Moogsoft Docs

Configure the Azure LAM

The Azure LAM is an endpoint for webhook notifications from Microsoft Azure Monitor alerts. The LAM parses the JSON events from Azure into Moogsoft AIOps events.

You can install a basic Azure Monitor integration via the UI. See Azure for integration steps. Configure the Azure Monitor LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

The Azure integration has been validated with Microsoft Azure Monitor v. 2018. Before you configure the Azure Monitor LAM, ensure you have met the following requirements:

  • You have an active Microsoft Azure account.
  • You know how to configure alerts in Microsoft Azure Monitor, including how to define a webhook notification.
  • Your Azure resource can make requests to external endpoints over port 443.

If you are configuring a distributed deployment refer to High Availability first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the Azure Monitor LAM configuration file to control its behavior. You can find the file at $MOOGSOFT_HOME/config/azure_lam.conf .

See REST LAM Reference for a full description of all properties. Not all properties for the generic REST LAM apply to the Azure Monitor LAM.

Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the properties for the REST connection:
    • port : Port on the Moogsoft AIOps server that listens for Azure Monitor messages. Defaults to 48020.
    • address : Address on the Moogsoft AIOps server that listens for REST messages. Defaults to all interfaces.
  2. If you want to encrypt communications between the LAM and the REST connection configure the SSL properties :
    • use_ssl : Whether to use SSL certification.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • ssl_key_filename : The SSL server key file.
    • ssl_cert_filename : The SSL root CA file.
    • ssl_protocols : Sets the allowed SSL protocols.

  3. Configure the LAM behavior:
    • num_threads : Number of worker threads to use.
    • rest_response_mode : When to send a REST response. See the REST LAM Reference for the options.
    • rpc_response_timeout : Number of seconds to wait for a REST response.
    • event_ack_mode : When moogfarmd acknowledges events from the REST LAM during the event processing pipeline.
    • accept_all_json : Allows the LAM to read and process all forms of JSON.
    • lists_contain_multiple_events : Whether Moogsoft AIOPs interprets a JSON list as multiple events.
  4. Optionally configure the LAM identification and log file details:
    • name : Identifies the event sent to the message bus by the Azure Monitor LAM.
    • log : Name and location of the Azure Monitor LAM log file.

Unsupported Properties

Windows Azure Monitor alerts do not support client authentication. Do not uncomment or change the following properties:

  • use_client_certificates
  • client_ca_filename
  • auth_token or encrypted_auth_token
  • header_auth_token or encrypted_header_auth_token
  • authentication_type

  • authentication_cache

Example

monitor:
	{
		name                           : "Azure LAM",
		class                          : "CRestMonitor",
		port                           : 48018,
		address                        : "0.0.0.0",
		use_ssl                        : false,
		#path_to_ssl_files             : "config",
		#ssl_key_filename              : "server.key",
		#ssl_cert_filename             : "server.pem",
		#use_client_certificates       : false,
		#client_ca_filename            : "ca.crt",
		#auth_token                    : "my_secret",
		#encrypted_auth_token          : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
		#header_auth_token             : "my_secret",
		#encrypted_header_auth_token   : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
		#ssl_protocols .               : "TLSv1.2"
		authentication_type            : "none",
		authentication_cache .         : true,
		accept_all_json                : true,
		lists_contain_multiple_events  : true,
		num_threads                    : 5,
		rest_response_mode             : "on_receipt",
		rpc_response_timeout           : 20,
		event_ack_mode                 : "queued_for_processing"
	}

Configure for High Availability

Configure the Azure Monitor LAM for high availability if required. See Integrations HA Configuration for details.

Configure LAMbot Filtering

The Azure Monitor LAMbot filters and processes Azure Monitor LAM events using the logic in "AzureLam.js". Then sends them to the message bus.

The LAMbot moves overflow properties to custom info and performs any filtering you configure in the LAMbot file. See Data Parsing for details.

If you don’t want to map overflow properties, you can comment out the presend property in the filter section to bypass the LAMbot and send events straight to the message bus. This speeds up processing if you have a high volume of incoming Azure Monitor alerts.

Alternatively, you can define a custom stream to receive Azure LAM events. See Alert Builder Moolet for details.

filter:
	{
        presend: "AzureLam.js",
		modules: ["CommonUtils.js"]
	}

Map LAM Properties

You can configure custom mappings in the Azure Monitor LAMbot. See Advanced Integration information for details.

By default the following Azure Monitor event properties map to the following Moogsoft AIOps Azure Monitor LAM properties:

Azure Monitor Event Property Azure Monitor LAM Event Property

context.resourceGroupName::context.resourceType:

:context.resourceName::context.name


signature
context.resourceId source_id
context.id external_id
context.resourceGroupName manager
context.resourceName source
context.resourceType class
Azure LAM agent
context.conditionType type
2 severity
context.name - context.description description
context.timestamp agent_time

The overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft AIOps alerts:

Azure Monitor Event Property Azure Monitor LAM Monitor Property
data eventDetails.data
schemaid eventDetails.schemaid

Start  and Stop the LAM

Restart the Azure Monitor LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is azurelamd .

See Control Moogsoft AIOps Processes for the commands to start, stop and restart the LAM.

Configure Azure

After you have the Azure Monitor LAM running and listening for incoming requests, you can configure a webhook in Azure. See "Configure Azure" in Azure .