Forum Discussion

MaxJamakovic's avatar
MaxJamakovic
4 years ago

PowerShell Script for Alert

$headers = @{
    Accept = 'application/json'
    'Content-Type' = 'application/json'
}

$username = "appUser"
$password = "base64 encodedPassword"

$body = @{username=$username;password=$password;}

$response = Invoke-RestMethod 'https://localhost/webconsole/api/Login' -Method 'POST' -Headers $headers -Body $($body | ConvertTo-Json)

$token = $response | Select-Object -ExpandProperty token

$headers = @{
    Authtoken = $token
    Accept = 'application/json'
}

$response = Invoke-RestMethod 'https://localhost/webconsole/api/DDBInformation/8' -Method 'GET' -Headers $headers
$response.dedupDBInfo.subStoreList.avgQITime -gt "1400"

 

 

Hi I'm new to Logic Monitor what do I need to modify in this script so that can be run from collector, the script retrieves the token  and inserts that token in next command, but I need to modify so that this user gets credentials from logic monitor service account. This REST API is using base64 encoded password to obtain token.

I need help with adding the logic monitor service account and write output to logic monitor, the script returns nothing if value is less than 1400 if grater than 1400 to trigger alert.

 

  • Mike_Moniz's avatar
    Mike_Moniz
    Icon for Professor rankProfessor
    4 years ago

    If you are referring to the service account that the LogicMonitor Collector Windows Service is running, then the collector will not know what the password is because Windows doesn't store the real service password itself but some hash of it. This isn't unique to LogicMonitor but services in general. Does the website support NTLM auth? If that is supported then I think you can write it in a way to have powershell pass the hash. But for something like this I would create special device properties like ddbinfoweb.user and ddbinfoweb.pass (you can make up the first part of the name) then have the script use these properties for creds using something like $username = "##ddbinfoweb.user##".

  • Mike_Moniz's avatar
    Mike_Moniz
    Icon for Professor rankProfessor
    4 years ago

    Ok, if you already have the username and password in a device property/token you can use code like this to convert the password to hex (I didn't test this): 

    $Username = '##ddbinfoweb.user##'
$PasswordRaw = '##ddbinfoweb.pass##'
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($PasswordRaw)
$Password = [Convert]::ToBase64String($Bytes)
$Body = @{username=$Username;password=$Password}
...
  • Mike_Moniz's avatar
    Mike_Moniz
    Icon for Professor rankProfessor
    4 years ago

    Something like that, but you would need to remove your old $username, $password and $body lines.

    Also I noticed that you are attempting to do the comparison to > 1400 directly in the script. I suggest instead you output the value directly like avgQITime=XXXXX then let LogicMonitor check if it's >1400. That would also let you have multiple thresholds for different levels, like for example >1000 is warning, >1400 is critical, etc.

     

  • MaxJamakovic's avatar
    MaxJamakovic
    4 years ago

    Hi Mike, the user is not service account, it's local user account to log in to application website. that same use is also added to logic monitor under device properties. I'm not sure if supports NTLM but to get the token user password must be Base64 Encoded Password 

     
  • MaxJamakovic's avatar
    MaxJamakovic
    4 years ago
    $Username = '##ddbinfoweb.user##'
$PasswordRaw = '##ddbinfoweb.pass##'
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($PasswordRaw)
$Password = [Convert]::ToBase64String($Bytes)
$Body = @{username=$Username;password=$Password}

$headers = @{
    Accept = 'application/json'
    'Content-Type' = 'application/json'
}

$username = "appUser"
$password = "base64 encodedPassword"

$body = @{username=$username;password=$password;}

$response = Invoke-RestMethod 'https://localhost/webconsole/api/Login' -Method 'POST' -Headers $headers -Body $($body | ConvertTo-Json)

$token = $response | Select-Object -ExpandProperty token

$headers = @{
    Authtoken = $token
    Accept = 'application/json'
}

$response = Invoke-RestMethod 'https://localhost/webconsole/api/DDBInformation/8' -Method 'GET' -Headers $headers
$response.dedupDBInfo.subStoreList.avgQITime -gt "1400"

     to position on very top? 

  • Anonymous's avatar
    Anonymous
    4 years ago
    On 9/27/2021 at 2:31 PM, Mike Moniz said:

    I suggest instead you output the value directly like avgQITime=XXXXX then let LogicMonitor check if it's >1400.

    I second this. It would also allow you to trend the metric over time and add dynamic thresholds.