Skip to content

Instantly share code, notes, and snippets.

@embano1

embano1/README.md

Created July 26, 2021 20:47
Show Gist options
  • Save embano1/3ad6c6edb810d70c2fc52d7658d9a993 to your computer and use it in GitHub Desktop.
Save embano1/3ad6c6edb810d70c2fc52d7658d9a993 to your computer and use it in GitHub Desktop.
Download ZIP
VMware Horizon Events API
Raw
README.md

Authenticate

Note: Access token is valid for 8min.

TOKEN=$(echo -n '{"domain":"corp","username":"administrator","password":"VMware1!"}'| curl -s -d@- -H "content-type: application/json" -k https://10.153.252.17:15443/rest/login | jq -r '.access_token')

Filter to URL-encoded

Equals

cat << EOF | jq -csRr @uri
{
    "type":"Equals",
    "name":"id",
    "value":"98411"
}
EOF
%7B%0A%20%20%20%20%22type%22%3A%22Equals%22%2C%0A%20%20%20%20%22name%22%3A%22id%22%2C%0A%20%20%20%20%22value%22%3A%2298411%22%0A%7D%0A

# set env
FILTER=%7B%0A%20%20%20%20%22type%22%3A%22Equals%22%2C%0A%20%20%20%20%22name%22%3A%22id%22%2C%0A%20%20%20%20%22value%22%3A%2298411%22%0A%7D%0A

# send request with filter
curl -s -k -H "content-type: application/json" -H "authorization: Bearer ${TOKEN}" https://10.153.252.17:15443/rest/external/v1/audit-events\?filter\=${FILTER} | jq .
[
  {
    "id": 98411,
    "type": "REST_AUTH_LOGIN_SUCCESS",
    "severity": "AUDIT_SUCCESS",
    "module": "Rest",
    "machine_dns_name": "Horizon-01.corp.local",
    "time": 1626961088360,
    "message": "User corp\\administrator has logged in to Horizon Server REST API"
  }
]

Range ("Between")

Note: Does not work with id.

# From event ID 98415 to 98418
cat << EOF | jq -csRr @uri
{
    "type":"Between",
    "name":"time",
    "fromValue": 1627295286040,
    "toValue":1627295329000
}
EOF

FILTER=%7B%0A%20%20%20%20%22type%22%3A%22Between%22%2C%0A%20%20%20%20%22name%22%3A%22time%22%2C%0A%20%20%20%20%22fromValue%22%3A%201626961108780%2C%0A%20%20%20%20%22toValue%22%3A1626961849237%0A%7D%0A

curl -s -k -H "content-type: application/json" -H "authorization: Bearer ${TOKEN}" https://10.153.252.17:15443/rest/external/v1/audit-events\?filter\=${FILTER} | jq .
[
  {
    "id": 98418,
    "user_id": "S-1-5-21-4442515-1634369418-872054540-500",
    "type": "VLSI_USERLOGGEDIN",
    "severity": "AUDIT_SUCCESS",
    "module": "Vlsi",
    "machine_dns_name": "Horizon-01.corp.local",
    "time": 1626961849237,
    "message": "User corp\\administrator has logged in to View Administrator"
  },
  {
    "id": 98417,
    "type": "REST_AUTH_LOGIN_SUCCESS",
    "severity": "AUDIT_SUCCESS",
    "module": "Rest",
    "machine_dns_name": "Horizon-01.corp.local",
    "time": 1626961699773,
    "message": "User corp\\administrator has logged in to Horizon Server REST API"
  },
  {
    "id": 98416,
    "user_id": "S-1-5-21-4442515-1634369418-872054540-500",
    "type": "VLSI_USERLOGGEDIN",
    "severity": "AUDIT_SUCCESS",
    "module": "Vlsi",
    "machine_dns_name": "Horizon-01.corp.local",
    "time": 1626961699623,
    "message": "User corp\\administrator has logged in to View Administrator"
  },
  {
    "id": 98415,
    "type": "REST_AUTH_LOGIN_SUCCESS",
    "severity": "AUDIT_SUCCESS",
    "module": "Rest",
    "machine_dns_name": "Horizon-01.corp.local",
    "time": 1626961108780,
    "message": "User corp\\administrator has logged in to Horizon Server REST API"
  }
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment