OCI Streaming with Azure Sentinel Error

OCI Streaming with Azure Sentinel Error 0 Reputation points
2023-09-05T15:55:22.4933333+00:00

We have configured the OCI Streaming with Azure Sentinel. We have provided the keys, ocid of user, ocid of tenancy, finger prints etc but logs are not ingesting.

Full Exception :

Exception while executing function

/Functions.AzureFunctionOCILogs ---> Microsoft.Azure.WebJobs.Script.Workers.Rpc.RpcException

/Result

/Failure Exception

/ServiceError

/{'opc-request-id'

/'58E7F0CE60DC4AD2A505D6B59E456383/69345E089EAADDDA5D36E384EB95E518/E55EDE54063A3C58A2D4D18F3827CFA1', 'code'

/'NotAuthenticated', 'message'

/'The required information to complete authentication was not provided or was incorrect.', 'status'

/401}

/

'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py', line 479, in _handle__invocation_request call_result = await self._loop.run_in_executor(

'/usr/local/lib/python3.8/concurrent/futures/thread.py', line 57, in run result = self.fn(*self.args, **self.kwargs)

'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py', line 752, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context,

'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py', line 215, in _raw_invocation_wrapper result = function(**args)

'/home/site/wwwroot/AzureFunctionOCILogs/main.py', line 49, in main cursor = get_cursor_by_group(stream_client, StreamOcid, 'group1', 'group1-instance1')

'/home/site/wwwroot/AzureFunctionOCILogs/main.py', line 101, in get_cursor_by_group response = sc.create_group_cursor(sid, cursor_details)

'/home/site/wwwroot/.python_packages/lib/site-packages/oci/streaming/stream_client.py', line 418, in create_group_cursor return self.base_client.call_api(

'/home/site/wwwroot/.python_packages/lib/site-packages/oci/base_client.py', line 432, in call_api response = self.request(request)

'/home/site/wwwroot/.python_packages/lib/site-packages/oci/base_client.py', line 547, in request self.raise_service_error(request, response)

'/home/site/wwwroot/.python_packages/lib/site-packages/oci/base_client.py', line 712, in raise_service_error raise exceptions.ServiceError(

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Script.Description.WorkerFunctionInvoker.InvokeCore(Object[] parameters,FunctionInvocationContext context)

/src/azure-functions-host/src/WebJobs.Script/Description/Workers/WorkerFunctionInvoker.cs

/101

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Script.Description.FunctionInvokerBase.Invoke(Object[] parameters)

/src/azure-functions-host/src/WebJobs.Script/Description/FunctionInvokerBase.cs

/82

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.VoidTaskMethodInvoker`2.InvokeAsyncTReflected,TReturnType

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\VoidTaskMethodInvoker.cs

/20

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionInvoker`2.InvokeAsyncTReflected,TReturnValue

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionInvoker.cs

/52

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.InvokeWithTimeoutAsync(IFunctionInvoker invoker,ParameterHelper parameterHelper,CancellationTokenSource timeoutTokenSource,CancellationTokenSource functionCancellationTokenSource,Boolean throwOnTimeout,TimeSpan timerInterval,IFunctionInstance instance)

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs

/581

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithWatchersAsync(IFunctionInstanceEx instance,ParameterHelper parameterHelper,ILogger logger,CancellationTokenSource functionCancellationTokenSource)

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs

/527

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstanceEx instance,FunctionStartedMessage message,FunctionInstanceLogEntry instanceLogEntry,ParameterHelper parameterHelper,ILogger logger,CancellationToken cancellationToken)

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs

/306 End of inner exception

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstanceEx instance,FunctionStartedMessage message,FunctionInstanceLogEntry instanceLogEntry,ParameterHelper parameterHelper,ILogger logger,CancellationToken cancellationToken)

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs

/352

System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.TryExecuteAsync(IFunctionInstance functionInstance,CancellationToken cancellationToken)

D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs

/108

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,154 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 33,081 Reputation points Microsoft Employee
    2023-09-07T07:29:31.8366667+00:00

    @OCI Streaming with Azure Sentinel Error Thank you for reaching out to us, from the above description of the error seems like issue with Azure functions, need to work with them in collaboration.

    Please send me an email to 'AzCommunity@microsoft.com' with Sub - Attn: Givary and following details in the email body:

    Link to this thread/post and Azure Subscription ID, so that we I can create a free support option on this issue, where you work with Microsoft Sentinel & Azure Functions team in collab on the support ticket.

    Came across this blog from Oracle Cloud infrastructure - https://docs.oracle.com/en/learn/oci-logs-ms-azure-sentinel/index.html#task-523-run-your-oci-function if you would like to review the configuration once before we create a support ticket.

    Let me know if you have any further questions, feel free to post back.

  2. Prakash, Piyush 0 Reputation points
    2023-09-12T15:28:25.4466667+00:00

    Thanks you for your response. Let me forward it to you..

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.