Microsoft Log Analytics no response

tweeks1 · November 27, 2023, 12:29pm

Attempting to retrieve LA logs via the Microsoft Log Analytics plugin with no luck.
We have a local orchestrator running, an App Reg setup with the Log Analytics workspace available and a ‘successful’ connection to this via the client secret.

However, when running the trigger or actions (get log data or get saved search) the input returns no output. Not a failed response, just an infinite loop, the job stays running eternally.

Has anyone else encountered similar unresponsiveness, some help on how to remediate this issue would be appreciated. `Connect: Connecting…
rapid7/Microsoft Log Analytics:1.2.1. Step name: get_log_data
Updating auth token…
Authentication Token: ****************wXE6Q
Getting shared key…
(‘Connection aborted.’, TimeoutError(110, ‘Connection timed out’))
Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 703, in urlopen
httplib_response = self._make_request(
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 386, in _make_request
self._validate_conn(conn)
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 1040, in validate_conn
conn.connect()
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connection.py”, line 414, in connect
self.sock = ssl_wrap_socket(
File "/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/util/ssl.py", line 449, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File “/usr/local/lib/python3.8/ssl.py”, line 500, in wrap_socket
return self.sslsocket_class._create(
File “/usr/local/lib/python3.8/ssl.py”, line 1040, in _create
self.do_handshake()
File “/usr/local/lib/python3.8/ssl.py”, line 1309, in do_handshake
self._sslobj.do_handshake()
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/requests-2.27.1-py3.8.egg/requests/adapters.py”, line 440, in send
resp = conn.urlopen(
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 785, in urlopen
retries = retries.increment(
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/util/retry.py”, line 550, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/packages/six.py”, line 769, in reraise
raise value.with_traceback(tb)
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 703, in urlopen
httplib_response = self._make_request(
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 386, in _make_request
self._validate_conn(conn)
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connectionpool.py”, line 1040, in validate_conn
conn.connect()
File “/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/connection.py”, line 414, in connect
self.sock = ssl_wrap_socket(
File "/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/util/ssl.py", line 449, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/usr/local/lib/python3.8/site-packages/urllib3-1.26.9-py3.8.egg/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File “/usr/local/lib/python3.8/ssl.py”, line 500, in wrap_socket
return self.sslsocket_class._create(
File “/usr/local/lib/python3.8/ssl.py”, line 1040, in _create
self.do_handshake()
File “/usr/local/lib/python3.8/ssl.py”, line 1309, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: (‘Connection aborted.’, TimeoutError(110, ‘Connection timed out’))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.5.1-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 372, in handle_step
output = self.start_step(
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.5.1-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 523, in start_step
output = func(params)
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/actions/get_log_data/action.py”, line 16, in run
return self.connection.client.get_log_data(subscription_id, resource_group_name, workspace_name, query)
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/util/api.py”, line 190, in get_log_data
self._connection(
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/util/api.py”, line 44, in _connection
self._get_shared_key(subscription_id, resource_group_name, workspace_name)
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/util/api.py”, line 80, in _get_shared_key
response = self._call_api(“POST”, get_shared_key_url, headers=self._get_auth_headers())
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/util/tools.py”, line 56, in _wrapper
return func(self, *args, **kwargs)
File “/usr/local/lib/python3.8/site-packages/microsoft_log_analytics_rapid7_plugin-1.2.1-py3.8.egg/icon_microsoft_log_analytics/util/api.py”, line 116, in _call_api
response = requests.request(method, url, headers=headers, data=data, json=json_data, params=params)
File “/usr/local/lib/python3.8/site-packages/requests-2.27.1-py3.8.egg/requests/api.py”, line 61, in request
return session.request(method=method, url=url, **kwargs)
File “/usr/local/lib/python3.8/site-packages/requests-2.27.1-py3.8.egg/requests/sessions.py”, line 529, in request
resp = self.send(prep, **send_kwargs)
File “/usr/local/lib/python3.8/site-packages/requests-2.27.1-py3.8.egg/requests/sessions.py”, line 645, in send
r = adapter.send(request, **kwargs)
File “/usr/local/lib/python3.8/site-packages/requests-2.27.1-py3.8.egg/requests/adapters.py”, line 501, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: (‘Connection aborted.’, TimeoutError(110, ‘Connection timed out’))`

Eric-Wilson · November 29, 2023, 2:52pm

@tweeks1 Can you submit a support case so that a representative can work with you to resolve the issue?

tweeks1 · November 29, 2023, 3:18pm

Hi Eric,

My team and I looked into the possible issues causing this.

Today we found that our orchestrator was the bottleneck.

Due to our tight security, we disabled all but the essential entry points to the orchestrator via a firewall.

Having enabled,
https://api.loganalytics.azure.com
https://management.azure.com

The plugin now works when the above endpoints are allowed via the orchestrator.