johnybradshaw/AzureLogCreator.py

## AzureLogCreator.py
import json
import requests
import datetime
import hashlib
import hmac
import base64

# Update the customer ID to your Log Analytics workspace ID
customer_id = 'XXXXXXXXXXXXXXXXXX'

# For the shared key, use either the primary or the secondary Connected Sources client authentication key
shared_key = "XXXXXXXXXXXXXXXXXX"

# The log type is the name of the event that is being submitted
log_type = 'SkytapAuditLog'

# An example JSON web monitor object
json_data = [{
  "version": 1,
  "message_id": "456",
  "category": "auditing",
  "timestamp": "2000-01-01T00:00:00Z",
  "Payload": [{
    "id": 98765432,
    "type": "Shutdown Environment",
    "type_code": "ShutdownConfigurationHistory",
    "date": "2019-01-27T12:34:56Z",
    "region": "us-east",
    "payload": {},
    "user": {"id": "null", "name": "auto_power_options"},
    "department": {"id": "null", "name": "null"},
    "project": {"id": "null", "name": "null"},
    "operation_id": "trn.a1b2c3456d78987654ef3edc210b1234.56789.876/trn.5a5432b10c1d234567ef8e9d8cb7654a.3210.123.4",
    "customer": {"id": "666", "name": "Administrators"},
    "operated_on": [
      {"resource_type": "environment", "name": "Jason VM", "id": 9876543, "guid": "configuration-1234567"},
      {"resource_type": "vm", "name": "Ubuntu 10.04 desktop", "id": 2832140, "guid": "vm-1234567-8987654"}
    ]
  }]
}
]
body = json.dumps(json_data)

#####################
######Functions######
#####################

# Build the API signature
def build_signature(customer_id, shared_key, date, content_length, method, content_type, resource):
    x_headers = 'x-ms-date:' + date
    string_to_hash = method + "\n" + str(content_length) + "\n" + content_type + "\n" + x_headers + "\n" + resource
    bytes_to_hash = bytes(string_to_hash).encode('utf-8')
    decoded_key = base64.b64decode(shared_key)
    encoded_hash = base64.b64encode(hmac.new(decoded_key, bytes_to_hash, digestmod=hashlib.sha256).digest())
    authorization = "SharedKey {}:{}".format(customer_id,encoded_hash)
    return authorization

# Build and send a request to the POST API
def post_data(customer_id, shared_key, body, log_type):
    method = 'POST'
    content_type = 'application/json'
    resource = '/api/logs'
    rfc1123date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
    content_length = len(body)
    signature = build_signature(customer_id, shared_key, rfc1123date, content_length, method, content_type, resource)
    uri = 'https://' + customer_id + '.ods.opinsights.azure.com' + resource + '?api-version=2016-04-01'

    headers = {
        'content-type': content_type,
        'Authorization': signature,
        'Log-Type': log_type,
        'x-ms-date': rfc1123date
    }

    response = requests.post(uri,data=body, headers=headers)
    if (response.status_code >= 200 and response.status_code <= 299):
        print 'Accepted'
    else:
        print "Response code: {}".format(response.status_code)

post_data(customer_id, shared_key, body, log_type)
	import json
	import requests
	import datetime
	import hashlib
	import hmac
	import base64

	# Update the customer ID to your Log Analytics workspace ID
	customer_id = 'XXXXXXXXXXXXXXXXXX'

	# For the shared key, use either the primary or the secondary Connected Sources client authentication key
	shared_key = "XXXXXXXXXXXXXXXXXX"

	# The log type is the name of the event that is being submitted
	log_type = 'SkytapAuditLog'

	# An example JSON web monitor object
	json_data = [{
	"version": 1,
	"message_id": "456",
	"category": "auditing",
	"timestamp": "2000-01-01T00:00:00Z",
	"Payload": [{
	"id": 98765432,
	"type": "Shutdown Environment",
	"type_code": "ShutdownConfigurationHistory",
	"date": "2019-01-27T12:34:56Z",
	"region": "us-east",
	"payload": {},
	"user": {"id": "null", "name": "auto_power_options"},
	"department": {"id": "null", "name": "null"},
	"project": {"id": "null", "name": "null"},
	"operation_id": "trn.a1b2c3456d78987654ef3edc210b1234.56789.876/trn.5a5432b10c1d234567ef8e9d8cb7654a.3210.123.4",
	"customer": {"id": "666", "name": "Administrators"},
	"operated_on": [
	{"resource_type": "environment", "name": "Jason VM", "id": 9876543, "guid": "configuration-1234567"},
	{"resource_type": "vm", "name": "Ubuntu 10.04 desktop", "id": 2832140, "guid": "vm-1234567-8987654"}
	]
	}]
	}
	]
	body = json.dumps(json_data)

	#####################
	######Functions######
	#####################

	# Build the API signature
	def build_signature(customer_id, shared_key, date, content_length, method, content_type, resource):
	x_headers = 'x-ms-date:' + date
	string_to_hash = method + "\n" + str(content_length) + "\n" + content_type + "\n" + x_headers + "\n" + resource
	bytes_to_hash = bytes(string_to_hash).encode('utf-8')
	decoded_key = base64.b64decode(shared_key)
	encoded_hash = base64.b64encode(hmac.new(decoded_key, bytes_to_hash, digestmod=hashlib.sha256).digest())
	authorization = "SharedKey {}:{}".format(customer_id,encoded_hash)
	return authorization

	# Build and send a request to the POST API
	def post_data(customer_id, shared_key, body, log_type):
	method = 'POST'
	content_type = 'application/json'
	resource = '/api/logs'
	rfc1123date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
	content_length = len(body)
	signature = build_signature(customer_id, shared_key, rfc1123date, content_length, method, content_type, resource)
	uri = 'https://' + customer_id + '.ods.opinsights.azure.com' + resource + '?api-version=2016-04-01'

	headers = {
	'content-type': content_type,
	'Authorization': signature,
	'Log-Type': log_type,
	'x-ms-date': rfc1123date
	}

	response = requests.post(uri,data=body, headers=headers)
	if (response.status_code >= 200 and response.status_code <= 299):
	print 'Accepted'
	else:
	print "Response code: {}".format(response.status_code)

	post_data(customer_id, shared_key, body, log_type)