Using Curl Method to Authenticate

This topic applies to both Software Logger and the Logger Appliance.

This authentication method allows users to connect to API using Curl Command.

Note: Before starting with this process, configure the Client Certificate Authentication Method. To view the authentication commands , see Logger Admin Guide available at Micro Focus Security Community

Tip: The client computer should have the "root CA" in its certificate repository; in case it is not configured use the "-k" parameter in the curl command.

The session id is required for all API requests and will be eventually used for the next subsequent commands. The "client certificates" are only required for the logging step.

Curl command and Logger with Client Certificate AND Local Password configuration in Login RESTFul API

To connect using Curl, use the following parameters:

curl -H 'Accept: application/json' -X POST '[https://IP or HOST/core-service/rest/LoginService/login]' -k --key ./client2015key.pem --cert ./client2015.pem

If the certificate files are in the current directory where the command is executed, use "./" and the file name; otherwise, the command would fail. For example:

curl -H 'Accept: application/json' -X POST -d 'login=[usersample & password]=arcsight' '[https://IP or HOST/core-service/rest/LoginService/login]' -k --key ./client2015key.pem --cert ./client2015.pem

curl -k [https://IP or HOST/server/search] -H "Content-Type: application/json ; charset=[timezone]" -d '{ "search_session_id" : [number], "user_session_id" : "useTheSessionIdOfThePreviousCommand", "query" : "deviceVendor = ArcSight", "start_time" : "[yy-mm-ddThh:minutes:seconds.000-end time]", "end_time" : "[yy-mm-ddThh:minutes:seconds.000-end time]", "field_summary":true }'

Curl command and Logger with Client Certificate configuration in Login RESTFul API

Unlike the previous method, "user" and "password" are not required. For example:

curl -H 'Accept: application/json' -X POST '[https://IP or HOST/core-service/rest/LoginService/login]' -k --key ./client2015key.pem --cert ./client2015.pem

curl -k [https://IP or HOST/server/search] -H "Content-Type: application/json ; charset=[timezone]" -d '{ "search_session_id" : [number], "user_session_id" : "useTheSessionIdOfThePreviousCommand", "query" : "deviceVendor = ArcSight", "start_time" : "[yy-mm-ddThh:minutes:seconds.000-end time]", "end_time" : "[yy-mm-ddThh:minutes:seconds.000-end time]}'