Moogsoft Docs

Configure the Azure Classic LAM

The Azure Classic LAM is an endpoint for webhook notifications from Microsoft Azure classic alerts. The LAM parses the JSON events from Azure into Moogsoft AIOps events.

You can install a basic Azure Classic integration via the UI . See Azure Classic for integration steps.

Configure the Azure Classic LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

The Azure Classic integration has been validated with Microsoft Azure Classic v. 2018. Before you configure the Azure Classic LAM, ensure you have met the following requirements:

  • You have an active Microsoft Azure account.
  • You know how to configure classic alerts in Microsoft Azure, including how to define a webhook notification.
  • Your A zure resource can make requests to external endpoints over port 443.

If you are configuring a distributed deployment refer to High Availability first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the Azure Classic LAM configuration file to control its behavior. You can find the file at $MOOGSOFT_HOME/config/azure_classic_lam.conf .

See REST LAM Reference for a full description of all properties. Not all properties for the generic REST LAM apply to the Azure Classic LAM.

Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the properties for the REST connection:
    • port : Port on the Moogsoft AIOps server that listens for Azure Classic messages. Defaults to 48018.
    • address : Address on the Moogsoft AIOps server that listens for REST messages. Defaults to all interfaces.
  2. If you want to encrypt communications between the LAM and the REST connection configure the SSL properties :
    • use_ssl : Whether to use SSL certification.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • ssl_key_filename : The SSL server key file.
    • ssl_cert_filename : The SSL root CA file.
    • ssl_protocols : Sets the allowed SSL protocols.

  3. Configure the LAM behavior:
    • num_threads : Number of worker threads to use.
    • rest_response_mode : When to send a REST response. See the REST LAM Reference for the options.
    • rpc_response_timeout : Number of seconds to wait for a REST response.
    • event_ack_mode : When moogfarmd acknowledges events from the REST LAM during the event processing pipeline.
    • accept_all_json : Allows the LAM to read and process all forms of JSON.
    • lists_contain_multiple_events : Whether Moogsoft AIOPs interprets a JSON list as multiple events.
  4. Optionally configure the LAM identification and log file details:
    • name : Identifies the event sent to the message bus by the Azure Classic LAM.
    • log : Name and location of the Azure Classic LAM log file.

Unsupported Properties

Windows Azure classic alerts do not support client authentication. Do not uncomment or change the following properties:

  • use_client_certificates
  • client_ca_filename
  • auth_token or encrypted_auth_token
  • header_auth_token or encrypted_header_auth_token
  • authentication_type

  • authentication_cache

Example

monitor:
	{
		name                           : "Azure Classic LAM",
		class                          : "CRestMonitor",
        port                           : 48018,
        address                        : "0.0.0.0",
        use_ssl                        : false,
        #path_to_ssl_files             : "config",
        #ssl_key_filename              : "server.key",
        #ssl_cert_filename             : "server.pem",
        #use_client_certificates       : false,
        #client_ca_filename            : "ca.crt",
        #auth_token                    : "my_secret",
        #encrypted_auth_token          : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
        #header_auth_token             : "my_secret",
        #encrypted_header_auth_token   : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
        #ssl_protocols                 : "TLSv1.2"
        authentication_type            : "none",
        authentication_cache           : true,
        accept_all_json                : true,
        lists_contain_multiple_events  : true,
        num_threads                    : 5,
        rest_response_mode             : "on_receipt",
        rpc_response_timeout           : 20,
        event_ack_mode                 : "queued_for_processing"
	}

Configure for High Availability

Configure the Azure Classic LAM for high availability if required. See Integrations HA Configuration for details.

Configure LAMbot Filtering

The Azure Classic LAMbot filters and processes Azure Classic LAM events using the logic in "AzureClassicLam.js". Then it sends the events to the message bus.

The LAMbot moves overflow properties to custom info and performs any filtering you configure in the LAMbot file. See Data Parsing for details.

If you don’t want to map overflow properties, you can comment out the presend property in the filter section to bypass the LAMbot and send events straight to the message bus. This speeds up processing if you have a high volume of incoming Azure alerts.

Alternatively, you can define a custom stream to receive Azure Classic LAM events. See Alert Builder Moolet for details.

filter:
	{
        presend: "AzureClassicLam.js",
		modules: ["CommonUtils.js"]
	}

Map LAM Properties

You can configure custom mappings in the Azure Classic LAMbot. See Advanced Integration information for details.

By default the following Azure Classic event properties map to the following Moogsoft AIOps Azure Classic LAM properties:

Azure Classic Event Property Azure Classic LAM Event Property

context.resourceRegion::context.resourceGroupName:

:context.resourceType::context.resourceName: : context.name

signature
context.resourceId source_id
context.id external_id
context.resourceGroupName manager
context.resourceName source
context.resourceType class
Azure Classic LAM agent
context.conditionType type
2 severity
context.name - context.description description
context.timestamp agent_time

The overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft AIOps alerts:

Azure Classic Event Property Azure Classic LAM Event Property
context eventDetails.context
properties eventDetails.properties
status eventDetails.status

Start and Stop the LAM

Restart the Azure Classic LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is azureclassiclamd.

See Control Moogsoft AIOps Processes for the commands to start, stop and restart the LAM.

Configure Azure

After you have the Azure Classic LAM running and listening for incoming requests, you can configure a webhook in Azure. See "Configure Azure" in Azure Classic .