java对接SCOM微软监控系统告警

java对接SCOM微软监控系统告警

背景

项目上需要对接scom微软监控系统告警,能够拿到手的资料十分有限,只有几个官方文档地址:

Operations Manager REST API Reference – Operations Manager REST API | Microsoft Learn

SCOM: Quick Start – REST API – TechNet Articles – United States (English) – TechNet Wiki (microsoft.com)

SCOM告警仪表盘页面展示:

注意事项

仅支持 System Center Operations Manager 1801 及以上版本有RESTAPI,千万注意;

对接过程

官网正好有一个获取告警的示例,但是是powershell版本的:

#Set Headers for the request
$userName ="domainusername";
$password ="Password";
$AuthenticationMode= "Network"
$scomHeaders = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”
$scomHeaders.Add("Content-Type","application/json; charset=utf-8")
$bodyraw = "($AuthenticationMode):$($userName):$($password)” //官网这里写的还有问题,少了个$
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)
$EncodedText =[Convert]::ToBase64String($Bytes)
$jsonbody = $EncodedText | ConvertTo-Json

$uriBase = "http://<scomserver>/OperationsManager"

#Authenticate
$auth = Invoke-WebRequest -Method POST -Uri $uriBase/authenticate -Headers $scomheaders -body $jsonbody -UseDefaultCredentials -SessionVariable $websession 
#Include CSRF Token
$csrfTocken = $websession.Cookies.GetCookies($uriBase) | ? { $_.Name -eq "SCOM-CSRF-TOKEN" }
$scomHeaders.Add("SCOM-CSRF-TOKEN", [System.Web.HttpUtility]::UrlDecode($csrfTocken.Value))

#Examples to Invoke the required SCOM API

#Data/alertDescription/{alertid}
$alertid="6A88FBC1-0EDC-4173-9BB1-30FFEC296672"
$uri = "$uriBase/data/alertDetails"
$Response = Invoke-WebRequest -Uri "$uriBase/data/alertDetails/$alertid" -Headers $scomheaders -Method Get -WebSession $websession
$Response.Content | Convertto-json



#Criteria: Enter the displayname of the SCOM object
$Criteria = "DisplayName LIKE "%SQL%""
#Convert our criteria to JSON format
$JSONBody = $Criteria | ConvertTo-Json
$Response = Invoke-WebRequest -Uri "$uriBase/data/class/monitors" -Method Post -Body $JSONBody -WebSession $WebSession
$Response.Content | Convertto-json


#Data Request in JSON Format
$dashboardbody="
{
  "refreshing": false,
  "Name": "TestAPIDashboard",
  "path": "35b6eba3-6202-8738-a47f-16acf476230f"
}"
$response = Invoke-WebRequest -Uri "$uriBase/monitoring/dashboard" -Headers $scomheaders -Method POST -Body $dashboardbody -ContentType "application/json" -UseDefaultCredentials -WebSession $websession

流程就是:

  • 第一步: 拿到username(用户名) password(账密码) AuthenticationMode(认证模式,示例中是Network) domain(域) 四个配置信息

  • 第二步: 将信息按照 AuthenticationMode:domainusername:password 拼接在一起然后通过base64加密:

    “TmV0d29yazphYmNcYWRtaW51c2VyOlBXRDEyMw==”

  • 第三步:调用认证接口 POST: http://<Servername>/OperationsManager/authenticate ,将上一步的字符串放到请求体,Content-Type设置为application/json

  • 第四步:将响应头的Set-Cookie里面的SCOM-CSRF-TOKEN 设置到请求头中,发起查询告警列表请求

    POST http://<Servername>/OperationsManager/data/alert

示例很美好,但是一试问题就来了,

  • 问题一: 认证接口访问时一直401

刚开始以为是用户名密码或者权限问题,联系确认了web页面直接访问 http://IP/OperationsManager/ 该账号可以正常登录查询,有操作员权限,百思不得其解,意外打开F12发现页面上也是用的这个接口,于是决定抓包

打开fidder/wireshark,抓包认证接口发现居然发起了三次请求

查看response header

反应过来原来还有一层NTLM认证,于是调整java代码,使用httpclient发起NTLM请求,核心代码如下:

  public static final String AUTH_URL = "/authenticate";
// 获取NTLM认证client
public CloseableHttpClient getBasicAuthHttpClient(String username, String password, String workStation, String domain) {
        CredentialsProvider provider = new BasicCredentialsProvider();
        NTCredentials ntCredentials = new NTCredentials(username, password, workStation, domain);
        provider.setCredentials(AuthScope.ANY, ntCredentials);
        return HttpClients.custom().setDefaultCredentialsProvider(provider).useSystemProperties().build();
}
// 认证接口,获取token
public String askForToken() {
    String result = "";
    HttpPost httppost = new HttpPost(baseUrl + AUTH_URL);
    CloseableHttpClient basicAuthHttpClient;
    try {
        httppost.addHeader("Content-Type", "application/json;charset=UTF-8");
        BASE64Encoder base64Encoder = new BASE64Encoder();
        String encodedText = base64Encoder.encode((authMode + ":" + domain + "\" + username + ":" + password).getBytes(StandardCharsets.UTF_8));
        httppost.setEntity(new StringEntity("""+encodedText+""", DEFAULT_CHARSET));
        basicAuthHttpClient = getBasicAuthHttpClient(username, password, authMode, domain);
        HttpResponse response = basicAuthHttpClient.execute(httppost);
        Header[] headers = response.getHeaders("Set-Cookie");
        for (Header r : headers) {
            String value = r.getValue();
            if (value.startsWith("SCOM-CSRF-TOKEN")) {
                return  value.split(";")[0].split("=")[1] ;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Request url:{},Request Parameter:{},Response:{}", baseUrl + AUTH_URL, encodedText, result);
        }
    } catch (Exception e) {
        throw new SystemException(e);
    }
    return result;
}

非常顺利,成功拿到token,然后遭遇了新的问题

  • 问题二 :查询告警接口依然401

    查询告警http://ip/OperationsManager/data/alert,直接拿上一步获取的token加入请求Header中,

    SCOM-CSRF-TOKEN: yjihbfEsRFLd9fMRgT_Rxf4MzDiact3jgvyXZBrMnQRA4MoKtaO8_si891ahn6Pm98SJltLoiQYQrEENBWhJXX5WkQbLa2hqI6gVG96Hj0Y1%3a5dV5XX9rOLp5850DHjRsJ93ioKTP_Fw2AakOi1QN35SI_Vr0nBYrw4n8bUzh_vbNLxKIek_7w9lHSlftqOA0TfKs6Rs0oU7O3w8GIegHvpPtYt_0fTgktvzq4nL7MTxF0
    

    过滤条件官网给的非常模糊没有解释,这里直接跟scom控制台保持一致,请求体:

    {"classId":null,"objectIds":{},"criteria":"((Severity = "0") OR (Severity = "1") OR (Severity = "2")) AND ((Priority = "2") OR (Priority = "1") OR (Priority = "0")) AND ((ResolutionState != "255")) AND TimeRaised >= "Sun, 30 Jan 2022 07:34:42 GMT"","displayColumns":["severity","monitoringobjectdisplayname","name","lastmodified","description","sitename","alertsource","netbiosdomainname"]}
    

    依然抓包页面请求,发现依然发起三个


所以NTLM每个请求都要用上一步的getBasicAuthHttpClient()返回的client来发起请求

  • 问题三: 报错 索引超出了数组界限

排查发现是header中的SCOM-CSRF-TOKEN需要先URLDecoder一下,不然会解析报错。

SCOM-CSRF-TOKEN: yjihbfEsRFLd9fMRgT_Rxf4MzDiact3jgvyXZBrMnQRA4MoKtaO8_si891ahn6Pm98SJltLoiQYQrEENBWhJXX5WkQbLa2hqI6gVG96Hj0Y1:5dV5XX9rOLp5850DHjRsJ93ioKTP_Fw2AakOi1QN35SI_Vr0nBYrw4n8bUzh_vbNLxKIek_7w9lHSlftqOA0TfKs6Rs0oU7O3w8GIegHvpPtYt_0fTgktvzq4nL7MTxF0

  • 问题四:提示会话已过期

到这里我们已经接近成功了,原因是因为光设置token到Header还不够,还要请求的时候还需要携带Cookie,把第一步认证接口返回的Set-Cookie里面的值设置到Cookie中,

httppost.addHeader("Content-Type", "application/json;charset=UTF-8");
httppost.addHeader("SCOM-CSRF-TOKEN", token);//这个token需要decode
httppost.addHeader("Cookie", "SCOM-CSRF-TOKEN="+originToken+";SCOMSessionId="+sessionId+";SCOMUserStatus=loggedIn"); //这个token不需要decode

响应格式:

{
  "tableColumns": [
    {
      "field": "ageinmilliseconds",
      "header": "",
      "type": null,
      "hidden": true
    },
    {
      "field": "severity",
      "header": "Severity",
      "type": null,
      "hidden": false
    },
    {
      "field": "monitoringobjectdisplayname",
      "header": "Source",
      "type": null,
      "hidden": false
    },
    {
      "field": "monitoringobjectpath",
      "header": "Path",
      "type": null,
      "hidden": false
    },
    {
      "field": "name",
      "header": "Name",
      "type": null,
      "hidden": false
    },
    {
      "field": "age",
      "header": "Age",
      "type": null,
      "hidden": false
    },
    {
      "field": "description",
      "header": "Description",
      "type": null,
      "hidden": false
    },
    {
      "field": "owner",
      "header": "Owner",
      "type": null,
      "hidden": false
    },
    {
      "field": "timeadded",
      "header": "Created",
      "type": null,
      "hidden": false
    },
    {
      "field": "id",
      "header": "Id",
      "type": null,
      "hidden": true
    }
  ],
  "rows": [
    {
      "id": "d3144ac9-4316-45ce-94b9-f50936219e24",
      "severity": "Error",
      "monitoringobjectdisplayname": "Test Service Group",
      "monitoringobjectpath": null,
      "name": null,
      "age": "6137 days, 6 hours",
      "ageinmilliseconds": 530260033217.2775,
      "description": "",
      "owner": "DXPSQYVCYBXGIUDZJZVWNLFDYEKA",
      "timeadded": "2022-05-17T03:29:36.7330000Z"
    },
    {
      "id": "d3144ac9-4316-45ce-94b9-f50936219e24",
      "severity": "Error",
      "monitoringobjectdisplayname": "Test Service Group",
      "monitoringobjectpath": null,
      "name": null,
      "age": "6137 days, 6 hours",
      "ageinmilliseconds": 530260149093.94025,
      "description": "",
      "owner": "DXPSQYVCYBXGIUDZJZVWNLFDYEKA",
      "timeadded": "2022-05-17T03:29:36.7330000Z"
    }
  ]
}

解析告警,做属性转换:

alarmId->告警唯一ID
netbioscomputername->计算机名(可能为空)
monitoringobjectdisplayname->源
description->告警描述
lastmodified->上次更新时间
principalname->站点
severity->告警级别

步骤总结

1.获取认证信息,确认认证方式是否开启NTLM

2.发起认证NTLM请求,从response header获取SCOM-CSRF-TOKEN,以及SCOMSessionId

3.发起查询告警请求,将上一步的token urldecode后设置到request header,将原始token和sessionId设置到Cookie

hmoban主题是根据ripro二开的主题,极致后台体验,无插件,集成会员系统
自学咖网 » java对接SCOM微软监控系统告警