背景
项目上需要对接scom微软监控系统告警,能够拿到手的资料十分有限,只有几个官方文档地址:
Operations Manager REST API Reference - Operations Manager REST API | Microsoft Learn
SCOM告警仪表盘页面展示:
注意事项
仅支持 System Center Operations Manager 1801 及以上版本有RESTAPI,千万注意;
对接过程
官网正好有一个获取告警的示例,但是是powershell版本的:
#Set Headers for the request
$userName ="domain\username";
$password ="Password";
$AuthenticationMode= "Network"
$scomHeaders = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”
$scomHeaders.Add('Content-Type','application/json; charset=utf-8')
$bodyraw = "($AuthenticationMode):$($userName):$($password)” //官网这里写的还有问题,少了个$
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)
$EncodedText =[Convert]::ToBase64String($Bytes)
$jsonbody = $EncodedText | ConvertTo-Json
$uriBase = 'http://<scomserver>/OperationsManager'
#Authenticate
$auth = Invoke-WebRequest -Method POST -Uri $uriBase/authenticate -Headers $scomheaders -body $jsonbody -UseDefaultCredentials -SessionVariable $websession
#Include CSRF Token
$csrfTocken = $websession.Cookies.GetCookies($uriBase) | ? { $_.Name -eq 'SCOM-CSRF-TOKEN' }
$scomHeaders.Add('SCOM-CSRF-TOKEN', [System.Web.HttpUtility]::UrlDecode($csrfTocken.Value))
#Examples to Invoke the required SCOM API
#Data/alertDescription/{alertid}
$alertid="6A88FBC1-0EDC-4173-9BB1-30FFEC296672"
$uri = "$uriBase/data/alertDetails"
$Response = Invoke-WebRequest -Uri "$uriBase/data/alertDetails/$alertid" -Headers $scomheaders -Method Get -WebSession $websession
$Response.Content | Convertto-json
#Criteria: Enter the displayname of the SCOM object
$Criteria = "DisplayName LIKE '%SQL%'"
#Convert our criteria to JSON format
$JSONBody = $Criteria | ConvertTo-Json
$Response = Invoke-WebRequest -Uri "$uriBase/data/class/monitors" -Method Post -Body $JSONBody -WebSession $WebSession
$Response.Content | Convertto-json
#Data Request in JSON Format
$dashboardbody='
{
"refreshing": false,
"Name": "TestAPIDashboard",
"path": "35b6eba3-6202-8738-a47f-16acf476230f"
}'
$response = Invoke-WebRequest -Uri "$uriBase/monitoring/dashboard" -Headers $scomheaders -Method POST -Body $dashboardbody -ContentType "application/json" -UseDefaultCredentials -WebSession $websession
流程就是:
-
第一步: 拿到username(用户名) password(账密码) AuthenticationMode(认证模式,示例中是Network) domain(域) 四个配置信息
-
第二步: 将信息按照 AuthenticationMode:domain\username:password 拼接在一起然后通过base64加密:
"TmV0d29yazphYmNcYWRtaW51c2VyOlBXRDEyMw=="
-
第三步:调用认证接口 POST:
http://<Servername>/OperationsManager/authenticate,将上一步的字符串放到请求体,Content-Type设置为application/json -
第四步:将响应头的Set-Cookie里面的SCOM-CSRF-TOKEN 设置到请求头中,发起查询告警列表请求
POST
http://<Servername>/OperationsManager/data/alert
示例很美好,但是一试问题就来了,
- 问题一: 认证接口访问时一直401
刚开始以为是用户名密码或者权限问题,联系确认了web页面直接访问 http://IP/OperationsManager/ 该账号可以正常登录查询,有操作员权限,百思不得其解,意外打开F12发现页面上也是用的这个接口,于是决定抓包
打开fidder/wireshark,抓包认证接口发现居然发起了三次请求
查看response header
反应过来原来还有一层NTLM认证,于是调整java代码,使用httpclient发起NTLM请求,核心代码