VMware {code} Community
mcro2430
Contributor
Contributor
‎03-11-2021 09:48 AM

Powershell - Log Insight Get agent listing

There doesn't appear to be an API available to query all current agents configured in LogInsight.Does anyone have any advice on how to pull this data?

 

I am attempting to invoke-webrequest via /login and /admin but i'm receiving a "CSRF nonce validation failed" when I attempt to authenticate via those URLs via JSON. passing the normal /api/session auth doesn't seem to work either.

Reply
0 Kudos
1 Reply
Adlez
Contributor
Contributor
‎11-23-2021 02:40 AM

Did you get anywhere with this? I am trying to do the same thing but also hit CSRF issues,  I can get a token request to work but reusing the token throws a CSRF error.  From what I read online it seems the auth and request for a token should be in the same request which I don't know how we do that given the token request is done on its own URL where there is no form to enter credentials.  This is what I have so far (PowerShell 7.2.0)...

 

$Form = @{
    'username' = 'admin'
    'password' = ''
    'authMethod' = 'DEFAULT'
}

$CSRFURL = 'https://VLIHOST/csrf'
$InitialWebRequest = Invoke-WebRequest -Uri $CSRFURL -SkipCertificateCheck -Headers @{'X-CSRF-Token'='Fetch'} -SessionVariable SV

$JSONURL = 'https://VLIHOST/admin/hosts?pageFrom=1&pageTo=99999&sortOrder=ASC&sortField=lastreceived&_eventName=loadHosts'
$FinalWebRequest = Invoke-WebRequest -Uri $JSONURL -WebSession $SV -SkipCertificateCheck -Form $Form -Method Post

 

Reply
0 Kudos