Hey! These docs are for version 6.3, which is no longer officially supported. Click here for the latest version, 6.7!

## Overview

AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.

Azure Express Scan provides a configuration wizard to guide you through and quickly discover Microsoft Azure objects (Hosts) within a given Azure Subscription and automatically import them into Opsview Monitor.

## Azure Express Scan

Virtual Machine discovered by the Azure Scan will be imported into the following Host group Structure:

  • `Opsview > Automonitor > Azure Express Scan > {Subscription Name} > {Resource Group Name} > {Resource Name / HostName}`

Health Availability Status for Azure Resource Groups will be imported into the following Host group Structure:

  • `Opsview > Automonitor > Azure Express Scan > {Subscription Name} > Azure_RGs_Health_{Subscription Name} > Azure_RGs_Health_{Subscription Name}`

The Scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:

  • Cloud - Azure - Virtual Machines

  • Cloud - Azure - Linux VMs

  • Cloud - Azure - Windows VMs

  • Cloud - Azure - VM Backups

  • Cloud - Azure - Storage Accounts

  • Cloud - Azure - Health Availability Status

  • Cloud - Azure - Virtual Machines Scale Sets

  • Cloud - Azure - Virtual Machines Scale Sets VM

See more information about Host Templates within the [Cloud - Azure Opspack](🔗)

## Pre-Requisites

In order to access the AutoMonitor Application and run an Azure Express Scan, the following permissions are required:

Depending on your organisation structure, you may prefer to NOT give user permissions to `CONFIGUREHOSTGROUPS` and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (`Opsview > Automonitor > Azure Express Scan > {Subscription Name} `) and provide access only to the Subscription Name Host Group to the user(s) running an Azure AutoMonitor Scan.

Azure Credentials required:

  • Tenant ID / Directory ID

  • Subscription ID

  • App ID / Client ID

  • Secret Key

Information about [Where to Find Azure Credentials](🔗) can be found at the bottom of this page

Your Microsoft Azure App/Client needs to have the following Roles assigned

  • Monitoring Contributor

  • Network Contributor

  • Storage Contributor

  • Backup Contributor

If your Microsoft Azure App DOES NOT have the right permissions, Azure Express Scan will fail

## Running a Scan

AutoMonitor Azure Express Scan feature is accessible from the `Configuration > AutoMonitor` menu. When selecting this option will be presented with the following screen:


Select Azure to start with the AutoMonitor Azure Express configuration wizard

In the configuration wizard (`Azure | Input your Azure Credentials`), as per the screen shown below, you need to enter `Tenant ID`, `Subscription ID`, `App ID` and `Secret Key` to be able to discover Microsoft Azure Resources. (Information about [Where to Find Azure Credentials](🔗) can be found at the bottom of this page).


Once you have entered the relevant information for the required fields, the `Start Scan` button will be enabled for you to proceed when you are ready to start the scan.


If the credentials are invalid or fail to be authorised, the following error message will be displayed:


Upon successful authorisation, the Scan starts by interrogating Microsoft Azure for a list of Resource Groups, Virtual Machines, Scale Sets and Storage Accounts to scan. Once the scan has started the progress bar will be displayed which indicates how many of the discovered resources have been scanned:


As the scan is being carried out, it can be aborted by hovering over the `Abort` button which displays a panel to confirm the aborting of the scan. Once the `Yes` button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.


If an unrecoverable error occurs during the scan, the following error page will be displayed:


A `Sorry there was an error that we can't identify` message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than one hour the scan will time out and show this error message.

If such errors occur, you can click `Try again` to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.

When the scan completes the following screen will be displayed:


At this point, you can click on `Apply changes` to trigger a system reload and start monitoring the scanned hosts. Clicking on `New` will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:

Clicking "View log` will display a detailed list of the steps completed by the scan:


If the scan fails for some reason, `View log` is a good way to help diagnose the problem.

Once the scan has finished, you can see the pending hosts by clicking the `Host Settings` link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check.

## Host Check Command associated to Virtual Machines

In order for the scan results to be more useful to the user, the scan will try to associate the appropriate host check command for each host. For that the scan will retrieve the Network Security Group (NSG) rules associated to that Virtual Machine and will assign the more secure one (TCP port 443 (HTTP/SSL), TCP port 22 (SSH), TCP port 80 (HTTP), TCP port 25 (SMTP), TCP port 21 (FTP), TCP port 161 (SNMP), TCP port 135 (MS RPC), TCP port 5900 (VNC)).

## Choosing a collector to monitor Azure Resources

AutoMonitor will automatically determine which collector cluster has the best connection to Microsoft Azure (using the URL https://login.microsoftonline.com) and will set the imported hosts to be monitored by that collector. If no collector can connect to Microsoft Azure, then the scan will fail.

## Variables

Automonitor will attempt to populate the variables as appropriate for the host checks added by the scan. The following global variable will be populated if it is not already: `AZURE_CREDENTIALS`

If this global variable is already populated before the scan is run, then the variable will be set on each monitored host, unless the values in the global variable are applicable to the new hosts.

## Where to Find Azure Credentials

Follow the steps below to retrieve this information.

Step 1: Find the Subscription ID

The Subscription ID can be found in the Subscriptions section under the All services section in the Azure dashboard.



Step 2: Find the Tenant/Directory ID

The Tenant/Directory ID can be found in the Azure Active Directory section under the Properties section in the Azure dashboard.


Step 3: Find the Client/Application ID for your application

You need to create and register your application if you haven't already. For more information, refer to: Create an Azure Active Directory application

The Client/Application ID can be found in the Azure Active Directory section under the App registrations section in the Azure dashboard.


Step 4: Generate the Secret Key for your application

You will need to create a Secret Key for your application, once this has been created its value will be hidden, so save the value during creation.

To create the Secret Key, select your application from the list, select the Certificates and secrets section and then click on New client secret.

Specify a description and expiration date for your key and then click Add.