NTNX>日記

個人的な趣味による Nutanix Community Edition 日記。Japanese のみですみません。

Nutanix CE の Event 情報を取得してみる。(Python 編)

Nutanix Advent Calendar 2017 の 5日目です。

Nutanix CE は製品版と同じように API にアクセスできるようになっているので、ためしに Python でイベント情報を取得してみました。

 Prism の Alert → Event でみられる、ほとんど監査情報のものです。

f:id:gowatana:20171205232821p:plain

今回は、たまたまあった Oracle Linux 7.3 からスクリプトを実行しています。

$ cat /etc/oracle-release
Oracle Linux Server release 7.3
$ python -V
Python 2.7.5

下記のようなスクリプトを作成してみました。今回は Nutanix API V2 を利用しています。Python には、requests が必要です。(pip install requests などにて)

gist.github.com

スクリプトを実行してみます。

Prism へのログイン情報は、スクリプトとは別に prism-config.json というファイルを用意して下記のように記載しています。

gist.github.com

Prism で見られる情報であれば取得できます。Entities の情報は、ほぼ cluster なので省略しました。

$ chmod +x ./get-ntnx-event.py
$ ./get-ntnx-event.py ../prism-config.json
event_time_stamp, severity, alert_type, audit_user, acknowledged, message
2017-12-05 23:07:35 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-12-05 08:45:44 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-12-05 08:26:10 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-12-04 09:16:39 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-12-04 08:05:19 kAudit UserAudit gowatana False User ntnx-audit updated
2017-12-04 08:05:01 kAudit UserAudit gowatana False User ntnx-audit updated
2017-12-04 08:04:41 kAudit UserAudit gowatana False User ntnx-audit updated
2017-12-04 08:04:12 kAudit UserAudit gowatana False User ntnx-audit updated
2017-12-04 08:03:39 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-12-04 08:03:31 kAudit LoginInfoAudit ntnx-audit False User ntnx-audit has logged out from 192.168.1.197
2017-12-04 08:03:16 kAudit LoginInfoAudit ntnx-audit False User ntnx-audit has logged in from 192.168.1.197
2017-12-04 08:02:45 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-12-04 08:02:13 kAudit UserAudit gowatana False User ntnx-audit updated
2017-12-04 08:01:13 kAudit UserAudit gowatana False User ntnx-audit added
2017-12-04 07:56:25 kAudit LoginInfoAudit gowatana True User gowatana has logged in from 192.168.1.197
2017-12-04 02:03:08 kAudit LoginInfoAudit gowatana True User gowatana has logged out from 192.168.1.197
2017-12-04 01:38:01 kAudit LoginInfoAudit gowatana True User gowatana has logged in from 192.168.1.197
2017-12-03 21:44:08 kAudit LoginInfoAudit gowatana True User gowatana has logged out from 192.168.1.197
2017-12-03 21:27:51 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-12-02 22:30:14 kAudit LoginInfoAudit gowatana True User gowatana has logged out from 192.168.1.197
2017-12-02 21:14:42 kAudit LoginInfoAudit gowatana True User gowatana has logged in from 192.168.1.197
2017-11-30 09:16:12 kAudit LoginInfoAudit gowatana True User gowatana has logged out from 192.168.1.197
2017-11-30 08:56:39 kAudit LoginInfoAudit gowatana True User gowatana has logged in from 192.168.1.197
2017-11-30 02:59:35 kAudit LoginInfoAudit gowatana True User gowatana has logged out from 192.168.1.197
2017-11-30 02:41:51 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-30 02:41:42 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-11-30 02:23:13 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-29 23:14:52 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-11-29 22:47:59 kAudit RemoteSiteAudit gowatana False Remote site ce-n02 marked for removal
2017-11-29 22:47:51 kAudit RemoteSiteAudit gowatana False Remote site ntnx-gb marked for removal
2017-11-29 22:30:29 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-29 21:06:54 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-11-29 20:48:51 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-29 09:19:38 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-29 09:14:27 kAudit LoginInfoAudit gowatana False User gowatana has logged out from 192.168.1.197
2017-11-29 08:51:51 kAudit LoginInfoAudit gowatana False User gowatana has logged in from 192.168.1.197
2017-11-29 08:51:44 kAudit LoginInfoAudit admin False User admin has logged out from 192.168.1.197
2017-11-29 08:51:39 kAudit UserAudit admin False User gowatana updated
2017-11-29 08:50:52 kAudit UserAudit admin False User gowatana updated
2017-11-29 08:50:52 kAudit PasswordAudit admin False Password reset for user gowatana
2017-11-29 08:50:05 kAudit LoginInfoAudit admin False User admin has logged in from 192.168.1.197
2017-09-08 02:28:51 kAudit LoginInfoAudit admin False User admin has logged out from 192.168.1.197
2017-09-08 02:12:37 kAudit LoginInfoAudit admin False User admin has logged in from 192.168.1.197
$

このように、Nutanix CE は、ツールやスクリプトの開発でも利用できます。

ついでの気づき・・・

  • ほとんどログイン監査情報。ただしログイン失敗は出ない。
  • Prism にログインできるユーザで実行可能。ROLES は User Admin も Cluster Admin もチェック OFF でいける。
  • API でのアクセスは Event にログイン記録が残らない・・・

以上。