Setting up Microsoft Azure monitoring
The Microsoft Azure cloud is a big player in the cloud market these days and it’s important to keep an eye on this infrastructure as much as you would your own hardware. In this recipe, we are going to discover how to monitor Azure instances with our Zabbix setup.
Getting ready
For this recipe, we are going to need our Azure cloud with at least one of the following resources in it already.
- Cosmos DB for MongoDB databases
- Microsoft SQL databases
- MySQL servers
- PostgreSQL servers
- Virtual machines
The recipe does not cover how to set up any of these resources, so make sure to do this in advance. We will also need our Zabbix server, which we’ll call lar-book-rocky in this recipe.
How to do it…
For Azure monitoring, we face some of the same techniques as we do for AWS monitoring. It can become a bit daunting if we dive into customization, but setting up the initial monitoring is a lot easier than it looks. Let’s check it out:
- With Azure monitoring, first we are going to need to set up our authentication correctly. To do so, navigate to portal.azure.com and log in.
- In the search bar, search for
Enterprise applicationsand select it from the list. Click on New application:
Figure 13.17 – Azure enterprise application creation
- Then click on Create your own application:
Figure 13.18 – Azure enterprise application creation – creating your own application
- This is where we have to name our application. Name it something appropriate, as seen in the following screenshot:
Figure 13.19 – Azure enterprise application creation – setting the name of your application
- Then click Create at the bottom of the page to finish creating a new empty application. It will show you the application ID on this page. Make sure to write it down as we will need it later:
Figure 13.20 – Azure enterprise application overview page
- With the application created, let’s immediately dive into setting up the credentials for it. To do so, use the Azure search bar at the top and search for
Azure Active Directory, then select it from the list. - In the left-hand sidebar, you should see App registrations. We are going to create a new registration, so click on New registration:
Figure 13.21 – Azure enterprise application – App registrations
- Simply give your registration a new name and keep the rest of the settings as the default:
Figure 13.22 – Azure enterprise application – new app registration
- Click Register to finish this registration. This will redirect you to your newly created registration.
- Now let’s add the authentication. Go to Certificates & secrets in the left-hand sidebar.
- We’ll create a new client secret here. To do so, click on New client secret:
Figure 13.23 – Azure enterprise application – app registration secrets
- All we have to do now is name the secret and set an expiry time period. Keep in mind that a shorter expiry means more administrative overhead. Faster expiry could mean better security as there is less time to potentially leak (or use once leaked) the secrets:
Figure 13.24 – Azure enterprise application – app registration secret creation
- Now click on Add to finish setting up the new secret. It will show you the values once. Make sure to store them somewhere safe, such as in a password vault:
Figure 13.25 – Azure enterprise application secrets
- With the authentication out of the way, there is only one thing left to do. We need to provide the correct permissions to this new enterprise application. To do so, search for
Subscriptionsin the Azure search bar at the top of the page. - For things such as Azure virtual machine and database instance monitoring, you will need to assign (read) permissions to your entire subscription. Find the subscription where your resources are located. Mine is called OICTS Azure:
Figure 13.26 – Azure subscriptions
- Now is also a great time to write down the subscription ID, as we will need it in a later step!
- Select your subscription, and then from the list, select Access control (IAM). Then, click on Add role assignment.
Figure 13.27 – Azure subscription – role assignment
- On the next page, select the Reader role from the list and then press Next.
- At the Members part of the creation process, click on + Select members. We’ll add the Zabbix book monitoring member. It will look as follows:
Figure 13.28 – Azure subscription – role assignment members
- Now click on Review + assign and the permissions will be added.
- There’s one more thing to do in the Azure portal. In the search bar at the top of the page, type in
Tenant propertiesand select it from the list. On this page, make sure to note down the tenant ID as we will need it shortly. - With the application set up, the authentication created, and the permissions assigned, let’s move on to the Zabbix frontend. Navigate to Data collection | Hosts and create a new host by clicking on Create host in the top-right corner:
Figure 13.29 – Azure tenant properties
- Create the following host, with the name
lar-book-azure, the Azure by HTTP template, and a host group such as Cloud:
Figure 13.30 – New Azure monitoring host in Zabbix
- Before adding the host, switch to the Macros tab:
Figure 13.31– New Azure monitoring host macros in Zabbix
We will have to add at least the following macros here:
- For
{$AZURE.APP.ID}, fill in the application ID from step 5. - For
{$AZURE.PASSWORD}, fill in the value under the Value column from step 13. - For
{$AZURE.SUBSCRIPTION.ID}, fill in the subscription ID from step 15. - For
{$AZURE.TENANT.ID}, fill in the tenant ID from step 22.
- That’s it; you can now add the new host by clicking on the Add button.
- After the discovery rule runs for the first time, your discovered instances will be added as new hosts, as you can see in the following screenshot:
Figure 13.32 – New Azure-discovered virtual machine
That’s it, your automated Azure monitoring is now working as expected. Let’s have a look at how it works.
How it works…
If you’ve followed the recipe on AWS monitoring, you might think that Azure monitoring works in the exact same way. To an extent, that is true; the monitoring is completely based on API calls made from Zabbix toward the Azure API.
What is different between AWS and Azure is of course going to be the JavaScript scripts used in the Zabbix items on the templates.
The templates provided by Zabbix 7.0 out of the box use a fairly extensive piece of JavaScript code to execute API calls toward Azure, parse through the received data, and then put that into a JSON array that Zabbix low-level discovery understands.
Looking at the template found at Data collection | Templates and then opening Discovery for the Azure by HTTP template, we can see six discovery rules.
Figure 13.33 – Azure by HTTP discovery rules
These six rules discover the different types of Azure database instances and virtual machines and use host prototypes to create a new host for each instance found. The only difference here is that storage accounts won’t use host prototypes but item prototypes to supply you with information. The hosts created by host prototypes will then in turn use their own templates to get the actual statistics from those instances or buckets, as we can see in the template list:
Figure 13.34 – The other Azure templates in Zabbix 7.0
In my case, only one virtual machine was discovered, and as such, that host was added with the Azure Virtual Machine by HTTP template, as seen in Figure 13.32.
All of the information is then collected by Script item types with their own unique JavaScript code. We can see a piece of the code in the following screenshot, where we make a call to Azure to a specific URL (underlined):
Figure 13.35 – Azure template call
It is also possible to edit this JavaScript code to create entirely new calls to retrieve your own data and create different types of monitoring, as well as simply extending the out-of-the-box templates.
There’s more…
We can discover way more from Azure using the method applied in this recipe. The JavaScript we employ is used to get metrics from Azure, which can be edited to gather almost any metric from the Azure API.
Check out the Azure API documentation for more information on the metrics retrieved using JavaScript:
