Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This is my take of the onboarding code for network security groups. There is no armclient dependency, but you will need the latest Azure Powershell Cmdlets installed.
Param
(
[string]$StorageAccountName,
[string]$StorageAccountResourceGroup
)
try
{
$ErrorActionPreference = "Stop"
$Error.Clear()
$StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $StorageAccountResourceGroup -Name $StorageAccountName
$NetworkSecurityGroups = Get-AzureRmNetworkSecurityGroup
foreach ($NetworkSecurityGroup in $NetworkSecurityGroups)
{
$DiagnosticSettings = Get-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id
if ($DiagnosticSettings.StorageAccountId -eq $null)
{
if($NetworkSecurityGroup.ResourceGroupName.Contains($StorageAccountResourceGroup))
{
Set-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id -StorageAccountId $StorageAccount.Id -Enabled $true -Categories 'NetworkSecurityGroupEvent','NetworkSecurityGroupRuleCounter'
}
}
}
}
catch
{
Write-Output $Error
}
Param
(
[string]$WorkspaceName
)
function connect-monitorableToWorkspace {
Param(
[psobject] $monitorable,
[psobject] $workspace
)
[string]$storageAccountId = $monitorable.diagnostics.storageAccountId
[array]$storageAccountParts = $storageAccountId.Split("/");
$storageProvider = $storageAccountParts[$storageAccountParts.Count - 3];
$storageAccountName = $storageAccountParts[$storageAccountParts.Count - 1];
# moved to top since we need the key for set-azurermopinsight cmdlet
$StorageAccountResource = Get-AzureRmResource -ResourceId $storageAccountId
$Keys = Get-AzureRmStorageAccountKey -ResourceGroupName $StorageAccountResource.ResourceGroupName -Name $StorageAccountResource.Name
$accountKey = $Keys.Key1
$logsToCollect = $monitorable.diagnostics.logs
# get existing config from workspace
write-host "Getting existing configuration from workspace"
[array]$existingInsights = Get-AzureRmOperationalInsightsStorageInsight -ResourceGroupName $Workspace.ResourceGroupName -WorkspaceName $Workspace.Name
if ($existingInsights) {
$existingInsights = $existingInsights | ? { $_.StorageAccountResourceId.Trim() -eq $storageAccountId.Trim() }
}
[array]$featureContainers = @()
foreach($log in $logsToCollect) {
if($log.enabled) {
$featureContainers += ("insights-logs-" + $log.category.ToLower() + "/resourceId=" + $monitorable.resource.ResourceId.ToUpper())
}
}
if($featureContainers.Count -eq 0)
{
write-host "Logging is not enabled for this resource. Please enable logging before running this script."
return
}
if($existingInsights -and $existingInsights.Count -gt 0) {
write-host "Storage account already being monitored.`n"
[boolean]$dirty = $false;
$existingInsight = $existingInsights[0]
[array]$containers = $existingInsight.Containers
foreach($feature in $featureContainers) {
if($containers -notcontains $feature) {
$containers += $feature
$dirty = $true;
write-host "Adding Container: $feature";
}else{
write-host "Already Configured: $feature";
}
}
if($dirty -eq $true) {
#$saveUrl = $existingInsight.ResourceId + "?api-version=2015-03-20"
$updatedInsightConfig = @{
id = $existingInsight.ResourceId
type = "Microsoft.OperationalInsights/workspaces/storageinsightconfigs"
name = $existingInsight.name
properties = @{
containers = $containers
storageAccount = $existingInsight.StorageAccountResourceId
}
}
$saveContent = $updatedInsightConfig | ConvertTo-Json
write-host "`nSaving updated configuration:`r`n$saveContent`n`n"
Set-AzureRmOperationalInsightsStorageInsight -Workspace $Workspace -Name $existingInsight.name -StorageAccountKey $AccountKey -Containers $Containers
write-host "`n`nAll done updating existing!"
} else {
write-host "`n`nNothing to connect"
}
} else {
write-host "Storage account not being monitored.`n"
$insightId = $workspace.ResourceId + "/storageInsightConfigs/" + $storageAccountName + $workspace.ResourceName
write-host "Retrieving storage account keys`n"
write-host "`tFoundKey:$accountKey"
$storageAccountConfig = @{
id = $storageAccountId
key = $accountKey
}
$newInsightConfig = @{
id = $insightId
type = "Microsoft.OperationalInsights/workspaces/storageinsightconfigs"
name = $storageAccountName + $workspace.name
properties = @{
containers = $featureContainers
storageAccount = $storageAccountConfig
}
}
#$saveUrl = $insightId + "?api-version=2015-03-20"
$saveContent = $newInsightConfig | ConvertTo-Json -Compress
write-host "`nSaving Storage Insight Configuration to workspace:`n`n$saveContent`n`n"
New-AzureRmOperationalInsightsStorageInsight -Workspace $Workspace -Name $newInsightConfig.name -StorageAccountResourceId $storageAccountId -StorageAccountKey $accountkey -Containers $Containers
write-host "`n`nAll done creating new!"
}
}
if (!(Get-AzureAccount))
{
Login-AzureRmAccount
}
$Subscription = Get-AzureSubscription
#Write-Output $Subscription
$AzureResources = Get-AzureRmResource |Where-Object -Property ResourceType -Like "microsoft.network/networkSecurityGroups" |Select-Object -Property ResourceId, ResourceName, ResourceType, Location
#Write-Output $AzureResources
$OmsResources = @()
Foreach ($AzureResource in $AzureResources)
{
$AzureDiagnosticSetting = Get-AzureRmDiagnosticSetting -ResourceId $AzureResource.ResourceId
if ($AzureDiagnosticSetting.StorageAccountId)
{
$OmsResources += @{ resource = $AzureResource; diagnostics = $AzureDiagnosticSetting }
}
}
#Write-Output $OmsResources
$Workspaces = Get-AzureRmResource |Where-Object -Property ResourceType -eq "Microsoft.OperationalInsights/workspaces"
$Workspace = $Workspaces |Where-Object -Property ResourceName -EQ $WorkspaceName
#Write-Output $Workspace
Foreach ($OmsResource in $OmsResources)
{
connect-monitorableToWorkspace -monitorable $OmsResource -workspace $workspace
}
@jeffpatton1971

This comment has been minimized.

Copy link
Owner Author

commented Jan 15, 2016

You will need to enable your network security groups first, there is a sample script of how to do this en masse attached to this gist. Once that is done, you should be able to run the onboarding script passing in just the name of your workspace in OMS. I don't force a login to azure as I'm usually always logged in, so the test at the top may not work properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.