o ưi>-@stdZddlZddlZddlZddlmZmZddlmZddl m Z ddl m Z m Z ddlmZGdd d e ZdS) aU Azure Sentinel Integration - sends logs to Azure Log Analytics using Logs Ingestion API Azure Sentinel uses Log Analytics workspaces for data storage. This integration sends LiteLLM logs to the Log Analytics workspace using the Azure Monitor Logs Ingestion API. Reference API: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview `async_log_success_event` - used by litellm proxy to send logs to Azure Sentinel `async_log_failure_event` - used by litellm proxy to send failure logs to Azure Sentinel For batching specific details see CustomBatchLogger class N)ListOptional)verbose_logger)CustomBatchLogger)get_async_httpx_clienthttpxSpecialProvider)StandardLoggingPayloadcseZdZdZ      ddeedeedeedeedeedeef fd d Zd efd d ZddZddZ ddZ Z S)AzureSentinelLoggerz_ Logger that sends LiteLLM logs to Azure Sentinel via Azure Monitor Logs Ingestion API Ndcr_immutable_id stream_nameendpoint tenant_id client_id client_secretc sHttjd|_|p td|_|ptdd|_|ptd|_|p+tdp+td|_ |p8tdp8td |_ |pEtd pEtd |_ |jsNt d |jsUt d |j s\t d|j sct d|j sjt d|j dd|jd|jd|_d|_d|_d|_t|_tjdi|d|jit|g|_dS)a Initialize Azure Sentinel logger using Logs Ingestion API Args: dcr_immutable_id (str, optional): Data Collection Rule (DCR) Immutable ID. If not provided, will use AZURE_SENTINEL_DCR_IMMUTABLE_ID env var. stream_name (str, optional): Stream name from DCR (e.g., "Custom-LiteLLM"). If not provided, will use AZURE_SENTINEL_STREAM_NAME env var or default to "Custom-LiteLLM". endpoint (str, optional): Data Collection Endpoint (DCE) or DCR ingestion endpoint. If not provided, will use AZURE_SENTINEL_ENDPOINT env var. tenant_id (str, optional): Azure Tenant ID for OAuth2 authentication. If not provided, will use AZURE_SENTINEL_TENANT_ID or AZURE_TENANT_ID env var. client_id (str, optional): Azure Client ID (Application ID) for OAuth2 authentication. If not provided, will use AZURE_SENTINEL_CLIENT_ID or AZURE_CLIENT_ID env var. client_secret (str, optional): Azure Client Secret for OAuth2 authentication. If not provided, will use AZURE_SENTINEL_CLIENT_SECRET or AZURE_CLIENT_SECRET env var. )Z llm_providerZAZURE_SENTINEL_DCR_IMMUTABLE_IDZAZURE_SENTINEL_STREAM_NAMEzCustom-LiteLLMZAZURE_SENTINEL_ENDPOINTZAZURE_SENTINEL_TENANT_IDZAZURE_TENANT_IDZAZURE_SENTINEL_CLIENT_IDZAZURE_CLIENT_IDZAZURE_SENTINEL_CLIENT_SECRETZAZURE_CLIENT_SECRETzrAZURE_SENTINEL_DCR_IMMUTABLE_ID is required. Set it as an environment variable or pass dcr_immutable_id parameter.zbAZURE_SENTINEL_ENDPOINT is required. Set it as an environment variable or pass endpoint parameter.zwAZURE_SENTINEL_TENANT_ID or AZURE_TENANT_ID is required. Set it as an environment variable or pass tenant_id parameter.zwAZURE_SENTINEL_CLIENT_ID or AZURE_CLIENT_ID is required. Set it as an environment variable or pass client_id parameter.zAZURE_SENTINEL_CLIENT_SECRET or AZURE_CLIENT_SECRET is required. Set it as an environment variable or pass client_secret parameter./z/dataCollectionRules/z /streams/z?api-version=2023-01-01z"https://monitor.azure.com/.defaultN flush_lock)rrZLoggingCallbackasync_httpx_clientosgetenvr r r r rr ValueErrorrstrip api_endpoint oauth_scope oauth_tokenoauth_token_expires_atasyncioLockrsuper__init__ create_taskZperiodic_flush log_queue)selfr r r r rrkwargs __class__ri/home/app/Keep/.python/lib/python3.10/site-packages/litellm/integrations/azure_sentinel/azure_sentinel.pyr"sb    zAzureSentinelLogger.__init__returncsddl}|jr|jr||jdkr|jS|jdus Jd|jdus)Jd|jdus2Jdd|jd}|j|j|jd d }|jj||d d id IdH}|j dkrbt d|j d|j | }| d|_| dd}|jsyt dddl}|||_|jS)z Get OAuth2 Bearer token for Azure Monitor Logs Ingestion API Returns: Bearer token string rN<ztenant_id is requiredzclient_id is requiredzclient_secret is requiredz"https://login.microsoftonline.com/z/oauth2/v2.0/tokenZclient_credentials)rrscopeZ grant_type Content-Typez!application/x-www-form-urlencodedurldataheaderszFailed to get OAuth2 token:  - Z access_token expires_iniz2OAuth2 token response did not contain access_token)timerrr rrrrpost status_code Exceptiontextjsonget)r"r2Z token_urlZ token_dataresponseZtoken_responser1rrr&_get_oauth_tokenxsD   z$AzureSentinelLogger._get_oauth_tokenc z3td||dd}|durtdWdS|j|t|j|jkr2|IdHWdSWdSt yV}zt dt |dt WYd}~dSd}~ww)a" Async Log success events to Azure Sentinel - Gets StandardLoggingPayload from kwargs - Adds to batch queue - Flushes based on CustomBatchLogger settings Raises: Raises a NON Blocking verbose_logger.exception if an error occurs z>Azure Sentinel: Logging - Enters logging function for model %sstandard_logging_objectN;Azure Sentinel: standard_logging_object not found in kwargsAzure Sentinel Layer Error -  rdebugr8warningr!appendlenZ batch_sizeasync_send_batchr5 exceptionstr traceback format_excr"r#Z response_obj start_timeend_timeZstandard_logging_payloaderrr&async_log_success_events,   z+AzureSentinelLogger.async_log_success_eventc r;)a" Async Log failure events to Azure Sentinel - Gets StandardLoggingPayload from kwargs - Adds to batch queue - Flushes based on CustomBatchLogger settings Raises: Raises a NON Blocking verbose_logger.exception if an error occurs zFAzure Sentinel: Logging - Enters failure logging function for model %sr<Nr=r>r?r@rJrrr&async_log_failure_events.   z+AzureSentinelLogger.async_log_failure_eventc s8zzb|jsWW|jdStdt|jddlm}|IdH}||j}d|dd}|jj |j | d|d IdH}|j d vr\t d |j |jtd |j d |jtd|j Wn!ty}ztdt|dtWYd}~n d}~wwW|jdSW|jdS|jw)z Sends the batch of logs to Azure Monitor Logs Ingestion API Raises: Raises a NON Blocking verbose_logger.exception if an error occurs Nz)Azure Sentinel - about to flush %s eventsr) safe_dumpszBearer zapplication/json) Authorizationr*zutf-8r+)r/z5Azure Sentinel API error: status_code=%s, response=%sz'Failed to send logs to Azure Sentinel: r0z1Azure Sentinel: Response from API status_code: %sz)Azure Sentinel Error sending batch API - r?)r!clearrrArDZ*litellm.litellm_core_utils.safe_json_dumpsrPr:rr3rencoder4errorr6r5rFrGrHrI)r"rPZ bearer_tokenbodyr.r9rMrrr&rEsP.     z$AzureSentinelLogger.async_send_batch)NNNNNN) __name__ __module__ __qualname____doc__rrGrr:rNrOrE __classcell__rrr$r&r s2V8$%r )rZrrrHtypingrrZlitellm._loggingrZ(litellm.integrations.custom_batch_loggerrZ&litellm.llms.custom_httpx.http_handlerrrZlitellm.types.utilsrr rrrr&s