HTTP request any groov device logs

Code Samples and Tips
1

Programmatically getting, saving, and sending logs is very useful whether done on a schedule or in response to an event or error. With groov Manage there’s a really clean way to get any logs with an HTTP request to make this trivial to implement. I’ll use Node-RED as an example, but as long as you properly authenticate this should work with any HTTP tools you want to use.

First log in to groov Manage and navigate to Info and HelpLogs, then select from over a dozen software and system logs. From that page just right click the download link and save that endpoint to your clipboard. All you have to do is make a GET request to this URL with the correct TLS settings and a header containing the key apiKey with a string value of a system-wide administrator user’s API key.

With Node-RED v3.0+ the headers can be entered directly into the node configuration, saving you from using a change node to set the headers object, but either method will work.

Node-RED v3.0.2 HTTP request headers
Node-RED v3.0.2 HTTP request headers1091×1140 56.7 KB

This does get the entire log file, so I strongly recommend doing some processing before saving or sending it anywhere. For example, this JavaScript will split apart the response string, grab only the last 10 logs, and return a single string containing just those entries:

// Each log entry is on a new line separated by \n
var logs = msg.payload.split('\n');
// The final element in this array is an empty string, so stop before that
msg.payload = logs.slice(logs.length-11, logs.length-1);
// Join the array of the 10 most recent log entries to create a single string
msg.payload = msg.payload.join('\n');
// Return the new msg.payload containing just the 10 most recent log entries
return msg;

Using this method to get the groov Manage logs I can keep track of which pages are being opened, login / logout events, and much more:

groov Manage most recent 10 log entries
groov Manage most recent 10 log entries1172×370 69.5 KB

This is a super easy way to get the log data you want, and once you make the request you can do whatever you need with it! Feel free to copy the code above if you’re using Node-RED, and if you do modify it please drop a line in the thread to let us know how you’re implementing it.
And as always, happy logging!

2 Likes
2

Would this be the bet way to store groov logs in an SIEM/Logs Server using syslog? There doesn’t seem to be any integration with the Groov Manage interface that I can see to store syslogs in a server.

3

Update - I have used the foundation of this to store logs in a local Logs Server (syslog). Basically I’m polling the logs every 5 minutes and getting the last 1000 lines of the log file first, splitting them up and then running them through a function to determine if they are within the last 5 minutes (+10 seconds so I’m not missing any lines. Would rather a double up than a missed line) then converting each message to a syslog message and sending the message through a UDP out node to my local server. I can’t see of anyone else doing this so I thought I would leave my cowboy method here just in case. Any feedback will be taken.

image