VMware VeloCloud SD-WAN Orchestrator API: Automated Enterprise Events Retrieval for Network SLM, SIEM and SOAR Integration
This Python app is containerised with Docker Compose for a modular and cloud native deployment that fits in any microservice architecture.
It does the following:
- Call the VMware VeloCloud Orchestrator (VCO) API to retrieve the enterprise events in the last 15 minutes;
- Append the enterprise events, with each in a new line, in a JSON file on a
Docker volume
that is mounted in the same directory of thedocker-compose.yml
file on the Docker host, or in the same directory of the Python script if it is run as a standalone service, in a directory by the name of the enterprise; and - Repeat the process every 15 minutes on the hour and at :15, :30 and :45 past for an automated enterprise events retrieval.
For a list of the enterprise events along with severity and description, please refer to the Supported VMware SD-WAN Edge Events page in the VMware SD-WAN Documentation.
A detailed walk-through is available here.
Get started in three simple steps:
- Download a copy of the app;
- Create the environment variables for the VCO authentication and modify the crontab if needed; and
- Docker Compose or build and run the image manually to start the app, or alternatively run the Python script as a standalone service.
Download a copy of the app with git clone
. Be sure to pass the --recurse-submodules
argument to initialise and update each submodule in the repository.
$ git clone --recurse-submodules https://github.com/kurtcms/vco-api-ent-event /app/vco-api-ent-event/
The app expects the hostname, the API token or the username and password for the VCO, as environment variables in a .env
file in the same directory.
Should both the API token, and the username and password, for the VCO be present, the app will always use the API token.
Be sure to create the .env
file.
$ nano /app/vco-api-ent-event/.env
And define the credentials accordingly.
VCO_HOSTNAME = 'vco.managed-sdwan.com/'
# Either the API token
VCO_TOKEN = '(redacted)'
# Or the username and password
VCO_USERNAME = 'kurtcms'
VCO_PASSWORD = '(redacted)'
By default the app is scheduled with cron to retrieve the enterprise events every 15 minutes, with stdout
and stderr
redirected to the main process for Docker logs
.
Modify the crontab
if a different schedule is required.
$ nano /app/vco-api-ent-event/crontab
Packaged as a container, the app is a standalone, executable package that may be run on Docker Engine. Be sure to have Docker installed.
With Docker Compose, the app may be provisioned with a single command.
Install Docker and Docker Compose with the Bash script that comes with app.
$ chmod +x /app/vco-api-ent-event/docker-compose/docker-compose.sh \
&& /app/vco-api-ent-event/docker-compose/docker-compose.sh
Start the containers with Docker Compose.
$ docker-compose -f /app/vco-api-ent-event/docker-compose.yml up -d
Stopping the container is as simple as a single command.
$ docker-compose -f /app/vco-api-ent-event/docker-compose.yml down
Otherwise the Docker image can also be built manually.
$ docker build -t vco_api_ent_event /app/vco-api-ent-event/
Run the image with Docker once it is ready.
$ docker run -it --rm --name vco_api_ent_event vco_api_ent_event
Alternatively the vco_api_ent_event.py
script may be deployed as a standalone service.
In which case be sure to install the following required libraries for the vco_api_main.py
:
Install them with pip3
:
$ pip3 install requests python-dotenv numpy pandas
The script may then be executed with a task scheduler such as cron that runs it once every 15 minutes for example.
$ (crontab -l; echo "*/15 * * * * /usr/bin/python3 /app/vco-api-ent-event/vco_api_ent_event.py") | crontab -
The enterprise events will be appended to a JSON file, with each in a new line, on a Docker volume
that is mounted in the same directory of the docker-compose.yml
file on the Docker host. If the Python script is run as a standalone service, the JSON file will be in the same directory of the script instead.
{"id": 2913202, "eventTime": "2021-10-23T06:48:57.000Z", "event": "VPN_DATACENTER_STATUS", "category": "SYSTEM", "severity": "NOTICE", "message": "Tunnel to [Azure-SIN] - Failed to negotiate child SA IKEv2_I with 13.76.153.194. Error: ERR_IKE_TIMEOUT", "detail": "{\"enterpriseLogicalId\": \"24676352-23ed-4cdd-a0db-52f61810de1b\", \"dataCenterLogicalId\": \"bb395d4c-5963-4d14-8e6d-c2822c9dfadc\", \"ipAddress\": \"13.76.153.194\", \"ikeState\": \"DOWN\", \"numberP2SA\": 0, \"Hint\": \"No response from peer or no proposal chosen; check VPN type, GWIP, DH Group, IKE-ID, subnets.\"}", "enterpriseUsername": null, "edgeName": null, "segmentName": null}
In any case, the JSON file is stored under a directory by the enterpriseName
to ease access.
.
└── enterpriseName/
└── events.json