Forge
New repositoryImport repositoryNew issue
Your repositories Your dashboard Sign in

cloudflare/Azure-Sentinel

Public

mirrored fromhttps://github.com/cloudflare/Azure-Sentinel

Watch0Fork0Star0
CodeCommitsIssuesPull requestsActionsInsightsSecurity
hrushikeshdeshpande-updating-semgrep-yml

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

Azure-Sentinel/DataConnectors/Fluentd-VMSS

DataConnectors/Fluentd-VMSS/FluentD-VMSS-RH-Templatev2.json

568lines · modecode

RawDownload
Latest commit unavailable.
unknown
1{
2 "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
3 "contentVersion": "1.0.0.0",
4 "parameters": {
5 "Base_Name": {
6 "type": "string",
7 "defaultValue": "fluentd"
8 },
9 "Autoscale_Min": {
10 "type": "int",
11 "defaultValue": 1
12 },
13 "Autoscale_Max": {
14 "type": "int",
15 "defaultValue": 10
16 },
17 "AdminUserName": {
18 "type": "string",
19 "defaultValue": "fluentd"
20 },
21 "AdminPassword": {
22 "type": "securestring"
23 },
24 "GeoLiteDBURL": {
25 "type": "string",
26 "defaultValue": "Enter your URL to download GeoLite Database"
27 },
28 "workspaceId": {
29 "type": "string"
30 },
31 "workspaceKey": {
32 "type": "string"
33 }
34 },
35 "variables": {
36 "vmss_Name": "[concat(parameters('Base_Name'), '-vmss')]",
37 "storage_name": "[tolower(concat(parameters('Base_Name'), 'diag'))]",
38 "nsg_Name": "[concat(parameters('Base_Name'),'-nsg')]",
39 "vnet_Name": "[concat(parameters('Base_Name'), '-vnet')]",
40 "pip_Name": "[concat(parameters('Base_Name'),'-pip')]",
41 "autoscale_Name": "[concat(parameters('Base_Name'),'-autoscale')]",
42 "loadbalancer_Name": "[concat(parameters('Base_Name'),'-lb')]",
43 "maxPortRange": "[if(lessOrEquals(parameters('Autoscale_Max'), 9), '5000', '500')]",
44 "cloudinit": "[concat('#cloud-config\nruncmd:\n - while ( ! (find /var/log/azure/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux/extension.log | xargs grep \"Enable,success,0,Enable succeeded\")); do sleep 5; done\n - sudo yum update -y\n - sudo yum groupinstall \"Development Tools\"\n - sudo yum install geoip-devel --enablerepo=epel\n - sudo echo \"root soft nofile 65536\" >> /etc/security/limits.conf\n - sudo echo \"root hard nofile 65536\" >> /etc/security/limits.conf\n - sudo echo \"* soft nofile 65536\" >> /etc/security/limits.conf\n - sudo echo \"* hard nofile 65536\" >> /etc/security/limits.conf\n - sudo curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent3.sh | sh\n - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/FluentD-VMSS/td-agent.conf -O /etc/td-agent/td-agent.conf\n - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/FluentD-VMSS/cef_version_0_keys.yaml -O /etc/td-agent/plugin/cef_version_0_keys.yaml\n - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/FluentD-VMSS/formatter_cef-as.rb -O /etc/td-agent/plugin/formatter_cef-as.rb\n - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/FluentD-VMSS/out_remote_syslog-as.rb -O /etc/td-agent/plugin/out_remote_syslog-as.rb\n - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/FluentD-VMSS/parser_cef-as.rb -O /etc/td-agent/plugin/parser_cef-as.rb\n - wget -q ', parameters('GeoLiteDBURL'), ' -O /etc/td-agent/plugin/GeoLite2-City.mmdb\n - sudo td-agent-gem install fluent-plugin-geoip\n - sudo systemctl start td-agent.service\n - sudo systemctl enable td-agent.service\n - sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py ', parameters('WorkspaceID'), ' ', parameters('WorkspaceKey'))]"
45 },
46 "resources": [
47 {
48 "type": "Microsoft.Storage/storageAccounts",
49 "apiVersion": "2019-06-01",
50 "name": "[variables('storage_name')]",
51 "location": "[resourceGroup().location]",
52 "sku": {
53 "name": "Standard_LRS",
54 "tier": "Standard"
55 },
56 "kind": "StorageV2",
57 "properties": {
58 "supportsHttpsTrafficOnly": true
59 }
60 },
61 {
62 "type": "Microsoft.Network/networkSecurityGroups",
63 "apiVersion": "2019-09-01",
64 "name": "[variables('NSG_Name')]",
65 "location": "[resourceGroup().location]",
66 "properties": {
67 "securityRules": [
68 {
69 "name": "Allow-Syslog",
70 "properties": {
71 "protocol": "*",
72 "sourcePortRange": "*",
73 "destinationPortRange": "5514",
74 "sourceAddressPrefix": "*",
75 "destinationAddressPrefix": "*",
76 "access": "Allow",
77 "priority": 1000,
78 "direction": "Inbound",
79 "sourcePortRanges": [
80 ],
81 "destinationPortRanges": [
82 ],
83 "sourceAddressPrefixes": [
84 ],
85 "destinationAddressPrefixes": [
86 ]
87 }
88 },
89 {
90 "name": "Allow-SSH",
91 "properties": {
92 "protocol": "*",
93 "sourcePortRange": "*",
94 "destinationPortRange": "22",
95 "sourceAddressPrefix": "*",
96 "destinationAddressPrefix": "*",
97 "access": "Allow",
98 "priority": 1001,
99 "direction": "Inbound",
100 "sourcePortRanges": [
101 ],
102 "destinationPortRanges": [
103 ],
104 "sourceAddressPrefixes": [
105 ],
106 "destinationAddressPrefixes": [
107 ]
108 }
109 }
110 ]
111 }
112 },
113 {
114 "type": "Microsoft.Network/networkSecurityGroups/securityRules",
115 "apiVersion": "2019-09-01",
116 "name": "[concat(variables('nsg_Name'), '/Allow-Syslog')]",
117 "dependsOn": [
118 "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsg_Name'))]"
119 ],
120 "properties": {
121 "protocol": "TCP",
122 "sourcePortRange": "*",
123 "destinationPortRange": "5514",
124 "sourceAddressPrefix": "*",
125 "destinationAddressPrefix": "*",
126 "access": "Allow",
127 "priority": 1000,
128 "direction": "Inbound",
129 "sourcePortRanges": [
130 ],
131 "destinationPortRanges": [
132 ],
133 "sourceAddressPrefixes": [
134 ],
135 "destinationAddressPrefixes": [
136 ]
137 }
138 },
139 {
140 "type": "Microsoft.Network/networkSecurityGroups/securityRules",
141 "apiVersion": "2019-09-01",
142 "name": "[concat(variables('nsg_Name'), '/Allow-SSH')]",
143 "dependsOn": [
144 "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsg_Name'))]"
145 ],
146 "properties": {
147 "protocol": "TCP",
148 "sourcePortRange": "*",
149 "destinationPortRange": "22",
150 "sourceAddressPrefix": "*",
151 "destinationAddressPrefix": "*",
152 "access": "Allow",
153 "priority": 1001,
154 "direction": "Inbound",
155 "sourcePortRanges": [
156 ],
157 "destinationPortRanges": [
158 ],
159 "sourceAddressPrefixes": [
160 ],
161 "destinationAddressPrefixes": [
162 ]
163 }
164 },
165 {
166 "type": "Microsoft.Network/virtualNetworks",
167 "apiVersion": "2019-11-01",
168 "name": "[variables('vnet_Name')]",
169 "location": "[resourceGroup().location]",
170 "dependsOn": [
171 "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsg_Name'))]"
172 ],
173 "properties": {
174 "addressSpace": {
175 "addressPrefixes": [
176 "10.0.0.0/16"
177 ]
178 },
179 "subnets": [
180 {
181 "name": "default",
182 "properties": {
183 "addressPrefix": "10.0.0.0/24",
184 "networkSecurityGroup": {
185 "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsg_Name'))]"
186 },
187 "serviceEndpoints": [
188 ],
189 "delegations": [
190 ],
191 "privateEndpointNetworkPolicies": "Enabled",
192 "privateLinkServiceNetworkPolicies": "Enabled"
193 }
194 }
195 ],
196 "virtualNetworkPeerings": [
197 ],
198 "enableDdosProtection": false,
199 "enableVmProtection": false
200 }
201 },
202 {
203 "type": "Microsoft.Network/virtualNetworks/subnets",
204 "apiVersion": "2019-11-01",
205 "name": "[concat(variables('vnet_Name'), '/default')]",
206 "dependsOn": [
207 "[resourceId('Microsoft.Network/virtualNetworks', variables('vnet_Name'))]"
208 ],
209 "properties": {
210 "addressPrefix": "10.0.0.0/24",
211 "networkSecurityGroup": {
212 "id": "[resourceId('Microsoft.Networks/networkSecurityGroups', variables('nsg_Name'))]"
213 },
214 "serviceEndpoints": [
215 ],
216 "delegations": [
217 ],
218 "privateEndpointNetworkPolicies": "Enabled",
219 "privateLinkServiceNetworkPolicies": "Enabled"
220 }
221 },
222 {
223 "type": "Microsoft.Network/publicIPAddresses",
224 "apiVersion": "2019-09-01",
225 "name": "[variables('PIP_Name')]",
226 "location": "[resourceGroup().location]",
227 "sku": {
228 "name": "Standard"
229 },
230 "properties": {
231 "publicIPAddressVersion": "IPv4",
232 "publicIPAllocationMethod": "Static",
233 "dnsSettings": {
234 "domainNameLabel": "[tolower(concat(parameters('Base_Name'), 'vmss'))]",
235 "fqdn": "[tolower(concat(parameters('Base_Name'), 'vmss','.',resourceGroup().location,'.cloudapp.azure.com'))]"
236 }
237 }
238 },
239 {
240 "type": "Microsoft.Network/loadBalancers",
241 "apiVersion": "2019-09-01",
242 "name": "[variables('loadbalancer_Name')]",
243 "location": "[resourceGroup().location]",
244 "dependsOn": [
245 "[resourceId('Microsoft.Network/publicIPAddresses', variables('pip_Name'))]"
246 ],
247 "sku": {
248 "name": "Standard"
249 },
250 "properties": {
251 "frontendIPConfigurations": [
252 {
253 "name": "LoadBalancerFrontEnd",
254 "properties": {
255 "privateIPAllocationMethod": "Dynamic",
256 "publicIPAddress": {
257 "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pip_Name'))]"
258 },
259 "privateIPAddressVersion": "IPv4"
260 }
261 }
262 ],
263 "backendAddressPools": [
264 {
265 "name": "bepool",
266 "properties": {
267 }
268 }
269 ],
270 "loadBalancingRules": [
271 {
272 "name": "LBSyslogTCPRule",
273 "properties": {
274 "frontendIPConfiguration": {
275 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/frontendIPConfigurations/LoadBalancerFrontEnd')]"
276 },
277 "frontendPort": 5514,
278 "backendPort": 5514,
279 "enableFloatingIP": false,
280 "idleTimeoutInMinutes": 5,
281 "protocol": "TCP",
282 "enableTcpReset": false,
283 "loadDistribution": "Default",
284 "disableOutboundSnat": false,
285 "backendAddressPool": {
286 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/backendAddressPools/bepool')]"
287 },
288 "probe": {
289 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/probes/tcpProbe')]"
290 }
291 }
292 },
293 {
294 "name": "LBSyslogUDPRule",
295 "properties": {
296 "frontendIPConfiguration": {
297 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/frontendIPConfigurations/LoadBalancerFrontEnd')]"
298 },
299 "frontendPort": 5514,
300 "backendPort": 5514,
301 "enableFloatingIP": false,
302 "idleTimeoutInMinutes": 5,
303 "protocol": "Udp",
304 "enableTcpReset": false,
305 "loadDistribution": "Default",
306 "disableOutboundSnat": false,
307 "backendAddressPool": {
308 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/backendAddressPools/bepool')]"
309 },
310 "probe": {
311 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/probes/tcpProbe')]"
312 }
313 }
314 }
315 ],
316 "probes": [
317 {
318 "name": "tcpProbe",
319 "properties": {
320 "protocol": "Tcp",
321 "port": 5514,
322 "intervalInSeconds": 5,
323 "numberOfProbes": 2
324 }
325 }
326 ],
327 "inboundNatRules": [
328 ],
329 "outboundRules": [
330 ],
331 "inboundNatPools": [
332 {
333 "name": "natPool",
334 "properties": {
335 "frontendPortRangeStart": 50000,
336 "frontendPortRangeEnd": "[concat(variables('maxPortRange'), parameters('Autoscale_Max'))]",
337 "backendPort": 22,
338 "protocol": "Tcp",
339 "idleTimeoutInMinutes": 4,
340 "enableFloatingIP": false,
341 "enableTcpReset": false,
342 "frontendIPConfiguration": {
343 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/frontendIPConfigurations/LoadBalancerFrontEnd')]"
344 }
345 }
346 }
347 ]
348 }
349 },
350 {
351 "type": "Microsoft.Compute/virtualMachineScaleSets",
352 "apiVersion": "2019-03-01",
353 "name": "[variables('vmss_Name')]",
354 "location": "[resourceGroup().location]",
355 "dependsOn": [
356 "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsg_Name'))]",
357 "[resourceId('Microsoft.Storage/storageAccounts', variables('storage_name'))]",
358 "[resourceId('Microsoft.Network/virtualNetworks', variables('vnet_Name'))]",
359 "[resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name'))]"
360 ],
361 "sku": {
362 "name": "Standard_F4s_v2",
363 "tier": "Standard",
364 "capacity": "[parameters('Autoscale_Min')]"
365 },
366 "properties": {
367 "singlePlacementGroup": true,
368 "upgradePolicy": {
369 "mode": "Manual"
370 },
371 "virtualMachineProfile": {
372 "osProfile": {
373 "computerNamePrefix": "[parameters('Base_Name')]",
374 "adminUsername": "[parameters('AdminUserName')]",
375 "adminPassword": "[parameters('AdminPassword')]",
376 "linuxConfiguration": {
377 "disablePasswordAuthentication": false,
378 "provisionVMAgent": true
379 },
380 "secrets": [
381 ],
382 "customData": "[base64(variables('cloudinit'))]"
383 },
384 "storageProfile": {
385 "osDisk": {
386 "createOption": "FromImage",
387 "caching": "ReadWrite",
388 "managedDisk": {
389 "storageAccountType": "Premium_LRS"
390 },
391 "diskSizeGB": 32
392 },
393 "imageReference": {
394 "publisher": "RedHat",
395 "offer": "RHEL",
396 "sku": "7-RAW-CI",
397 "version": "7.6.2019072418"
398 }
399 },
400 "networkProfile": {
401 "networkInterfaceConfigurations": [
402 {
403 "name": "[concat(parameters('Base_Name'), '-nic')]",
404 "properties": {
405 "primary": true,
406 "enableAcceleratedNetworking": false,
407 "dnsSettings": {
408 "dnsServers": [
409 ]
410 },
411 "enableIPForwarding": false,
412 "ipConfigurations": [
413 {
414 "name": "[concat(parameters('Base_Name'), '-ipConfig')]",
415 "properties": {
416 "subnet": {
417 "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnet_Name')), '/subnets/default')]"
418 },
419 "privateIPAddressVersion": "IPv4",
420 "loadBalancerBackendAddressPools": [
421 {
422 "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadbalancer_Name')), '/backendAddressPools/bepool')]"
423 }
424 ],
425 "loadBalancerInboundNatPools": [
426 {
427 "id": "[concat(resourceId('Microsoft.Network/loadBalancers/', variables('loadbalancer_Name')), '/inboundNatPools/natPool')]"
428 }
429 ]
430 }
431 }
432 ]
433 }
434 }
435 ]
436 },
437 "diagnosticsProfile": {
438 "bootDiagnostics": {
439 "enabled": true,
440 "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storage_name'))).primaryEndpoints.blob]"
441 }
442 },
443 "extensionProfile": {
444 "extensions": [
445 {
446 "type": "extensions",
447 "name": "OMSExtension",
448 "location": "[resourceGroup().location]",
449 "properties": {
450 "publisher": "Microsoft.EnterpriseCloud.Monitoring",
451 "type": "OmsAgentForLinux",
452 "typeHandlerVersion": "1.4",
453 "autoUpgradeMinorVersion": true,
454 "settings": {
455 "workspaceId": "[parameters('workspaceId')]",
456 "stopOnMultipleConnections": "true"
457 },
458 "protectedSettings": {
459 "workspaceKey": "[parameters('workspaceKey')]"
460 }
461 }
462 },
463 {
464 "type": "extensions",
465 "name": "DependencyAgentLinux",
466 "location": "[resourceGroup().location]",
467 "properties": {
468 "publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
469 "type": "DependencyAgentLinux",
470 "typeHandlerVersion": "9.5",
471 "autoUpgradeMinorVersion": true
472 }
473 }
474 ]
475 },
476 "priority": "Regular"
477 },
478 "overprovision": true,
479 "doNotRunExtensionsOnOverprovisionedVMs": false,
480 "platformFaultDomainCount": 5
481 }
482 },
483 {
484 "type": "microsoft.insights/autoscalesettings",
485 "apiVersion": "2014-04-01",
486 "name": "[variables('autoscale_Name')]",
487 "location": "[resourceGroup().location]",
488 "dependsOn": [
489 "[resourceId('Microsoft.Compute/virtualMachineScaleSets', variables('vmss_Name'))]"
490 ],
491 "properties": {
492 "profiles": [
493 {
494 "name": "Profile1",
495 "capacity": {
496 "minimum": "[parameters('Autoscale_Min')]",
497 "maximum": "[parameters('Autoscale_Max')]",
498 "default": "[parameters('Autoscale_Min')]"
499 },
500 "rules": [
501 {
502 "metricTrigger": {
503 "metricName": "Percentage CPU",
504 "metricNamespace": "",
505 "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', variables('vmss_Name'))]",
506 "timeGrain": "PT1M",
507 "statistic": "Average",
508 "timeWindow": "PT5M",
509 "timeAggregation": "Average",
510 "operator": "GreaterThan",
511 "threshold": 75,
512 "dimensions": [
513 ],
514 "dividePerInstance": false
515 },
516 "scaleAction": {
517 "direction": "Increase",
518 "type": "ChangeCount",
519 "value": "1",
520 "cooldown": "PT1M"
521 }
522 },
523 {
524 "metricTrigger": {
525 "metricName": "Percentage CPU",
526 "metricNamespace": "",
527 "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', variables('vmss_Name'))]",
528 "timeGrain": "PT1M",
529 "statistic": "Average",
530 "timeWindow": "PT5M",
531 "timeAggregation": "Average",
532 "operator": "LessThan",
533 "threshold": 25,
534 "dimensions": [
535 ],
536 "dividePerInstance": false
537 },
538 "scaleAction": {
539 "direction": "Decrease",
540 "type": "ChangeCount",
541 "value": "1",
542 "cooldown": "PT1M"
543 }
544 }
545 ]
546 }
547 ],
548 "enabled": true,
549 "name": "[concat(parameters('Base_Name'), '-autoscale')]",
550 "targetResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', variables('vmss_Name'))]"
551 }
552 }
553 ],
554 "outputs": {
555 "b64customData": {
556 "type": "string",
557 "value": "[base64(variables('cloudinit'))]"
558 },
559 "customData": {
560 "type": "string",
561 "value": "[variables('cloudinit')]"
562 },
563 "osprofile": {
564 "type": "object",
565 "value": "[reference(variables('vmss_Name'))]"
566 }
567 }
568}