Azure LogAnalytics query for disabled Traffic Manager Profile - azure-log-analytics

I'm looking to query Azure Network/"trafficManagerProfiles events from Log Analytics and more specifically when Traffic Manager Profile is in status Disabled.
I've managed to find a specific event and found that I need to look at "profileStatus" which is nested in "Prorperties" -> "requestbody" -> "properties" -> "profileStatus".Check image
AzureActivity | where ResourceId contains "trafficManagerProfiles" | where Properties contains 'profileStatus'
I need to fetch events in LA when Traffic manager Profile and more specifically when "profileStatus" is equal to "Disabled"

Found the answers in this post: Log Analtyics - How to use "inverted commas" within search query
AzureActivity | where ResourceId contains "trafficManagerProfiles" | where Properties contains '\\"profileStatus\\":\\"Disabled\\"'

Related

KQL Query for creating domain list from UserPrincipalName

is there a way for building a list of unique user domains in a delimited format from sentinel signin logs? Signin logs has user principal name and can be extended to split the domain name as below.
extend UserDomains = split(UserPrincipalName,'#')[1]
You can use the make_set() aggregation function, for example:
T
| extend UserDomains = split(UserPrincipalName,'#')[1]
| summarize UserDomains = make_set(UserDomains)

Contacts and contact_groups in nagios configuration

Can I have in nagios host and service config, specified contacts and contacts_groups together? I mean if I'll not notify only contact or only group.
e.g.
define host{
host_name bogus-router
alias Bogus Router #1
address 192.168.1.254
parents server-backbone
check_command check-host-alive
check_interval 5
retry_interval 1
max_check_attempts 5
check_period 24x7
process_perf_data 0
retain_nonstatus_information 0
contacts specyfic-admin
contact_groups router-admins
notification_interval 30
notification_period 24x7
notification_options d,u,r
}
Yes.
From the documentation:
contacts: This is a list of the short names of the contacts that
should be notified whenever there are problems (or recoveries) with
this host. Multiple contacts should be separated by commas. Useful if
you want notifications to go to just a few people and don't want to
configure contact groups. You must specify at least one contact or
contact group in each host definition.
contact_groups: This is a list
of the short names of the contact groups that should be notified
whenever there are problems (or recoveries) with this host. Multiple
contact groups should be separated by commas. You must specify at
least one contact or contact group in each host definition.
Actually - now that I copy that I'm not so sure it describes the answer properly.
You may also want to look at Object Inheritance.
But, the short answer is still a yes.

Yii RBAC on per Model Record basis

I am new to Yii and not familiar with the RBAC feature of Yii. My question is, Is it possible to use RBAC on per Model record basis e.g.:
Table Project_users:
| user_id | project_id | role |
================================
| 1 | 1 | admin |
---------------------------------
| 1 | 2 | member|
In this scenario, user 1 can edit project 1 but not project 2. Can I use Yii's RBAC feature here with minimal configuration or do I need to create my own filter code?
I provided a response for a similar question here : Yii RBAC: access to specific items/rows
This allows you to create custom filter rules in a few steps :
specify the 'accessControl' flag in your filters() override method.
In your accessRules() method, specify a reference to your custom function to perform the access control check
Create your access control function to perform your checks and return true or false accordingly to specify if the access is allowed or disallowed.
You can see the code examples in the linked question.

User Filter for nested OU inside gitlab using RFC 4515

I am setting up gitlab to have LDAP access.
I would like to give access to 2 seperate OU's OU=Users,OU=Dept1,OU=land,DC=my,DC=com and OU=Users,OU=Dept2,OU=land,DC=my,DC=com (basically the users of 2 departments.
I believe that I would have to set the base to OU=land,DC=my,DC=com and then use a user_filer (Format: RFC 4515)
Probably something of the sort
(|(ou=Dept1)(ou=Dept2))
How do I extend this to specify only for the USERS within those ou's? Thanks
Note:
When I use the Filter: (objectClass=user)I am given access
however if i change it to any of the following I am refused access
(&(objectClass=user)(ou=Users))
(&(objectClass=user)(ou=Dept1))
(&(objectClass=user)(ou=Users,ou=Dept1,ou=land))
(&(objectClass=user)(ou=Users,ou=Dept1,ou=land,dc=my,dc=com))
You should add an objectClass constraint to the filter to limit it only to users , say (&(objectClass=Person))

Activity stream design with RavenDb

This is more of a design pattern / document design question than a technical one...
I want to display a activity feed on my website which will list all the latest happenings users have been doing on my site...here are some of the activities i would like to display:
New media uploaded (Bob has uploaded a new track)
Comments on a profile (Paul has commented on Bob's profile)
Comments on media (Steve has commented on Paul's track 'my track name')
Status updates (Steve can write any status update he wishes)
Each activity will need to have it's own set of data, such as the new media uploaded activity I would like to include details about the media such as image, title, description etc).
This activity will mostly be used as a global feed so it's the same for all users, although I need the option for users to only show feed items from users they are following (like twitter).
I think I have 2 options:
1) Pull in all the data Ad-Hoc with an index so the information is always up to date, even if a user alters his media title name...i'm not sure how well this will scale though??
2) Have an ActivityFeed document which contains a Sub-Document such as NewMediaUploadActivity (shown below).
ActivityFeed
- DateTime
- AccountId
- ActivityType
- Activity (this is a polymorphic object)
NewMediaUploadActivity : Activity
- MediaTitle
- MediaDescription
- GenreName
StatusUpdateActivity : Activity
- StatusText
ProfileCommentActivity : Activity
- CommentText
- ProfileAccountId
- ProfileUsername
Etc...
If anybody has any experience, or any input on the best way to do this in RavenDB I would be grateful, my live website built with SQL Server currently does what I need using a slightly modified option 2.
Paul
I would model this as:
public class ActivityTracking<TActivity>
{
public string[] AffectedUsers {get;set;}
public TActivity Activity {get;set;}
}
You can have different activities (not required to be in an inheritance hierarchy) that are "attached" to different users.
For example, Bob commenting on Jane's photo would show up in both streams.
You then can just query for activities for that user.