0 Replies Latest reply on Sep 12, 2019 8:24 AM by mmcelwain

    Alert trigger action: Send a GET or POST Request to a web server - Fails

    mmcelwain

      Hi Thwack,

       

      We are currently having an issue completing a simple http post to our cloud hosted correlation engine.  We had this solution working for several weeks and then it all of the sudden stopped.

       

      1. Talked to networking and they state that nothing has changed on the actual box
      2. Talked to senior security engineer and he provided a packet capture.  He is saying that the box is trying to connect versus post.  Even though we have specifically specified https in the url that we are trying to post to
      3. Opened case with Solarwinds (case#00379599).  Did a bunch of database clean-up and verified settings, they don’t see any issues on their end
      4. Talked to the vendor and they don’t see any traffic even coming from us
      5. I am able to curl from the actual machine without issue (using postman)
      6. Talked to windows team they looked at the box and don't see any issues

       

      Posting to: https://inbound.bigpanda.io/solarwinds/alerts?access_token=XXXXXXX

      **NOTE When you attempt to go to this address it will fail on purpose.  It is expecting post data**

       

      JSON:

       

      { "app_key": "XXXXXXXXXXXXXXXXXXXXXXXX", "primary_property": "host", "secondary_property": "object", "status": "${N=Alerting;M=Severity}", "alert": "${N=Alerting;M=AlertMessage}", "host": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }", "object": "${N=SWQL;M=SELECT TOP 1 EntityCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }", "object_type": "${N=Alerting;M=ObjectType}", "description": "${N=Alerting;M=AlertDescription}", "solarwinds_url": "${N=Alerting;M=AlertDetailsUrl}", "acknowledged": "${N=Alerting;M=Acknowledged}", "acknowledged_by": "${N=Alerting;M=AcknowledgedBy}", "timestamp": "${N=SWQL;M=SELECT GETUTCDATE() as a1 FROM Orion.Engines}", "incident_identifier": "${N=Alerting;M=AlertObjectID}","UTID": "${N=SWQL;M=SELECT UTID FROM Orion.AlertConfigurationsCustomProperties WHERE AlertID= ${N=Alerting;M=AlertID} }"}

       

      Error in Logs:

       

      2019-09-02 20:42:28,547 [28] ERROR AlertingLogger - (null)  Failed to execute an HTTP request. Method: POST, Url: https://inbound.bigpanda.io/solarwinds/alerts?access_token=XXXXXXXXXXXXXXXX, Body: { "app_key": "XXXXXXXXXXXXXXXX", "primary_property": "host", "secondary_property": "object", "status": "Warning", "alert": "s1137_tunnel22.net.ssc.tsc is down", "host": "s1137_tunnel22.net.ssc.tsc", "object": "s1137_tunnel22.net.ssc.tsc", "object_type": "Node", "description": "Store Tunnel22 has gone down

      ", "solarwinds_url": "http://T1WASLW702:80/Orion/View.aspx?NetObject=AAT:27693", "acknowledged": "Not Acknowledged", "acknowledged_by": "", "timestamp": "9/3/2019 1:42:28 AM", "incident_identifier": "27693","UTID": "SLR-NET-NET-SLR-0006"})

      1. System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

       

      Support really doesnt seem to be giving me any options.  Has anyone else experienced this?  What am I missing?  Thank you in advance!

       

      -Matt