public EtwListener(SentinelApiConfig sentinelApiConfig, EtwListenerConfig etwListenerConfig,
bool useEventIngest)
{
EtwListenerConfig = etwListenerConfig;
SentinelApiConfig = sentinelApiConfig;
UseEventIngest = useEventIngest;
// Initialize on the first heartbeat after the HostBuilder loads all configs
if (syntheticCounterManager == null && SentinelApiConfig.SloMetricsConfiguration != null)
{
// Set up the SLO metrics logging mechanism
var sloMetricsConfiguration = new GenevaMdmConfiguration
{
MetricsNamespace = SentinelApiConfig.SloMetricsConfiguration.MetricsNamespace,
MetricsAccount = SentinelApiConfig.SloMetricsConfiguration.MetricsAccount,
LocationId = SentinelApiConfig.SloMetricsConfiguration.LocationId,
MinimumValue = SentinelApiConfig.SloMetricsConfiguration.MinimumValue,
BucketSize = SentinelApiConfig.SloMetricsConfiguration.BucketSize,
BucketCount = SentinelApiConfig.SloMetricsConfiguration.BucketCount
};
syntheticCounterManager = new SyntheticCounterManager(sloMetricsConfiguration);
}
// Turn on the Provider, and listen
InitializeEtwListener();
}
public SyntheticCounterManager(GenevaMdmConfiguration cfg)
{
MetricNamespace = cfg.MetricsNamespace;
MonitoringAccount =
cfg.MetricsAccount; // not sure if it needs to the Logs Account value since currently in PPE they are the same
// Get the location information for this "unit of deployment" - region in Azure
LocationId = cfg.LocationId;
// Start in-memory aggregation and publication of metrics (such as histogram calculation)
if (!MdmMetricController.StartMetricPublication())
{
SIEMfxEventSource.Log.Information("IfxMetrics", "Ifx Configuration - Error - cannot publish metrics");
}
// Use the factory helper class to generate the synthetic metrics
var metricFactory = new MdmMetricFactory();
// Define the histogram bucketing configuration
var latencyBehavior = new MdmBucketedDistributionBehavior
{
MinimumValue = cfg.MinimumValue,
BucketSize = cfg.BucketSize,
BucketCount = cfg.BucketCount
};
metricOneAgentEtwTcpNetworkBytes = metricFactory.CreateUInt64Metric(
MdmMetricFlags.CumulativeMetricDefault,
MonitoringAccount,
MetricNamespace,
"CdocOneAgentEtwTcpNetworkBytes",
"CustomerResourceId", // Mandatory customer resource dimension
"LocationId", // Mandatory topology dimension
"TimeCreated",
"EventId",
"ProcessName",
"ProcessId",
"DestinationIpAddress",
"DestinationPort",
"SourceIpAddress",
"SourcePort",
"Bytes"
);
metricOneAgentEtwTcpNetworkCount = metricFactory.CreateUInt64Metric(
MdmMetricFlags.CumulativeMetricDefault,
MonitoringAccount,
MetricNamespace,
"CdocOneAgentEtwTcpNetworkCount",
"CustomerResourceId", // Mandatory customer resource dimension
"LocationId", // Mandatory topology dimension
"TimeCreated",
"EventId",
"ProcessName",
"ProcessId",
"DestinationIpAddress",
"DestinationPort",
"SourceIpAddress",
"SourcePort",
"Count"
);
SIEMfxEventSource.Log.Information("IfxMetrics", $@"Ifx Configuration Initialized -
MetricNamespace: {MetricNamespace}, MonitoringAccount: {MonitoringAccount}");
}
