initial commit (#831)

Co-authored-by: ngchi <ngchi@DESKTOP-5TA29SV>
2020-07-08 10:37:53 -07:00 · 2020-07-08 10:37:53 -07:00 · f77ea17243
--- a/Code/HttpDataCollectorAPI/HttpDataCollectorAPI.sln
+++ b/Code/HttpDataCollectorAPI/HttpDataCollectorAPI.sln
@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30204.135
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HttpDataCollectorAPI", "HttpDataCollectorAPI\HttpDataCollectorAPI.csproj", "{03E4B775-602C-4280-9FBB-9561533E10E2}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{03E4B775-602C-4280-9FBB-9561533E10E2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{03E4B775-602C-4280-9FBB-9561533E10E2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{03E4B775-602C-4280-9FBB-9561533E10E2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{03E4B775-602C-4280-9FBB-9561533E10E2}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {12232881-6D87-48A1-990C-824584ECD3EF}
+	EndGlobalSection
+EndGlobal
--- a/Code/HttpDataCollectorAPI/HttpDataCollectorAPI/HttpDataCollectorAPI.csproj
+++ b/Code/HttpDataCollectorAPI/HttpDataCollectorAPI/HttpDataCollectorAPI.csproj
@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp3.1</TargetFramework>
+  </PropertyGroup>
+
+</Project>
--- a/Code/HttpDataCollectorAPI/HttpDataCollectorAPI/Program.cs
+++ b/Code/HttpDataCollectorAPI/HttpDataCollectorAPI/Program.cs
@ -0,0 +1,88 @@
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace HttpDataCollectorAPI
+{
+	class ApiExample
+	{
+		// An example JSON object, with key/value pairs. You can comment this out and create your own json file with custom log data in the solution
+		static string json = @"[{""DemoField1"":""DemoValue1"",""DemoField2"":""DemoValue2""},{""DemoField3"":""DemoValue3"",""DemoField4"":""DemoValue4""}]";
+
+		// Update customerId to your Log Analytics workspace ID
+		static string customerId = "enter_your_workspaceId";
+
+		// For sharedKey, use either the primary or the secondary Connected Sources client authentication key   
+		static string sharedKey = "enter_your_workspace_key";
+
+		// LogName is name of the event type that is being submitted to Azure Monitor
+		static string LogName = "enter_your_log_name";
+
+		// You can use an optional field to specify the timestamp from the data. If the time field is not specified, Azure Monitor assumes the time is the message ingestion time
+		static string TimeStampField = "";
+
+		static void Main()
+		{
+			// Create a hash for the API signature
+			var datestring = DateTime.UtcNow.ToString("r");
+			var jsonBytes = Encoding.UTF8.GetBytes(json);
+			string stringToHash = "POST\n" + jsonBytes.Length + "\napplication/json\n" + "x-ms-date:" + datestring + "\n/api/logs";
+			string hashedString = BuildSignature(stringToHash, sharedKey);
+			string signature = "SharedKey " + customerId + ":" + hashedString;
+
+			PostData(signature, datestring, json);
+		}
+
+		// Build the API signature
+		public static string BuildSignature(string message, string secret)
+		{
+			var encoding = new System.Text.ASCIIEncoding();
+			byte[] keyByte = Convert.FromBase64String(secret);
+			byte[] messageBytes = encoding.GetBytes(message);
+			using (var hmacsha256 = new HMACSHA256(keyByte))
+			{
+				byte[] hash = hmacsha256.ComputeHash(messageBytes);
+				return Convert.ToBase64String(hash);
+			}
+		}
+
+		// Send a request to the POST API endpoint
+		public static void PostData(string signature, string date, string json)
+		{
+			try
+			{
+				string url = "https://" + customerId + ".ods.opinsights.azure.com/api/logs?api-version=2016-04-01";
+
+				System.Net.Http.HttpClient client = new System.Net.Http.HttpClient();
+				client.DefaultRequestHeaders.Add("Accept", "application/json");
+				client.DefaultRequestHeaders.Add("Log-Type", LogName);
+				client.DefaultRequestHeaders.Add("Authorization", signature);
+				client.DefaultRequestHeaders.Add("x-ms-date", date);
+				client.DefaultRequestHeaders.Add("time-generated-field", TimeStampField);
+
+				System.Net.Http.HttpContent httpContent = new StringContent(json, Encoding.UTF8);
+				httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
+				Task<System.Net.Http.HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent);
+
+				System.Net.Http.HttpContent responseContent = response.Result.Content;
+				string result = responseContent.ReadAsStringAsync().Result;
+
+				if (response.Result.StatusCode.ToString().Contains("OK"))
+				{
+					Console.WriteLine("Data is successfully pushed");
+				}
+				else
+				{
+					Console.WriteLine("Failed to post data");
+				}
+			}
+			catch (Exception excep)
+			{
+				Console.WriteLine("API Post Exception: " + excep.Message);
+			}
+		}
+	}
+}
--- a/Code/HttpDataCollectorAPI/Readme.md
+++ b/Code/HttpDataCollectorAPI/Readme.md
@ -0,0 +1,61 @@
+# Azure Monitor Http Data Collector API Sample
+
+## Description
+This repository contains a very simple C# console application to demonstrate how you can leverage the Azure Monitor Http Data Collector API to post your custom log data to your Azure Log Analytics Custom logs. The posted data can then be accessed via your Azure Log Analytics Custom logs or Azure Sentinel Custom Log table.
+
+
+## Prerequisites
+To configure the tool, the following assembly is required to post custom data to Azure Log Analytics custom logs via Azure Monitor Http Data Collector API.
+
+1. **Active Azure Subscription**, if you don't have one, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+2. Obtain **domain** by following these steps:
+    1. Login into [Azure Management Portal](https://portal.azure.com)
+    1. Navigate to the **Azure Active Directory** blade
+    1. Click on **Custom Domain Names**. Copy your domain name as you will need it later to run the application.
+
+3. **Log Analytics workspace**. If you don't have one, [create a Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/learn/quick-create-workspace).
+
+4. Obtain **WorkSpaceId** and **Key** following these steps. Copy this workspace Id and Key as you will need them later to run the application.
+   1. In the Azure portal, search for and select **Log Analytics workspaces**
+   1. In your list of Log Analytics workspaces, select the workspace you intend on configuring the agent to report to.
+   1. Select **Advanced Settings**.
+
+5. To enable Azure Sentinel, you need **contributor** permissions to the subscription in which the Azure Sentinel workspace resides. Learn more to [onboard Azure Sentinel](https://docs.microsoft.com/azure/sentinel/quickstart-onboard#enable-azure-sentinel-).
+
+6. To use Azure Sentinel, you need either **contributor** or **reader** permissions on the resource group that the workspace belongs to.
+
+## Setup
+1) Clone Azure Sentinel repository by running this command: git clone https://github.com/Azure/Azure-Sentinel.git
+2) In the cloned repo, navigate to the **Tools** directory, and open **HttpDataCollectorAPI** solution.
+3) Install necessary dependencies: In Visual Studio, right click the **HttpDataCollectorAPI** solution.
+Click **Restore NuGet Packages**.
+4) Open **Program.cs** file, fill in the values of the following variables using the information you've saved from the [Prerequisites](#Prerequisites) section.
+The TimeStampField is optional from the data. If the time field is not specified, Azure Monitor assumes the time is the message ingestion time.
+
+		static string customerId = "enter_your_workspaceId";
+		static string sharedKey = "enter_your_workspace_key";
+		static string LogName = "enter_your_log_name";
+		static string TimeStampField = "";
+
+5) For this following custom data section, you can either replace the value of the string json variable with your own custom data or comment this out and create your own json file with custom log data in the solution. For creating your own file option, you will need to modify the code to read the json file in the API call.
+		static string json = @"[{""DemoField1"":""DemoValue1"",""DemoField2"":""DemoValue2""},{""DemoField3"":""DemoValue3"",""DemoField4"":""DemoValue4""}]"; 
+6) Once changes are complete, save the file.
+Now you can run the application. Please note that the "Main" function in the Program.cs class is the entry point for the application.
+
+### Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+### Copyright
+Copyright (c) 2020 Microsoft. All rights reserved.