Skip to main content

Configure the Azure Classic LAM

The Azure Classic LAM is an endpoint for webhook notifications from Microsoft Azure classic alerts. The LAM parses the JSON events from Azure into Moogsoft Onprem events.

You can install a basic Azure Classic integration in the UI. See Azure Classic for integration steps.

Configure the Azure Classic LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

The Azure Classic integration has been validated with Microsoft Azure Classic 2018. Before you configure the Azure Classic LAM, ensure you have met the following requirements:

  • You have an active Microsoft Azure account.

  • You know how to configure classic alerts in Microsoft Azure, including how to define a webhook notification.

  • Your Azure resource can make requests to external endpoints over port 443.

If you are configuring a distributed deployment refer to High Availability Overview first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the configuration file to control the behavior of the Azure Classic LAM. You can find the file at $MOOGSOFT_HOME/config/azure_classic_lam.conf.

The Azure Classic LAM is a REST-based LAM as it provides an HTTP endpoint for data ingestion. Note that only the generic REST LAM properties in azure_classic_lam.conf apply to the Azure Classic LAM; see the LAM and Integration Reference for a full description of all properties.

Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the properties for the REST connection:

    • address: Address on the Moogsoft Onprem server that listens for REST messages. Defaults to all interfaces.

    • port: Port on the Moogsoft Onprem server that listens for Azure Classic messages. Defaults to 48018.

  2. Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:

    • use_ssl: Whether to use SSL certification.

    • path_to_ssl_files: Path to the directory that contains the SSL certificates.

    • ssl_key_filename: The SSL server key file.

    • ssl_cert_filename: The SSL root CA file.

    • ssl_protocols: Sets the allowed SSL protocols.

  3. Configure the LAM behavior:

    • num_threads: Number of worker threads to use when processing requests.

    • rest_response_mode: When to send a REST response. See the LAM and Integration Reference for the options.

    • rpc_response_timeout: Number of seconds to wait for a REST response.

    • event_ack_mode: When Moogfarmd acknowledges events from the REST LAM during the event processing pipeline.

    • accept_all_json: Allows the LAM to read and process all forms of JSON.

    • lists_contain_multiple_events: Whether Moogsoft Onprem interprets a JSON list as multiple events.

  4. Optionally configure the LAM identification and capture logging details:

    • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Onprem ingests from this LAM.

    • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  5. Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.

  6. Optionally configure the process logging details:

    • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Unsupported Properties

Windows Azure classic alerts do not support client authentication. Do not uncomment or change the following properties:

  • use_client_certificates

  • client_ca_filename

  • auth_token or encrypted_auth_token

  • header_auth_token or encrypted_header_auth_token

  • authentication_type

  • authentication_cache

Example

The following example demonstrates an Azure Classic LAM configuration.

monitor:
{
    name                           : "Azure Classic LAM",
    class                          : "CRestMonitor",
    port                           : 48018,
    address                        : "0.0.0.0",
    use_ssl                        : false,
    #path_to_ssl_files             : "config",
    #ssl_key_filename              : "server.key",
    #ssl_cert_filename             : "server.pem",
    #use_client_certificates       : false,
    #client_ca_filename            : "ca.crt",
    #auth_token                    : "my_secret",
    #encrypted_auth_token          : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
    #header_auth_token             : "my_secret",
    #encrypted_header_auth_token   : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
    #ssl_protocols                 : [ "TLSv1.2" ],
    authentication_type            : "none",
    authentication_cache           : true,
    accept_all_json                : true,
    lists_contain_multiple_events  : true,
    num_threads                    : 5,
    rest_response_mode             : "on_receipt",
    rpc_response_timeout           : 20,
    event_ack_mode                 : "queued_for_processing"
},
agent:
{
    name                           : "Azure (Classic)",
    capture_log                    : "$MOOGSOFT_HOME/log/data-capture/azure_classic_lam.log"
},
log_config:
{
    configuration_file             : "$MOOGSOFT_HOME/config/logging/azure_classic_lam_log.json"
},

Configure for High Availability

Configure the Azure Classic LAM for high availability if required. See High Availability Overview for details.

Configure LAMbot Processing

The Azure Classic LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example Azure Classic LAM filter configuration is shown below.

filter:
{       
    presend: "AzureClassicLam.js",
    modules: [ "CommonUtils.js" ]
}

Map LAM Properties

By default the following Azure Classic event properties map to the following Moogsoft Onprem Azure Classic LAM properties. You can configure custom mappings in the Azure Classic LAMbot.

Azure Classic Event Property

Azure Classic LAM Event Property

context.resourceRegion::context.resourceGroupName:

:context.resourceType::context.resourceName::context.name

signature

context.resourceId

source_id

context.id

external_id

context.resourceGroupName

manager

context.resourceName

source

context.resourceType

class

Azure Classic LAM

agent

context.conditionType

type

2

severity

context.name - context.description

description

context.timestamp

agent_time

The overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft Onprem alerts:

Azure Classic Event Property

Azure Classic LAM Event Property

context

eventDetails.context

properties

eventDetails.properties

status

eventDetails.status

Start and Stop the LAM

Restart the Azure Classic LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is azureclassiclamd.

See Control Moogsoft Onprem Processes for the commands to start, stop and restart the LAM.

You can use a GET request to check the status of the Azure Classic LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.

Configure Azure

After you have the Azure Classic LAM running and listening for incoming requests, you can configure a webhook in Azure. See "Configure Azure" in Azure Classic.

In this section: