Introduction
This article will explain to you how to monitor any Azure service via Orion API Polling. Orion inbuild Azure PaaS monitoring does not support Azure kay vault monitoring. So we will use one of the Azure API poller templates to amend and get monitoring success.
We will use the mechanism of Azure REST API to get the metrics from Azure
refer to these articles for more information
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftkeyvaultvaults
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/rest-api-walkthrough#retrieve-metric-definitions
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported
only below API pollers are available in Orion
Instructions
Configure Azure App Registration
1. login to https://portal.azure.com/
2. Search App Registration and click on it.
3. click new registration
4. Enter in the name of the Application and leave other values default
5. Once into the Overview page of the application. Take note of the "Application (Client) ID" value as this will be used later in this article.
6. Click "Certificates & secrets" under Manage in the left column
7. Under Client Secrets click "New client secret"
8. Take note of the "Value" as it will only show once. This value will be used later in the article.
9. Click API permissions under Manage on the left column. This is where we will allow what can be accessed by this application when it is polled via API.
10. For this example we will use the Azure App Service API Poller which comes out of the box within Solarwinds. The link below shows what permissions are needed for the Azure API pollers.
https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-authorization.htm
11. Click Add permission which will bring a window up on the right.
12. Click Microsoft Graph
13. Click "Application Permissions"
14 . select report.read.all
15. Select ServiceHealth.Read.All
16. click Add Permissions
17. you will see "User Not granted permission"
18. if you want to grant organization-wide permissions. please click "Grant Admin Consent"
19. Next we will need to grab the Tenant ID. This is the GUID for the Azure tenant.
20. Search "tenant properties" in the Azure search bar and click Tenant Properties.
21. Copy the value under "Tenant ID"
Configure API pollers in Solarwind Orion
1. Go into the Node details page of the node you would like to assign this API poller to
2. In the management pane. Click API Poller Management then Assign.
3. select "Azure App Service" API Poller and click next
4. Select Authorization as OAuth 2.0
5. Click create new credentials
6. Enter the description of the credential. (For example, I am monitoring Azure Key Vault)
7. Copy/paste the Client ID value from step 5 above.
8. Copy/paste the Client secret value from step 8 above.
9. The Access Token URL will be in this format. Copy the Tenant ID notated in step 22 above and enter in place of <tenant id>. Then copy-paste into the Access Token URL field https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
10. scope is https://management.azure.com/.default
(refer this article for more information: https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm)
11. Click Assign Pollers
12. once it successfully applied click Microsoft Azure App Services link
Provide permission to Key vault
1. Go to the Azure key vault you want to monitor
2. Click Access control
3. Click Add >> Add role assignment
4. select reader and click next
5. select User, Group or Service principle and select the Members
6. Search the App registration name you created before
7. review and assign the app permission
Configure Azure Key Vault Metrics in Orion API Pollers (As an example I will show you how to monitor Azure Key Vault)
1. Edit the name as "Microsoft Azure Key Vault Monitor"
2. remove the request URL
3. remove all default created monitoring values
3. provide the new request URL as edited below
(refer https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm to how to get {SUBSCRIPTION_ID}, {USERGROUP_ID} and {APP_NAME})
providers/Microsoft.KeyVault/vaults/${APP_NAME} : change the provider as per your monitoring requirement
https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames={Metric1},{Metric2},{Metric3},{Metric4},{Metric5},{Metric6},{Metric7}=Average,Total&api-version=2018-01-01
add Metric values as per your monitoring requirement. (refer: docs.microsoft.com/.../metrics-supported
example URI:
https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames=Availability,ServiceApiHit,ServiceApiLatency,ServiceApiResult&aggregation=Average,Total&api-version=2018-01-01
4. Monitoring Parameters:
Availability
ServiceApiHit
ServiceApiLatency
ServiceApiResult
5. Send request button will display the API result with response status code 200
6. Extract the value (4 values we monitor)
7. open Value 0
8. you will see the value and unit of metric the API poller polling
9. expand the time series and expand the values of metadata
10. Click the monitor button next to average
11. Provide an appropriate name click save
12. execute the same for other metrics
13. save the Monitor