Log Insight customers have often shared with us that they have a need to send alerts through webhooks to various services hosted outside of their intranet, for example Slack or PagerDuty. In order to set this up customers need to provide direct internet access to vRealize Log Insight appliance(s) or configure redirection at the network level, which isn’t convenient and often makes their security teams uncomfortable. To fix this issue Log Insight will now have proxies for webhooks implemented in vRealize Log Insight with configuration exposed via UI and REST API.

Web proxy configuration will be stored in internal configuration and distributed internally among the cluster nodes like other internal config parameters.

In order to use this feature in Log Insight you will need admin level user permissions:

Firstly, create a new proxy under Configuration \ Proxy

Add Proxy
  • Next enter the details of the proxy :
  • name – required
  • host – required
  • port – required
  • username – optional
  • password – optional
Add Proxy Details
  • Test and Save the proxy.
  • Add your proxy to the webhook configuration under Alerts \ Webhook
Add Proxy to Webhook Configuration
  • Select Test Alert to test the proxy. Note – Certificate for the endpoint and for the proxy itself, both have to be trusted for the connection to succeed.
  • Now your webhook with proxy is ready for use in alert notifications

When setting up your webhook configuration you have the option to select Log Payload as Individual Logs or Log Stream

Individual Logs in Webhooks
Individual Logs or Log Stream

The Logs section in the received notification will show the log message(s) that triggered the alert at the endpoint.

Slack alert via webhook proxy

The Log Insight team is always open to suggestions and improvements based on your feedback, so do give this feature a try and provide feedback via official channels if any …!

Comments

Leave a Reply

Your email address will not be published.