Forum Discussion

mhashemi's avatar
4 years ago

Receiving alert via webhook

I would like to alert when Cisco Air Marshal detects a rogue access point and found this Postman workspace,which indicates that Cisco will post to a webhook. I also found a href="https://communities.logicmonitor.com/topic/2146-meraki-webhooks/" rel="">this LM communities post from 2018, which does not seem to have been implemented.

Am I missing something or will I have to post to some other webhook (maybe Cisco supports Teams or Slack, idk) and write some script to query to webhook target (e.g. Teams), looking for the alert message?

 

  • Anonymous's avatar
    Anonymous

    It really depends on what Cisco calls "webhooks". If they mean that the CAM could call a URL (with payload) when some event is detected by the CAM, then you would be providing LM credentials to the CAM so that when CAM makes the URL call (http post request with payload) it can authenticate with the API to make that call. The URL would be the push endpoint of the API. You'd need the ability to make a POST instead of a GET and you'd need to be able to supply a payload.

  • I do not know enough about webhooks in general, or Cisco's implementation specifically, to know if this is useful. We would need to have Cisco support authentication, right? I'm guessing I couldn't provide an LM API access id and key for authentication.

  • Anonymous's avatar
    Anonymous

    We don't support Push events yet, but we do support push metrics. https://www.logicmonitor.com/support/push-metrics/getting-started-push-metrics

    So, you could post to the url with the payload whenever a rogue AP is detected. The value would be 1. What you'd see is:

    1:00 - no data
    1:01 - no data
    1:02 - no data
    1:03 - 1                <==this is when the rogue AP was detected and CAM pushed a value of 1 to the push metrics API endpoint
    1:04 - no data
    1:05 - no data
    1:06 - no data
    1:07 - no data
    1:08 - no data

    So you could set a threshold of >=1 and don't set a no data alert.