HTTP 403 (Unauthorized) error while sending test alerts from Log Insight to vRealize Network Insight
search cancel

HTTP 403 (Unauthorized) error while sending test alerts from Log Insight to vRealize Network Insight

book

Article ID: 319641

calendar_today

Updated On:

Products

VMware Aria Operations for Networks

Issue/Introduction

In Log Insight CLUSTER deployment, where there are multiple Log Insight nodes, webhook alerts can be sent via any node, which is acting as primary node at that point of time. In such scenario, vRNI can give 403 Forbidden error when it receives webhook alert from that Log Insight node.

Symptoms:
After a Log Insight data source is added in vRNI, while sending test webhook alerts from Log Insight to vRNI, 403 Forbidden error occurs.

Environment

VMware vRealize Network Insight 4.x
VMware vRealize Network Insight 3.x

Resolution

Add all Log Insight cluster node IP as Log Insight data sources in vRNI. e.g. If Log Insight cluster has three nodes, you need to add three Log Insight data sources in vRNI, each data source representing a Log Insight node IP.
You can see all Log Insight cluster node IP addresses as below - Log in to Log Insight -> Administration -> Cluster. (Below screenshot)



If you add all nodes as data sources on the same vRNI proxy, then generated webhook URL will be same.
So add webhook URL in Log Insight just once, while enabling vRNI Content pack alerts as described in https://docs.vmware.com/en/VMware-vRealize-Network-Insight/3.8/com.vmware.vrni.using.doc/GUID-EE3EAE49-8702-40F0-AE0F-8CCA9E3274EB.html

Additional Information

Impact/Risks:
vRNI would not receive webhook alerts from Log Insight. Changes to security groups would not be reflected in vRNI immediately.

Powered by Wolken Software