Anyone tried to use "Component Monitor Wizard" to monitor Azure Application Gateway before?

What are you trying to monitor about that gateway?
I'm doing some Azure monitoring currently, everything's doable but i've found azure stuff pretty hard

Hi there - I try to monitor the https status, throughput or total request something like that just below.

But I am really scratching my head where to start on.  I even wonder if we can send over the application gateway logs to solarwinds SAM.

and YES - this is quite hard to configure it as it's lack of documentation ( or I don't know how to search them well in here..)

You can use any of the "Script"-type monitors to make an API connection and poll the data, or do the reverse in azure, using a logicapp or simmilar to send API calls or something back to your solarwinds box.

The API monitor feature may be worth a look

For a more SLW-Native solution it might be worth thinking abou what your gateway is passing through, so to speak. Like if you've got a website behind it you can monitor the website with knowledge that this gateway's in the way.

Perhaps you could netpath a IP or port or something as well.

Aside from the logs, there is an Azure App gateway API. you will need to configure an MS GRaph application, grant it permissions, then create the api poller. Currently it looks like the API implementation for the azure app gateways want the token renewed hourly, which is something that I have not found the api poller capable of doing or at least I am unaware of how to configure it to renew a token. Scripting the api call seems to be answer elsewhere - and since SAM is fully capable of scripted components - that might be the answer. Here is the api information from Microsoft. If you happen to create a script or get the api poller please post. I would love to see the answer. This is one of those, it really seems like it should be simple to do, what am I missing....

Application Gateways - Backend Health - REST API (Azure Application Gateway) | Microsoft Learn

marcrobinson Here's a generic-ish start, this does some certificate checking, but i've not really settled on the final output yet. The tough bit IMO is getting the scope right, and afterwards being in a scenario where you've got a uncertain amount of stuff to return. I'm leaning toward custom tables for the lot of em, though you could count the issues and summarize that way to fit neatly within a SAM monitor

### Azure thing check

$SubscriptionID = "xxxxxxxxxxxxxxxxxxxxxxxxxx" #Subscriptionname
$tenantID = "xxxxxxxxxxxxxxxxxxxxxxxxxxx" #Aka DirectoryID
$ClientID = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
$secretID = "xxxxxxxxxxxxxxxxxxxxxxx"
$secret = "xxxxxxxxxxxxxxxxxxxxxxx"

$targetAppSericeURL = "https://management.azure.com/subscriptions/$($SubscriptionID)/providers/Microsoft.Web/certificates?api-version=2022-03-01"

$oauth2URL = "https://login.microsoftonline.com/$($tenantID)/oauth2/v2.0/token" ##OAuth 2.0 token endpoint

    $body = @{
    grant_type = "client_credentials"
    ContentType = 'application/json'
    accept = '*/*'
    client_id = $clientID
    client_secret = $secret
    scope = "https://management.azure.com/.default" ### This is the annoying bit
    }

    $accessToken = Invoke-RestMethod -Method Post -Uri $oauth2URL -Body $body



$bearerAuth = "Bearer $($accessToken.access_token)"
$headers = @{
    Authorization = $bearerAuth
}
$certificates = Invoke-RestMethod -Method GET -Uri $targetAppSericeURL -headers $headers

There's some API poller templates pre-configured for azure in the product but they're buried in the "assign api poller" and look fairly nightmareish to configure to start. You can create a new token at the start of an api poller though so it should be an available option

Thanks to Adam's basic script there and a LOT of Stack Overflow reading I got a script running yesterday that will return the backend health of servers in an App Gateway using the async method of POST followed by GET. I'm going to try and crowbar it into a SAM powershell monitor today. 

I'll report on the results later.

Thanks to Adam's basic script there and a LOT of Stack Overflow reading I got a script running yesterday that will return the backend health of servers in an App Gateway using the async method of POST followed by GET. I'm going to try and crowbar it into a SAM powershell monitor today. 

I'll report on the results later.

Would love to see what you come up with, and also what you've gone with for depositing the data afterwards

Based on what I know about Veeam SAM monitors it should be possible to plug in a server name for individual monitoring, SAM will parse the screen output of a script and that can be used externally. I hope :) 

I'm not 100% sure what you meant, but you can pass servernames in with ${IP} or $arg[0]...[x] etc

I meant pass the Backend server IP as a parameter if you were checking an App Gateway with multiple hosts at the back. My test site just has a single one so it's not important for now. Annoyingly, the script runs fine on my laptop and on the primary poller in PSv7, but I suspect the actual script engine running for the SAM template is stuck on PSv2 as it says on the template page. In which case I'm doomed.

The other thing is you have to run the template against a host, so I'm using my dummy node that I have all the API calls registered against, and I don't know if that is breaking things. Debugging code in the actual template is nigh-on impossible so I need to find out if/where such things are logged so I can see what's failing.

There's a set of logs on the polling engine, I forget the path at the moment, but they're under APM and are then in folders named the ID of each application.

I do find troubleshooting within the component script sections very hard to work with.

If you had like 5 backend server IPs you wanted to pass into the script from SLW you could still use the args, else one API call to GET the ips and a loop to do the other stuff. You might run into the "where do I put dynamic data" problem though.

If your problem is around the -ignorecertificate thing there's a nice block code to dodge that issue.

This particular issue seem to be that the script either isn't running or is running on the wrong version of powershell and the invoke-restmethod calls are failing because the parameters I'm using only came in in PSv6. I'll have a look under APM though, cheers!

I do have the -ignorecertificate thing too, my Veeam monitoring is broken because SW is ignoring its own global settings to ignore certificate errors. SW support haven't been able to fix that one for me

Put this in at the top

if (-not ([System.Management.Automation.PSTypeName]’ServerCertificateValidationCallback’).Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
[ServerCertificateValidationCallback]::Ignore()

Morning Adam,

Thanks for that, but the issue I'm having is that SW can't execute a remote PS script because of the certificate error. It's given me an idea though, the outcome of which will be dictated by how well I understand the way SW handles PS scripts - does it just run them using the default PS engine on the poller or does it have its own more obscure, twisted method...

Hi Fop, yeah that block dodges the certificate error

It uses PSv2 and you can select 32 or 64 bit mode per script

Needs to be updated to PSv5/v7 soon imo

Hmm, this might explain somethings.. Good call.