Skip to main content

Log-Based API Discovery (Azure)

Deployment architectures supported for log based discovery on Microsoft Azure.

Updated over 2 months ago

Introduction

Log Based discovery is an easy to deploy, low-cost, and simple to manage mechanism to enable the Ghost Platform to discover APIs and API Endpoints in your cloud environment in just a few minutes. It works by processing replicas of Azure Front Door access logs from your account and feeds them into the Ghost Platform to populate your API and API Endpoint inventories.

System Overview

Supported Sources

The following access log-based sources are currently supported:

Architecture

The Ghost Log Based processing stack is comprised of an Azure Function with an EventHub trigger. The detailed resource breakdown is available in the terraform module.

  • Ghost Log Processing Function - Processes log files from an existing EventHub and submits the sanitized and reduced data to the Ghost API.

Deployment Guide

The Ghost Log Based processing stack can be deployed in any Azure region which supports Azure Functions and Event Hubs.

The function and EventHub trigger will be deployed into a single region of a single subscription using Terraform. We provide a terraform module that simplifies the deployment of the necessary resources.

The following diagram depicts two deployments in the same Subscription - one per Region.

Installation Steps

1. Navigate to the API Keys page.

2. Generate a new API key with "Write Logs" permissions by pressing the "Create API Key" button in the top right of the page.

3. After pressing the "Create API Key" button, copy the value that is displayed in the UI. This key is necessary for the function to authenticate with the Ghost API .

4. Create a new Key Vault in the subscription you intend to deploy the forwarder to. Add a secret to this vault with the value being the API key created in step #3. Note the resource group, key vault name and secret name as these are required in the next step.

5. Follow this example in the log forwarder module documentation to deploy the resources in your Azure subscription.

The Ghost Log processing stack is now deployed successfully. Proceed to the Configuration Guide section to .

Configuration Guide

To verify logs are flowing to the platform, navigate to the API Keys page and you should see the "Last Seen" column for the API key you created earlier updated to a recent timestamp. Assuming the Front Door profiles you configured to send logs to the forwarder are receiving API traffic you should also see new Endpoints and APIs being populated in the platform.

Did this answer your question?