I have looked over the Generic DataCenter implementation and we are close to start using this type of objects, for different cases.
In one situation, we had used a script that was addressing some TOR resources, and adjusted it a bit, so it would keep the UUID , will address other IP lists resources, etc. .
Works well for quite some time, problem is that from time to time, I notice that the objects generated by/for this GDC are not refreshed for 1 - 2 days (or a bit more).
All I was able to catch in the FWL Logs is that the JSON file is "corrupted" so from there I've looked what/why.
Checking why, I've noticed that process/script we use is not running anymore on the Management Server, not sure why it stopped running, I'll see if I have smth in the other system logs.
So what I'm after, is there a way we can get an alert when the retrieval of the JSON content fails, so we know and take action in case this happens ?
I tried to look into SmartEvents, but sadly I did not find a way for setting SmartEvents to look for specific LOG patterns and generate an alert on them .
Any idea, hint to follow would appreciate 😃 .
Hello @PhoneBoy ,
Here you have the beginning and failure of the json reading/mapping .
There is not much, and I tried to search in any way, no luck.
So if there is a possibility to create an SmartEvent alert based on anything from here (or just for failure alerts), would be great 😊.
Not every log component is indexed or actionable. You can use the show-logs API on blade "Cloudguard IaaS" to get specific results for Control connections and filter from there, for instance for the Critical keywords. I'm not sure if it's what you're looking after though.
Thank you for pointing that out, but not really what we wanted 😕, as I stated initially, we're using SmartEvent to perform certain actions in different cases, and in this case/situation I would like to be able to trigger an event from SmartEvent, that would be performed in the case of GDC update failure.
With API, we can explore that path, but since SmartEvent is already running, we hoped that there is smth that we can achieve with it 😉.