Extensive API calls made by VMware Aria Operations to NSX Manager
search cancel

Extensive API calls made by VMware Aria Operations to NSX Manager

book

Article ID: 415149

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Security monitoring is reporting brute force attack
  • VMware Aria Operations for Logs shows authentication failures to NSX when filtering for the event text contains ACCESS_CONTROL and second filter text contains FAILURE in Explore logs 
  • NSX log /var/log/syslog shows errors similar to 
    #### UserName:'[email protected]' Operation:'GET@/api/v1/transport-nodes/<transport-node-id>/network/interfaces/<interface-id>/stats' Operation status: 'failure' Error: The requested object : Provided interface id <interface-id> in the request is invalid could not be found. Object identifiers are case sensitive.

Environment

VMware Aria Operations 8.18.x

VMware NSX 4.2.x 

Resolution

Using Postman or Rest API client run the following API call against NSX manager:

  1. List the Network Interfaces  
    GET /api/v1/transport-nodes/<transport-node-id>/network/interfaces

    * Replacing <transport-node-id> with the affected Transport Node ID 

    • The API call output should return a list of Interface IDs with the affected interface ID listed : 

      {
    "admin_status" : "UP",

    "interface_id" : "<interfaceID>",

    "link_status" : "UP",

    "mtu" : 1500,

    "interface_type" : "PHYSICAL",

    "connected_switch" : "######",

    "connected_switch_type" : "####",

    "interface_alias" : [

{  "broadcast_address" : "",       "ip_address" : "",       "ip_configuration" : "not configured",       "netmask" : "",       "physical_address" : "##:##:##:##:##:##" }
  2.  Get the stats of the affected interface ID  
    GET /api/v1/transport-nodes/<transport-node-id>/network/interfaces/<interface-id>/stats

     * Replacing <transport-node-id> with the affected Transport Node ID and <interface-id> with the affected interface ID 

    •  No output is returned
  3. If you can find the affected Interface ID is listed when running the call GET /api/v1/transport-nodes/<transport-node-id>/network/interfaces, but no stats are returned for the affected interface ID when running the call GET /api/v1/transport-nodes/<transport-node-id>/network/interfaces/<interface-id>/stats, then the issue will need to be investigated by NSX.  Please raise an SR with NSX quoting KB (415149) in the problem description. For more information, see Creating and managing Broadcom support cases

Additional Information

Powered by Wolken Software