109.4. Azure (im_azure)
This module can be used to collect logs from Microsoft Azure applications.
109.4.1. Storage Setup
Azure web application logging and storage can be configured with the Azure Management Portal.
-
After logging in to the Portal, click New on the left panel, select the Storage category, and choose the Storage account - blob, file, table, queue.
-
Create the new storage account. Provide a storage name, location, and replication type.
-
Click Create Storage Account and wait for storage setup to complete.
-
Go to Apps, select the application for which to enable logging, and click Configure.
-
Scroll down to the application diagnostic section and configure the table and blob storage options corresponding with the storage account created above.
-
Confirm the changes by clicking Save, then restart the service. Note that it may take a while for Azure to create the table and/or blob in the storage.
109.4.2. Configuration
The im_azure module accepts the following directives in addition to the common module directives. The AuthKey and StorageName directives are required, along with either BlobName or TableName.
- AuthKey
-
This mandatory directive specifies the authentication key to use for connecting to Azure.
- BlobName
-
This directive specifies the storage blob to connect to. One of BlobName and TableName must be defined (but not both).
- SSLCompression
-
This Boolean directive allows you to enable data compression when sending data over the network. The compression mechanism is based on the zlib compression library. If the directive is not specified, it defaults to FALSE (the compression is disabled).
NoteSome Linux packages (for example, Debian) use the OpenSSL library provided by the OS and may not support the zlib compression mechanism. The module will emit a warning on startup if the compression support is missing. The generic deb/rpm packages are bundled with a zlib-enabled libssl library.
- StorageName
-
This mandatory directive specifies the name of the storage account from which to collect logs.
- TableName
-
This directive specifies the storage table to connect to. One of BlobName and TableName must be defined (but not both).
- Address
-
This directive specifies the URL for connecting to the storage account and corresponding table or blob. If this directive is not specified, it defaults to
http://<table|blob>.<storagename>.core.windows.net. If defined, the value must start withhttp://orhttps://.
- HTTPSAllowUntrusted
-
This boolean directive specifies that the remote connection should be allowed without certificate verification. If set to TRUE the remote will be able to connect with an unknown or self-signed certificate. The default value is FALSE: all HTTPS connections must present a trusted certificate.
- HTTPSCADir
-
This specifies the path to a directory containing certificate authority (CA) certificates, which will be used to check the certificate of the remote HTTPS client. The certificate filenames in this directory must be in the OpenSSL hashed format. A remote’s self-signed certificate (which is not signed by a CA) can also be trusted by including a copy of the certificate in this directory.
- HTTPSCAFile
-
This specifies the path of the certificate authority (CA) certificate, which will be used to check the certificate of the remote HTTPS client. To trust a self-signed certificate presented by the remote (which is not signed by a CA), provide that certificate instead.
- HTTPSCertFile
-
This specifies the path of the certificate file to be used for the HTTPS handshake.
- HTTPSCertKeyFile
-
This specifies the path of the certificate key file to be used for the HTTPS handshake.
- HTTPSCRLDir
-
This specifies the path to a directory containing certificate revocation lists (CRLs), which will be consulted when checking the certificate of the remote HTTPS client. The certificate filenames in this directory must be in the OpenSSL hashed format.
- HTTPSCRLFile
-
This specifies the path of the certificate revocation list (CRL) which will be consulted when checking the certificate of the remote HTTPS client.
- HTTPSKeyPass
-
With this directive, a password can be supplied for the certificate key file defined in HTTPSCertKeyFile. This directive is not needed for passwordless private keys.
- HTTPSRequireCert
-
This boolean directive specifies that the remote HTTPS client must present a certificate. If set to TRUE and there is no certificate presented during the connection handshake, the connection will be refused. The default value is TRUE: each connection must use a certificate.
- HTTPSSSLProtocol
-
This directive can be used to set the allowed SSL/TLS protocol(s). It takes a comma-separated list of values which can be any of the following:
SSLv2,SSLv3,TLSv1,TLSv1.1, andTLSv1.2. By default, the TLSv1, TLSv1.2, and TLSv1.2 protocols are allowed. Note that the OpenSSL library shipped by Linux distributions may not support SSLv2 and SSLv3, in which case these will not work even if enabled with HTTPSSSSLProtocol.
- PollInterval
-
This directive specifies how frequently the module will check for new events, in seconds. If this directive is not specified, it defaults to 1 second. Fractional seconds may be specified (
PollInterval 0.5will check twice every second).
109.4.3. Fields
The following fields are used by im_azure.
$raw_event(type: string)-
The raw string from the event.
$EventTime(type: datetime)-
The timestamp of the event.
$ProcessID(type: integer)-
The ID of the process which generated the event.
$Severity(type: string)-
The severity of the event, if available. The severity is mapped as follows.
Azure Severity Normalized Severity Critical
5/CRITICAL
Warning
3/WARNING
Information
2/INFO
Verbose
1/DEBUG
$SourceName(type: string)-
The name of the application which generated the event, if available.
$ThreadID(type: integer)-
The ID of the thread which generated the event.