Class: LogStash::Outputs::MicrosoftSentinelOutputInternal::LogstashLoganalyticsOutputConfiguration

Inherits:
Object
  • Object
show all
Defined in:
lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb

Instance Method Summary collapse

Constructor Details

#initialize(client_app_Id, client_app_secret, tenant_id, data_collection_endpoint, dcr_immutable_id, dcr_stream_name, compress_data, create_sample_file, sample_file_path, logger) ⇒ LogstashLoganalyticsOutputConfiguration

Returns a new instance of LogstashLoganalyticsOutputConfiguration.



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 4

def initialize(client_app_Id, client_app_secret, tenant_id, data_collection_endpoint, dcr_immutable_id, dcr_stream_name, compress_data, create_sample_file, sample_file_path, logger)
		@client_app_Id = client_app_Id
    @client_app_secret = client_app_secret
    @tenant_id = tenant_id
    @data_collection_endpoint = data_collection_endpoint
    @dcr_immutable_id = dcr_immutable_id
    @dcr_stream_name = dcr_stream_name
    @logger = logger
 @compress_data = compress_data
 @create_sample_file = create_sample_file
 @sample_file_path = sample_file_path

	# Delay between each resending of a message
    @RETRANSMISSION_DELAY = 2
    @MIN_MESSAGE_AMOUNT = 100
    # Maximum of 1 MB per post to Log Analytics Data Collector API V2. 
    # This is a size limit for a single post. 
    # If the data from a single post that exceeds 1 MB, you should split it.
    @loganalytics_api_data_limit = 1 * 1024 * 1024

    # Taking 4K safety buffer
    @MAX_SIZE_BYTES = @loganalytics_api_data_limit - 10000

    @azure_clouds = {
        "AzureCloud" => {"aad" => "https://login.microsoftonline.com", "monitor" => "https://monitor.azure.com"},
        "AzureChinaCloud" => {"aad" => "https://login.chinacloudapi.cn", "monitor" => "https://monitor.azure.cn"},
        "AzureUSGovernment" => {"aad" => "https://login.microsoftonline.us", "monitor" => "https://monitor.azure.us"}
    }.freeze
end

Instance Method Details

#amount_resizingObject 



107
108
109
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 107

def amount_resizing
    @amount_resizing
end

#amount_resizing=(new_amount_resizing) ⇒ Object 



183
184
185
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 183

def amount_resizing=(new_amount_resizing)
    @amount_resizing = new_amount_resizing
end

#azure_cloudObject 



227
228
229
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 227

def azure_cloud
    @azure_cloud
end

#azure_cloud=(new_azure_cloud) ⇒ Object 



231
232
233
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 231

def azure_cloud=(new_azure_cloud)
    @azure_cloud = new_azure_cloud
end

#client_app_IdObject 



131
132
133
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 131

def client_app_Id
    @client_app_Id
end

#client_app_secretObject 



135
136
137
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 135

def client_app_secret
    @client_app_secret
end

#compress_dataObject 



203
204
205
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 203

def compress_data
    @compress_data
end

#compress_data=(new_compress_data) ⇒ Object 



207
208
209
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 207

def compress_data=(new_compress_data)
    @compress_data = new_compress_data
end

#create_sample_fileObject 



211
212
213
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 211

def create_sample_file
    @create_sample_file
end

#create_sample_file=(new_create_sample_file) ⇒ Object 



215
216
217
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 215

def create_sample_file=(new_create_sample_file)
    @create_sample_file = new_create_sample_file
end

#data_collection_endpointObject 



143
144
145
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 143

def data_collection_endpoint
    @data_collection_endpoint
end

#dcr_immutable_idObject 



147
148
149
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 147

def dcr_immutable_id
    @dcr_immutable_id
end

#dcr_stream_nameObject 



151
152
153
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 151

def dcr_stream_name
    @dcr_stream_name
end

#decrease_factorObject 



127
128
129
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 127

def decrease_factor
    @decrease_factor
end

#decrease_factor=(new_decrease_factor) ⇒ Object 



179
180
181
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 179

def decrease_factor=(new_decrease_factor)
    @decrease_factor = new_decrease_factor
end

#get_aad_endpointObject 



235
236
237
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 235

def get_aad_endpoint
    @azure_clouds[@azure_cloud]["aad"]
end

#get_monitor_endpointObject 



239
240
241
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 239

def get_monitor_endpoint
    @azure_clouds[@azure_cloud]["monitor"]
end

#key_namesObject 



155
156
157
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 155

def key_names
    @key_names
end

#key_names=(new_key_names) ⇒ Object 



171
172
173
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 171

def key_names=(new_key_names)
    @key_names = new_key_names
end

#loggerObject 



123
124
125
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 123

def logger
    @logger
end

#max_itemsObject 



159
160
161
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 159

def max_items
    @max_items
end

#max_items=(new_max_items) ⇒ Object 



187
188
189
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 187

def max_items=(new_max_items)
    @max_items = new_max_items
end

#MAX_SIZE_BYTESObject 



103
104
105
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 103

def MAX_SIZE_BYTES
    @MAX_SIZE_BYTES
end

#MIN_MESSAGE_AMOUNTObject 



167
168
169
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 167

def MIN_MESSAGE_AMOUNT
    @MIN_MESSAGE_AMOUNT
end

#plugin_flush_intervalObject 



163
164
165
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 163

def plugin_flush_interval
    @plugin_flush_interval
end

#plugin_flush_interval=(new_plugin_flush_interval) ⇒ Object 



175
176
177
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 175

def plugin_flush_interval=(new_plugin_flush_interval)
    @plugin_flush_interval = new_plugin_flush_interval
end

#print_missing_parameter_message_and_raise(param_name) ⇒ Object

Raises:

  • (ArgumentError) 


87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 87

def print_missing_parameter_message_and_raise(param_name)
    @logger.error("Missing a required setting for the microsoft-sentinel-log-analytics-logstash-output-plugin output plugin:
  output {
microsoft-sentinel-log-analytics-logstash-output-plugin {
  #{param_name} => # SETTING MISSING
  ...
}
  }
")
    raise ArgumentError, "The setting #{param_name} is required."
end

#proxy_aadObject 



115
116
117
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 115

def proxy_aad
    @proxy_aad
end

#proxy_aad=(new_proxy_aad) ⇒ Object 



191
192
193
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 191

def proxy_aad=(new_proxy_aad)
    @proxy_aad = new_proxy_aad
end

#proxy_endpointObject 



119
120
121
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 119

def proxy_endpoint
    @proxy_endpoint
end

#proxy_endpoint=(new_proxy_endpoint) ⇒ Object 



195
196
197
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 195

def proxy_endpoint=(new_proxy_endpoint)
    @proxy_endpoint = new_proxy_endpoint
end

#RETRANSMISSION_DELAYObject 



99
100
101
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 99

def RETRANSMISSION_DELAY
    @RETRANSMISSION_DELAY
end

#retransmission_timeObject 



111
112
113
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 111

def retransmission_time
    @retransmission_time
end

#retransmission_time=(new_retransmission_time) ⇒ Object 



199
200
201
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 199

def retransmission_time=(new_retransmission_time)
    @retransmission_time = new_retransmission_time
end

#sample_file_pathObject 



219
220
221
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 219

def sample_file_path
    @sample_file_path
end

#sample_file_path=(new_sample_file_path) ⇒ Object 



223
224
225
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 223

def sample_file_path=(new_sample_file_path)
    @sample_file_path = new_sample_file_path
end

#tenant_idObject 



139
140
141
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 139

def tenant_id
    @tenant_id
end

#validate_configurationObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb', line 34

def validate_configuration()
  if @create_sample_file
      begin
          if @sample_file_path.nil?
              print_missing_parameter_message_and_raise("sample_file_path")
          end
          if @sample_file_path.strip == ""
              raise ArgumentError, "The setting sample_file_path cannot be empty"
          end
          begin
              file = java.io.File.new(@sample_file_path)
              if !file.exists
                  raise "Path not exists"
              end
          rescue Exception
              raise ArgumentError, "The path #{@sample_file_path} does not exist."
          end
      end
  else
      required_configs = { "client_app_Id" => @client_app_Id,
                          "client_app_secret" => @client_app_secret,
                          "tenant_id" => @tenant_id,
                          "data_collection_endpoint" => @data_collection_endpoint,
                          "dcr_immutable_id" => @dcr_immutable_id,
                          "dcr_stream_name" => @dcr_stream_name }
      required_configs.each { |name, conf|
          if conf.nil?
              print_missing_parameter_message_and_raise(name)
          end
          if conf.empty?
              raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[client_app_Id, client_app_secret, tenant_id, data_collection_endpoint, dcr_immutable_id, dcr_stream_name]"
          end
      }

      if @retransmission_time < 0
          raise ArgumentError, "retransmission_time must be a positive integer."
      end
      if @max_items < @MIN_MESSAGE_AMOUNT
          raise ArgumentError, "Setting max_items to value must be greater then #{@MIN_MESSAGE_AMOUNT}."
      end
      if @key_names.length > 500
          raise ArgumentError, 'There are over 500 key names listed to be included in the events sent to Azure Loganalytics, which exceeds the limit of columns that can be define in each table in log analytics.'
      end
      if !@azure_clouds.key?(@azure_cloud)
        raise ArgumentError, "The specified Azure cloud #{@azure_cloud} is not supported. Supported clouds are: #{@azure_clouds.keys.join(", ")}."
      end
  end
    @logger.info("Azure Loganalytics configuration was found valid.")
    # If all validation pass then configuration is valid
    return  true
end