Network Event Monitoring with NetFoundry API

 

Utilization of NetFoundry API for Network Event Monitoring

Subscription to NetFoundry Network Events (via email /messaging) is currently not available. However, utilization of the NetFoundry API to retrieve a set of Network Events can be done as introduced in the Public API documentation at the link: 

https://gateway.production.netfoundry.io/rest/v1/docs/index.html#overview-metrics-and-events

As noted there, several types of metrics, events, and alarms are provided.   The data is hosted in an Elasticsearch database for retrieval.  Information on Elasticsearch and queries is provided in the link in that section: 

Elasticsearch search API documentation

 

Useful Endpoint Status Searches:

A NetFoundry Network Administrator may want to observe when endpoints (clients and gateways) go online/offline from the Network Controller.  To do this the following data returned in the search will be relevant.

The data is retrieved from the underlying Network Transport technology with somewhat different nomenclature. This can be translated.

VTC represents any endpoint in the NetFoundry Network (Endpoint, either Netfoundry Client or Netfoundry Gateway, or Netfoundry Transfer Nodes and Session Controllers) 

The commonName or resourceName will help identify the actual named Endpoint as it is assigned in console or API for Endpoint creation.

For online/offline status the following can be searched for after doing a query. Or if specific items are required, the query can utilize one or more of these search criteria.

eventDescription values: VTC Offline, VTC Online

 

Some items of note that are useful to retrieve for VTC Online, VTC Offline

"eventType": "Status",

"eventDescription": "VTC Offline",

"commonName": "Smith-John-Mac2",
"resourceName": "Smith-John-Mac2",

An example query of the Network Controller events is shown below. Note: the request is a POST with Authentication via the NetFoundry API bearer token.

The data for network events can be queried based on time (up to 90 days stored on system), type, specific event, endpoint name.

To obtain notification of new endpoints (clients, gateways) coming online or going offline, software can utilized the API to periodically collect the Events filtered for VTC Offline, VTC Online.  Then they can be sent to a notification system (message, email) for processing.

 

Example Query

This example requests the return of 10 (note:  "size" : 10, this can be modified to user's choice) Network controller raw events from the last 24 hours (Note: "@timestamp" : {"gte" : "now-24h","lte" : "now",) for the customer network id.  This is provided in the url also {organizationId} should be the UUID of the customer organization.

Example Request

POST
[{"key":"Content-Type","value":"application/json","description":""}]
[{"key":"Authorization","value":"Bearer eyJ0eXiLCJhb1N . . . xsIE6uoew3xeh5Q"}]

https://gateway.production.netfoundry.io/rest/v1/elastic/ncentityevent/{organizationId}/_search/

{
"query" : {
"bool" : {
"must" : [ {
"query_string" : {
"query" : "*",
"analyze_wildcard" : true
}
}, {
"match_phrase" : {
"tags.keyword" : {
"query" : "customer"
}
}
}, {
"range" : {
"@timestamp" : {
"gte" : "now-24h",
"lte" : "now",
"format" : "epoch_millis"
}
}
}, {
"match_phrase" : {
"networkId" : {
"query" : "c2c2398a-69ae-4247-a5d9-5046ddfd270d"
}
}
} ],
"must_not" : [ {
"match_phrase" : {
"changeType" : {
"query" : "soft"
}
}
} ]
}
},
"size" : 10,
"sort" : [ {
"@timestamp" : {
"order" : "desc",
"unmapped_type" : "boolean"
}
} ],
"_source" : {
"excludes" : [ ]
}
}


Example response:

{
"took": 419,
"timed_out": false,
"_shards": {
"total": 609,
"successful": 609,
"skipped": 607,
"failed": 0
},
"hits": {
"total": 134,
"max_score": null,
"hits": [
{
"_index": "ncentityevent-2019.07.15",
"_type": "doc",
"_id": "4HX59WsBl_ooq9SC4uoV",
"_score": null,
"_source": {
"eventType": "Status",
"vtcId": "CL-7273ad50-f90a-4325-82e3-66beff3a8664",
"os": "Darwin.17.x86_64",
"resourceId": "CL-7273ad50-f90a-4325-82e3-66beff3a8664",
"lastActivity": "2019-07-15 14:10:43",
"eventSeverity": "Info",
"type": "ncentityevent",
"eventSource": "Network",
"tags": [
"customer",
"ncmetrics"
],
"version": "3.6.6.11066",
"agentVersion": 1,
"target_index": "ncentityevent-2019.07.15",
"@timestamp": "2019-07-15T14:12:02.389Z",
"organizationId": "82d70e3f-deda-469f-be1a-9c40561ede5d",
"changeType": "hard",
"geo": {
"latitude": 35.0508,
"dma_code": 517,
"country_name": "United States",
"longitude": -80.8186,
"country_code2": "US",
"country_code3": "US",
"location": {
"lon": -80.8186,
"lat": 35.0508
},
"region_name": "North Carolina",
"city_name": "Charlotte",
"region_code": "NC",
"continent_code": "NA",
"ip": "172.72.145.44",
"postal_code": "28277",
"timezone": "America/New_York"
},
"resourceType": "Client",
"commonName": "Smith-John-Mac2",
"resourceName": "Smith-John-Mac2",
"lastChanged": "2018-06-19 20:51:01",
"wpi": "126",
"s3index": "ncentityevent",
"ip": "172.72.145.44",
"eventDescription": "VTC Offline",
"environment": "production",
"@version": "1",
"networkId": "c2c2398a-69ae-4247-a5d9-5046ddfd270d",
"port": "52027"
},
"sort": [
1563199922389
]
},
{
"_index": "ncentityevent-2019.07.15",
"_type": "doc",
"_id": "4XX59WsBl_ooq9SC4uoV",
"_score": null,
"_source": {
"eventType": "Status",
"vtcId": "CL-894e8020-cc20-486c-97c8-eda163178330",
"os": "WIN64",
"resourceId": "CL-894e8020-cc20-486c-97c8-eda163178330",
"lastActivity": "2019-07-15 14:10:31",
"eventSeverity": "Info",
"type": "ncentityevent",
"eventSource": "Network",
"tags": [
"customer",
"ncmetrics"
],
"version": "3.6.6.11077",
"agentVersion": 1,
"target_index": "ncentityevent-2019.07.15",
"@timestamp": "2019-07-15T14:12:02.389Z",
"organizationId": "82d70e3f-deda-469f-be1a-9c40561ede5d",
"changeType": "hard",
"geo": {
"latitude": 12.9833,
"country_name": "India",
"longitude": 77.5833,
"country_code2": "IN",
"country_code3": "IN",
"location": {
"lon": 77.5833,
"lat": 12.9833
},
"region_name": "Karnataka",
"city_name": "Bengaluru",
"region_code": "KA",
"continent_code": "AS",
"ip": "103.5.134.75",
"timezone": "Asia/Kolkata"
},
"resourceType": "Client",
"commonName": "Jones-Julie-PC",
"resourceName": "Jones-Julie-PC",
"lastChanged": "2019-07-10 14:37:43",
"wpi": "242",
"s3index": "ncentityevent",
"ip": "103.5.134.75",
"eventDescription": "VTC Online",
"environment": "production",
"@version": "1",
"networkId": "c2c2398a-69ae-4247-a5d9-5046ddfd270d",
"port": "59108"
},
"sort": [
1563199922389
]
},
{
"_index": "ncentityevent-2019.07.15",
"_type": "doc",
"_id": "5Bjw9WsBphDk7MAzvWKD",
"_score": null,
"_source": {
"eventType": "Status",
"vtcId": "CL-7273ad50-f90a-4325-82e3-66beff3a8664",
"os": "Darwin.17.x86_64",
"resourceId": "CL-7273ad50-f90a-4325-82e3-66beff3a8664",
"lastActivity": "2019-07-15 14:00:44",
"eventSeverity": "Info",
"type": "ncentityevent",
"eventSource": "Network",
"tags": [
"customer",
"ncmetrics"
],
"version": "3.6.6.11066",
"agentVersion": 1,
"target_index": "ncentityevent-2019.07.15",
"@timestamp": "2019-07-15T14:02:03.269Z",
"organizationId": "82d70e3f-deda-469f-be1a-9c40561ede5d",
"changeType": "hard",
"geo": {
"latitude": 35.0508,
"dma_code": 517,
"country_name": "United States",
"longitude": -80.8186,
"country_code2": "US",
"country_code3": "US",
"location": {
"lon": -80.8186,
"lat": 35.0508
},
"region_name": "North Carolina",
"city_name": "Charlotte",
"region_code": "NC",
"continent_code": "NA",
"ip": "172.72.145.44",
"postal_code": "28277",
"timezone": "America/New_York"
},
"resourceType": "Client",
"commonName": "Smith-John-Mac2",
"resourceName": "Smith-John-Mac2",
"lastChanged": "2018-06-19 20:51:01",
"wpi": "126",
"s3index": "ncentityevent",
"ip": "172.72.145.44",
"eventDescription": "VTC Online",
"environment": "production",
"@version": "1",
"networkId": "c2c2398a-69ae-4247-a5d9-5046ddfd270d",
"port": "52027"
},
"sort": [
1563199323269
]
},
 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.