One of the newest features in Aria Operations for Logs is the ability to run queries and make changes to your instances via API calls. This is very useful for teams who want to leverage a DevOps mindset for Aria Logs and script as many day-to-day tasks as possible. We know that writing API calls can get tricky for a lot of operations teams, so my fantastic colleague Munishpal Makhija has created a set of Powershell cmdlets to call the Aria Logs APIs and run many of our API calls in an easy and pre-packaged way. Let’s run some of his scripts now to understand how they work and the output you can get from them.
1. Getting your API token from the Cloud Services Portal
We’ll want to begin by getting an API token from the CSP. Following these instructions, we navigate to the account section of the CSP, and then to ‘API Tokens’. I don’t have any tokens yet, so I will generate a new one.
In the new token screen, I need to specify a token name, time to live, and what I have access to with the token. In this case, we only need to select ‘vRLIC admin’. Once we fill out the necessary fields, we can generate the token by clicking ‘Generate’ at the bottom of the screen.
We should then get a popup window with our token. Copy it somewhere secure, like a password safe. I’ve blocked out my token below, but it will be in the black box.
2. Using the PowershellvRLI Scripts
Now with our token in hand, we can use the PowervRLI scripts. I have installed the cmdlets straight from the Powershell Gallery, but if your organization blocks downloading from the gallery, you might have to grab the scripts manually from the Github page on Munishpal’s blog.
Once you have the scripts installed locally, start by inputting the API key from the CSP with the ‘Connect-vRLI-Cloud’ command. It will prompt you for the API key, and you can paste it in and hit enter. You should then be connected to your Aria Logs cloud instance.
Now that we’re connected, let’s assume your security team asked for a list of alerts in Aria Logs that have to do with auditing user events. We can run the ‘Get-AlertDefinitions’ cmdlet and look for the string ‘Audit’. I added some logic at the end to only show the alert definition names, and none of the other details. You can export the output to a file and hand it off to the security team for analysis.
Next, lets run a query via the API to get some auditing events from our Aira Logs environment. We need to write our query in SQL format as a variable, then pass it to Aria Logs to run, and then grab the output. That can be done with the set of commands below.
When we run those three commands, we will get the events as output on the screen that we can then send somewhere else, depending on need, for further review or actioning.
Conclusion
I hope that was a helpful primer to get you started using the Aria Operations for Logs API. There are some very powerful functions included in our APIs if you know how to take full advantage of them, and we will be adding more functionality in future releases as well. As always, feedback is welcome and be sure to visit https://www.munishpalmakhija.com/ for more great code and content from Munishpal Makhija, our Aria Operations guru!