可以在 VMware Aria Operations for Logs 中配置 Webhook 服务器。

过程

  1. 登录到 VMware Aria Operations for Logs,然后从左侧窗格中的警示下选择 Webhook
  2. Webhook 页面上,单击新建 Webhook 以添加新的 Webhook。
  3. 输入所需的详细信息。
    名称 VMware Aria Operations for Networks 丢弃的流警示
    端点 自定义
    Webhook URL 从 Operations for Networks 添加源页面复制。例如,https://webhook_user:*****************@vrni-appliance/webhooks/loginsight/alert
    内容类型 JSON
    操作 Post
    Webhook 负载
    {
    "AlertType": 1,
    "AlertName": "${AlertName}",
    "SearchPeriod": ${SearchPeriod},
    "HitOperator": ${NumHits},
    "messages": ${messages}
    }
    
    注: 确保完全按上述方式添加 Webhook 负载。
  4. 更新 /etc/hosts 文件以将 VMware Aria Operations for Networks 与 Webhook 服务器连接。
    注: 您必须具有 sudo/root 权限才能更新 /etc/hosts 文件。
    例如,
    ssh [email protected]
    VMware Aria Operations for Logs
    [email protected]'s password: 
    Last login: Tue Jun 14 03:31:14 UTC 2022 from 172.31.1.73 on pts/0
    Last login: Tue Jun 14 09:15:08 2022 from 172.31.1.46
    root@vRLI-8 [ ~ ]# cat /etc/hosts
    # Begin /etc/hosts (network card version)
    # End /etc/hosts (network card version)
    # VAMI_EDIT_BEGIN
    # Generated by Studio VAMI service. Do not modify manually.
    127.0.0.1   vRLI-8 localhost
    10.253.241.206 vrni-appliance
    ::1   vRLI-8 localhost ipv6-localhost ipv6-loopback
    # VAMI_EDIT_END
    root@vRLI-8 [ ~ ]#