Last active
January 15, 2016 17:17
-
-
Save jeffpatton1971/e7130f6490a2074a7ccb to your computer and use it in GitHub Desktop.
This is my take of the onboarding code for network security groups. There is no armclient dependency, but you will need the latest Azure Powershell Cmdlets installed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param | |
| ( | |
| [string]$StorageAccountName, | |
| [string]$StorageAccountResourceGroup | |
| ) | |
| try | |
| { | |
| $ErrorActionPreference = "Stop" | |
| $Error.Clear() | |
| $StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $StorageAccountResourceGroup -Name $StorageAccountName | |
| $NetworkSecurityGroups = Get-AzureRmNetworkSecurityGroup | |
| foreach ($NetworkSecurityGroup in $NetworkSecurityGroups) | |
| { | |
| $DiagnosticSettings = Get-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id | |
| if ($DiagnosticSettings.StorageAccountId -eq $null) | |
| { | |
| if($NetworkSecurityGroup.ResourceGroupName.Contains($StorageAccountResourceGroup)) | |
| { | |
| Set-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id -StorageAccountId $StorageAccount.Id -Enabled $true -Categories 'NetworkSecurityGroupEvent','NetworkSecurityGroupRuleCounter' | |
| } | |
| } | |
| } | |
| } | |
| catch | |
| { | |
| Write-Output $Error | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param | |
| ( | |
| [string]$WorkspaceName | |
| ) | |
| function connect-monitorableToWorkspace { | |
| Param( | |
| [psobject] $monitorable, | |
| [psobject] $workspace | |
| ) | |
| [string]$storageAccountId = $monitorable.diagnostics.storageAccountId | |
| [array]$storageAccountParts = $storageAccountId.Split("/"); | |
| $storageProvider = $storageAccountParts[$storageAccountParts.Count - 3]; | |
| $storageAccountName = $storageAccountParts[$storageAccountParts.Count - 1]; | |
| # moved to top since we need the key for set-azurermopinsight cmdlet | |
| $StorageAccountResource = Get-AzureRmResource -ResourceId $storageAccountId | |
| $Keys = Get-AzureRmStorageAccountKey -ResourceGroupName $StorageAccountResource.ResourceGroupName -Name $StorageAccountResource.Name | |
| $accountKey = $Keys.Key1 | |
| $logsToCollect = $monitorable.diagnostics.logs | |
| # get existing config from workspace | |
| write-host "Getting existing configuration from workspace" | |
| [array]$existingInsights = Get-AzureRmOperationalInsightsStorageInsight -ResourceGroupName $Workspace.ResourceGroupName -WorkspaceName $Workspace.Name | |
| if ($existingInsights) { | |
| $existingInsights = $existingInsights | ? { $_.StorageAccountResourceId.Trim() -eq $storageAccountId.Trim() } | |
| } | |
| [array]$featureContainers = @() | |
| foreach($log in $logsToCollect) { | |
| if($log.enabled) { | |
| $featureContainers += ("insights-logs-" + $log.category.ToLower() + "/resourceId=" + $monitorable.resource.ResourceId.ToUpper()) | |
| } | |
| } | |
| if($featureContainers.Count -eq 0) | |
| { | |
| write-host "Logging is not enabled for this resource. Please enable logging before running this script." | |
| return | |
| } | |
| if($existingInsights -and $existingInsights.Count -gt 0) { | |
| write-host "Storage account already being monitored.`n" | |
| [boolean]$dirty = $false; | |
| $existingInsight = $existingInsights[0] | |
| [array]$containers = $existingInsight.Containers | |
| foreach($feature in $featureContainers) { | |
| if($containers -notcontains $feature) { | |
| $containers += $feature | |
| $dirty = $true; | |
| write-host "Adding Container: $feature"; | |
| }else{ | |
| write-host "Already Configured: $feature"; | |
| } | |
| } | |
| if($dirty -eq $true) { | |
| #$saveUrl = $existingInsight.ResourceId + "?api-version=2015-03-20" | |
| $updatedInsightConfig = @{ | |
| id = $existingInsight.ResourceId | |
| type = "Microsoft.OperationalInsights/workspaces/storageinsightconfigs" | |
| name = $existingInsight.name | |
| properties = @{ | |
| containers = $containers | |
| storageAccount = $existingInsight.StorageAccountResourceId | |
| } | |
| } | |
| $saveContent = $updatedInsightConfig | ConvertTo-Json | |
| write-host "`nSaving updated configuration:`r`n$saveContent`n`n" | |
| Set-AzureRmOperationalInsightsStorageInsight -Workspace $Workspace -Name $existingInsight.name -StorageAccountKey $AccountKey -Containers $Containers | |
| write-host "`n`nAll done updating existing!" | |
| } else { | |
| write-host "`n`nNothing to connect" | |
| } | |
| } else { | |
| write-host "Storage account not being monitored.`n" | |
| $insightId = $workspace.ResourceId + "/storageInsightConfigs/" + $storageAccountName + $workspace.ResourceName | |
| write-host "Retrieving storage account keys`n" | |
| write-host "`tFoundKey:$accountKey" | |
| $storageAccountConfig = @{ | |
| id = $storageAccountId | |
| key = $accountKey | |
| } | |
| $newInsightConfig = @{ | |
| id = $insightId | |
| type = "Microsoft.OperationalInsights/workspaces/storageinsightconfigs" | |
| name = $storageAccountName + $workspace.name | |
| properties = @{ | |
| containers = $featureContainers | |
| storageAccount = $storageAccountConfig | |
| } | |
| } | |
| #$saveUrl = $insightId + "?api-version=2015-03-20" | |
| $saveContent = $newInsightConfig | ConvertTo-Json -Compress | |
| write-host "`nSaving Storage Insight Configuration to workspace:`n`n$saveContent`n`n" | |
| New-AzureRmOperationalInsightsStorageInsight -Workspace $Workspace -Name $newInsightConfig.name -StorageAccountResourceId $storageAccountId -StorageAccountKey $accountkey -Containers $Containers | |
| write-host "`n`nAll done creating new!" | |
| } | |
| } | |
| if (!(Get-AzureAccount)) | |
| { | |
| Login-AzureRmAccount | |
| } | |
| $Subscription = Get-AzureSubscription | |
| #Write-Output $Subscription | |
| $AzureResources = Get-AzureRmResource |Where-Object -Property ResourceType -Like "microsoft.network/networkSecurityGroups" |Select-Object -Property ResourceId, ResourceName, ResourceType, Location | |
| #Write-Output $AzureResources | |
| $OmsResources = @() | |
| Foreach ($AzureResource in $AzureResources) | |
| { | |
| $AzureDiagnosticSetting = Get-AzureRmDiagnosticSetting -ResourceId $AzureResource.ResourceId | |
| if ($AzureDiagnosticSetting.StorageAccountId) | |
| { | |
| $OmsResources += @{ resource = $AzureResource; diagnostics = $AzureDiagnosticSetting } | |
| } | |
| } | |
| #Write-Output $OmsResources | |
| $Workspaces = Get-AzureRmResource |Where-Object -Property ResourceType -eq "Microsoft.OperationalInsights/workspaces" | |
| $Workspace = $Workspaces |Where-Object -Property ResourceName -EQ $WorkspaceName | |
| #Write-Output $Workspace | |
| Foreach ($OmsResource in $OmsResources) | |
| { | |
| connect-monitorableToWorkspace -monitorable $OmsResource -workspace $workspace | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You will need to enable your network security groups first, there is a sample script of how to do this en masse attached to this gist. Once that is done, you should be able to run the onboarding script passing in just the name of your workspace in OMS. I don't force a login to azure as I'm usually always logged in, so the test at the top may not work properly.