How to monitor any Azure services using API polling

Introduction

This article will explain to you how to monitor any Azure service via Orion API Polling. Orion inbuild Azure PaaS monitoring does not support Azure kay vault monitoring. So we will use one of the Azure API poller templates to amend and get monitoring success.

We will use the mechanism of Azure REST API to get the metrics from Azure

refer to these articles for more information

https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftkeyvaultvaults
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/rest-api-walkthrough#retrieve-metric-definitions
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported

https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-template-guide-intro.htm

only below API pollers are available in Orion

Instructions

Configure Azure App Registration

 

1. login to https://portal.azure.com/

2. Search App Registration and click on it.

3. click new registration

4. Enter in the name of the Application and leave other values default

5. Once into the Overview page of the application. Take note of the "Application (Client) ID" value as this will be used later in this article.

6. Click "Certificates & secrets" under Manage in the left column

7. Under Client Secrets click "New client secret"

8. Take note of the "Value" as it will only show once. This value will be used later in the article.

9. Click API permissions under Manage on the left column. This is where we will allow what can be accessed by this application when it is polled via API.

10. For this example we will use the Azure App Service API Poller which comes out of the box within Solarwinds. The link below shows what permissions are needed for the Azure API pollers.

https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-authorization.htm

 

11. Click Add permission which will bring a window up on the right.

12. Click Microsoft Graph

13. Click "Application Permissions"

14 . select report.read.all

15. Select ServiceHealth.Read.All

16. click Add Permissions

17. you will see "User Not granted permission"

18. if you want to grant organization-wide permissions. please click "Grant Admin Consent"

19. Next we will need to grab the Tenant ID. This is the GUID for the Azure tenant.

20. Search "tenant properties" in the Azure search bar and click Tenant Properties.

21. Copy the value under "Tenant ID"

Configure API pollers in Solarwind Orion

 

1. Go into the Node details page of the node you would like to assign this API poller to

2. In the management pane. Click API Poller Management then Assign.

3.  select "Azure App Service" API Poller and click next

4. Select Authorization as OAuth 2.0

5. Click create new credentials

6. Enter the description of the credential.  (For example, I am monitoring Azure Key Vault)

7. Copy/paste the Client ID value from step 5 above.

8. Copy/paste the Client secret value from step 8 above.

9. The Access Token URL will be in this format. Copy the Tenant ID notated in step 22 above and enter in place of <tenant id>. Then copy-paste into the Access Token URL field https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token

10. scope is https://management.azure.com/.default

(refer this article for more information: https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm)

11. Click Assign Pollers

12. once it successfully applied click Microsoft Azure App Services link 

Provide permission to Key vault

 

1. Go to the Azure key vault you want to monitor

2. Click Access control

3. Click Add >> Add role assignment

4. select reader and click next

5. select User, Group or Service principle and select the Members

6. Search the App registration name you created before

7. review and assign the app permission

Configure Azure Key Vault Metrics in Orion API Pollers (As an example I will show you how to monitor Azure Key Vault)

 

1. Edit the name as "Microsoft Azure Key Vault Monitor"

2. remove the request URL

3. remove all default created monitoring values

3. provide the new request URL as edited below

(refer https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm to how to get {SUBSCRIPTION_ID}, {USERGROUP_ID} and {APP_NAME})

providers/Microsoft.KeyVault/vaults/${APP_NAME} : change the provider as per your monitoring requirement

https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames={Metric1},{Metric2},{Metric3},{Metric4},{Metric5},{Metric6},{Metric7}=Average,Total&api-version=2018-01-01

add Metric values as per your monitoring requirement. (refer: docs.microsoft.com/.../metrics-supported

example URI:

https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames=Availability,ServiceApiHit,ServiceApiLatency,ServiceApiResult&aggregation=Average,Total&api-version=2018-01-01

4. Monitoring Parameters:

Availability

ServiceApiHit

ServiceApiLatency

ServiceApiResult


5. Send request button will display the API result with response status code 200

6. Extract the value  (4 values we monitor)

7. open Value 0

8. you will see the value and unit of metric the API poller polling 

9. expand the time series and expand the values of metadata

10. Click the monitor button next to average 

11. Provide an appropriate name click save

12. execute the same for other metrics

13. save the Monitor