From cb2e458a4d0e280e83682619a199ad77e77aab07 Mon Sep 17 00:00:00 2001 From: Greg Oliver Date: Mon, 4 Feb 2019 10:03:06 +0000 Subject: [PATCH 1/2] ignore everything in my test folder --- .gitignore | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1edab45..47c4960 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ # dev environment -test/singleInput.json -test/secrets.json -test/*.txt +test/* deployment/TA-Azure_Monitor deployment/temp modinputs From 2d4592b28dd69256b7fa24ae34784d887976db22 Mon Sep 17 00:00:00 2001 From: Greg Oliver Date: Sat, 10 Aug 2019 10:39:32 +0100 Subject: [PATCH 2/2] new resource types, v1.3.3 --- bin/app/azure_monitor_logs.js | 3 ++- bin/app/logCategories.json | 15 +++++++++++---- bin/app/package.json | 2 +- default/app.conf | 2 +- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/bin/app/azure_monitor_logs.js b/bin/app/azure_monitor_logs.js index 9e5ee9e..a47aa0d 100644 --- a/bin/app/azure_monitor_logs.js +++ b/bin/app/azure_monitor_logs.js @@ -337,7 +337,8 @@ var messageHandler = function (name, data, eventWriter) { var tenantId = (data.tenantId || '').toUpperCase(); // get resourceId if it exists - var resourceId = (data.resourceId || '').toUpperCase(); + // recent additions now use resourceid rather than resourceId + var resourceId = (data.resourceId || data.resourceid || '').toUpperCase(); // get category if it exists var category = (data.category || '').toUpperCase(); diff --git a/bin/app/logCategories.json b/bin/app/logCategories.json index 512f0a1..a8c45be 100644 --- a/bin/app/logCategories.json +++ b/bin/app/logCategories.json @@ -2,6 +2,9 @@ "MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/JOBLOGS":"amdl:auto:acct:jobLogs", "MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/JOBSTREAMS":"amdl:auto:acct:jobStreams", "MICROSOFT.BATCH/BATCHACCOUNTS/SERVICELOG":"amdl:btch:acct:serviceLog", + "MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/KUBE-APISERVER":"amdl:aks:cluster", + "MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/KUBE-AUDIT":"amdl:aks:audit", + "MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/KUBE-CONTROLLER-MANAGER":"amdl:aks:manager", "MICROSOFT.DATALAKEANALYTICS/ACCOUNTS/AUDIT":"amdl:dalk:acct:audit", "MICROSOFT.DATALAKEANALYTICS/ACCOUNTS/REQUESTS":"amdl:dalk:acct:requests", "MICROSOFT.DATALAKESTORE/ACCOUNTS/AUDIT":"amdl:dlst:acct:audit", @@ -11,6 +14,7 @@ "MICROSOFT.KEYVAULT/VAULTS/AUDITEVENT":"amdl:keyv:vaul:auditEvent", "MICROSOFT.LOGIC/WORKFLOWS/WORKFLOWRUNTIME":"amdl:logc:wkfl:workflowRuntime", "MICROSOFT.LOGIC/INTEGRATIONACCOUNTS/INTEGRATIONACCOUNTTRACKINGEVENTS":"amdl:logc:acct:tracking", + "MICROSOFT.NETWORK/AZUREFIREWALLS/AZUREFIREWALLNETWORKRULE":"amdl:net:firewall", "MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/NETWORKSECURITYGROUPEVENT":"amdl:net:nsg:event", "MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/NETWORKSECURITYGROUPRULECOUNTER":"amdl:net:nsg:rule", "MICROSOFT.NETWORK/LOADBALANCERS/LOADBALANCERALERTEVENT":"amdl:net:lb:alert", @@ -18,12 +22,15 @@ "MICROSOFT.NETWORK/APPLICATIONGATEWAYS/APPLICATIONGATEWAYACCESSLOG":"amdl:net:ag:access", "MICROSOFT.NETWORK/APPLICATIONGATEWAYS/APPLICATIONGATEWAYPERFORMANCELOG":"amdl:net:ag:perf", "MICROSOFT.NETWORK/APPLICATIONGATEWAYS/APPLICATIONGATEWAYFIREWALLLOG":"amdl:net:ag:firewall", + "MICROSOFT.NETWORK/VIRTUALNETWORKGATEWAYS/P2SDIAGNOSTICLOG":"amdl:net:vnetgateway", + "MICROSOFT.NETWORK/VIRTUALNETWORKGATEWAYS/IKEDIAGNOSTICLOG":"amdl:net:vnetgateway", "MICROSOFT.SEARCH/SEARCHSERVICES/OPERATIONLOGS":"amdl:srch:srch:operationLogs", "MICROSOFT.SERVERMANAGEMENT/NODES/REQUESTLOGS":"amdl:srvr:node:requestLogs", "MICROSOFT.SERVICEBUS/NAMESPACES/OPERATIONALLOGS":"amdl:sb:ns:operationalLogs", + "MICROSOFT.SQL/SERVERS/DATABASES/QUERYSTORERUNTIMESTATISTICS":"amdl:sql:db:stats", "MICROSOFT.STREAMANALYTICS/STREAMINGJOBS/EXECUTION":"amdl:sa:jobs:execution", "MICROSOFT.STREAMANALYTICS/STREAMINGJOBS/AUTHORING":"amdl:sa:jobs:authoring", - "MICROSOFT.SECURITYGRAPH/ALERT": "amdl:securitygraph:alert", - "MICROSOFT.AADIAM/AUDIT": "amdl:aadal:audit", - "MICROSOFT.AADIAM/SIGNIN": "amdl:aadal:signin" -} \ No newline at end of file + "MICROSOFT.SECURITYGRAPH/ALERT":"amdl:securitygraph:alert", + "MICROSOFT.AADIAM/AUDIT":"amdl:aadal:audit", + "MICROSOFT.AADIAM/SIGNIN":"amdl:aadal:signin" + } \ No newline at end of file diff --git a/bin/app/package.json b/bin/app/package.json index 2104e7f..4d1acb7 100644 --- a/bin/app/package.json +++ b/bin/app/package.json @@ -1,6 +1,6 @@ { "name": "azure_monitor", - "version": "1.3.2", + "version": "1.3.3", "description": "Azure Monitor Addon For Splunk", "main": "azure_diagnostic_logs.js", "dependencies": { diff --git a/default/app.conf b/default/app.conf index cc7323a..d17fd96 100644 --- a/default/app.conf +++ b/default/app.conf @@ -8,7 +8,7 @@ label = Azure Monitor [launcher] author=Greg Oliver description=Azure Monitor - consumes monitoring telemetry, both logs and metrics, for ARM-based Azure resources. -version = 1.3.2 +version = 1.3.3 [package] id=TA-Azure_Monitor