Not that i've lots of visualizations, but as i said before, i use this not only as a knowlodge share 'platform' and an hobbie, but also as my notebook :)
I've been self challanged to send or integrate if you like, some Check_MK alerts with OMS Log Analytics.
So, i've decided to give it a shot.
The scenario was to send all Check_MK alerts to OMS Log Analytics and later make some analysis about that, and other data that i'm already sending there (i'll make a post about it later - something about Powershell + MSSQL data -> Azure) - Perhaps tomorow i'll post it here.
So - Check_MK has a notifications system almost like Operations Manager.
It's very flexible about what you want to notificate and whom.
You might want to read it a little more here:
http://mathias-kettner.com/checkmk_flexible_notifications.html
After googling a bit, a came across with an article about posting data using the HTTP Data Collector API, where it has a bunch of examples about how to post data to OMS - check it here :
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api
Resuming a little bit, basically your input data needs to be like this :
{
"property1": "value1",
" property 2": "value2"
" property 3": "value3",
" property 4": "value4"
}
So, after knowing this, this is the Check_MK notification script i came up with (Python):
#!/usr/bin/env python
import os, sys, time, subprocess, json, requests, datetime, hashlib, hmac, base64
# HTTP/HTTPS Proxies - If you need some ... #
os.environ["HTTP_PROXY"] = 'http://:/'
os.environ["HTTPS_PROXY"] = 'https://:/'
# OMS Related Variables #
customer_id = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
shared_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
log_type = 'Your_Custom_Log_Name'
# OMS Related Functions #
# Build the API signature
def build_signature(customer_id, shared_key, date, content_length, method, content_type, resource):
x_headers = 'x-ms-date:' + date
string_to_hash = method + "\n" + str(content_length) + "\n" + content_type + "\n" + x_headers + "\n" + resource
bytes_to_hash = bytes(string_to_hash).encode('utf-8')
decoded_key = base64.b64decode(shared_key)
encoded_hash = base64.b64encode(hmac.new(decoded_key, bytes_to_hash, digestmod=hashlib.sha256).digest())
authorization = "SharedKey {}:{}".format(customer_id,encoded_hash)
return authorization
# Build and send a request to the POST API
def post_data(customer_id, shared_key, body, log_type):
method = 'POST'
content_type = 'application/json'
resource = '/api/logs'
rfc1123date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
content_length = len(body)
signature = build_signature(customer_id, shared_key, rfc1123date, content_length, method, content_type, resource)
uri = 'https://' + customer_id + '.ods.opinsights.azure.com' + resource + '?api-version=2016-04-01'
headers = {
'content-type': content_type,
'Authorization': signature,
'Log-Type': log_type,
'x-ms-date': rfc1123date
}
response = requests.post(uri,data=body, headers=headers)
if (response.status_code >= 200 and response.status_code <= 299):
print 'Accepted'
else:
print "Response code: {}".format(response.status_code)
# MK Alert Handling #
MK_HOSTNAME = os.environ['NOTIFY_HOSTNAME']
MK_DESCRIPTION = os.environ['NOTIFY_SERVICEOUTPUT']
MK_PLUGIN_OUTPUT = os.environ['NOTIFY_SERVICEDESC']
MK_LAST_STATE_CHANGE = time.strftime("%Y-%m-%d %H:%M:%S")
MK_SERVICESTATE = os.environ['NOTIFY_SERVICESTATE']
MK_HOST_IP = NEW_INFO.split(",")[0]
MK_DATACENTER = NEW_INFO.split(",")[1]
MK_TEAM = NEW_INFO.split(",")[2]
MK_VENDOR = NEW_INFO.split(",")[3].replace('\n','')
MK_JSON_OUTPUT = json.dumps([{'mk_hostname': MK_HOSTNAME, 'mk_description': MK_DESCRIPTION, 'mk_plugin_output': MK_PLUGIN_OUTPUT, 'mk_last_state_chage': MK_LAST_STATE_CHANGE, 'mk_servicestate': MK_SERVICESTATE }])
post_data(customer_id, shared_key, MK_JSON_OUTPUT, log_type)
After yout get this as an active notification method on your Check_MK site, you'll start to see data getting in OMS like :
This is really nice to have - the OMS analytics engine is awesome and gives you a lot of possibilities.
Obiously, you might want to use the above example on anything you want to, so, your imagination could simply adapt this to your own case scenario.
Hope you all like this thread, and i promise to post things here more frequently.
Cheers,
No comments:
Post a Comment