use case of multiple vROps instances, I would recommend adding an additional vRO workflow input for the source of the alert. You can grab the IP of the request source from the Flask request object.

Leave a Reply

Your email address will not be published. Required fields are marked *