Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

URGENT: Confluence Module Missing in Azure Sentinel Function app

Open alakijaD opened this issue 3 years ago • 10 comments

Describe the bug Atlassian Confluence Audit data connector not working as Function app runs with error. No module named '_cffi_backend'

To Reproduce Steps to reproduce the behaviour:

Go to Azure Sentinel - > Function Apps -> your confluence Function App name Click on Configurations tab -> ensure WEBSITE_RUN_FROM_PACKAGE is -> https://aka.ms/sentinel-confluenceauditapi-functionapp Click on Application Insights -> your confluence resource -> transaction search Set to '30 minutes' Every 10 minutes you will see EXCEPTIONs raised - because of No module named '_cffi_backend' present.

I checked the zip package from https://aka.ms/sentinel-confluenceauditapi-functionapp and i saw no module specifically named _cffi_backend

Expected behavior Function app expected to run without error

Additional context Missing module/package in this folder - will affect several organisations worldwide that rely on these logs No confluence logs feeding to Sentinel till remediated.

alakijaD avatar Oct 13 '22 16:10 alakijaD

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 13 '22 16:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 18 '22 05:10 github-actions[bot]

Hi team

This issue is ongoing for us - do you have any comments/updates on the matter?

Will be much appreciated if you could have a look into this

alakijaD avatar Oct 18 '22 10:10 alakijaD

Hi @alakijaD, Can you please add raw link of the zip file as a value for the WEBSITE_RUN_FROM_PACKAGE and try testing the same. WEBSITE_RUN_FROM_PACKAGE - https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAudit/ConfluenceAuditAPISentinelConn.zip?raw=true Let me know if you are still having problems. Thanks

v-mchatla avatar Oct 19 '22 12:10 v-mchatla

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 19 '22 12:10 github-actions[bot]

Hi @alakijaD, Can you please add raw link of the zip file as a value for the WEBSITE_RUN_FROM_PACKAGE and try testing the same. WEBSITE_RUN_FROM_PACKAGE - https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAudit/ConfluenceAuditAPISentinelConn.zip?raw=true Let me know if you are still having problems. Thanks

Hi,

Thanks for the reply - i have since tried this URL and we still have the same exception error "no module named _cffi_backend

Attached are screenshots of the error and the evidence of the error.

In the zip you provided there is no module explicitly named "_cffi_backend"

I've also looked within the cffi folders - none contain a script called _cffi_backend either.

I hope this clarifies the issue

Cheers

Confluence_error

no _cffi_backend module

alakijaD avatar Oct 20 '22 08:10 alakijaD

Hi guys any update on this ?

It is still an ongoing issue for us

Will be much appreciated if you could have a look into this

alakijaD avatar Oct 25 '22 13:10 alakijaD

Hi team

Is there any development on this issue

It is currently disrupting progress to our business

I would greatly appreciate if I could get some feedback

alakijaD avatar Nov 08 '22 16:11 alakijaD

Hi, @alakijaD Are you still facing this issue?

v-vdixit avatar Jan 05 '23 04:01 v-vdixit

Hi, @alakijaD Are you still facing this issue?

Yes still the same issue

alakijaD avatar Jan 05 '23 09:01 alakijaD

@alakijaD This usually happening with python 3.9 and not with python 3.8. Have you made any customizations in deployment? Can you please confirm the python version? Our default settings are 3.8 image

anki-narravula avatar Feb 03 '23 09:02 anki-narravula

Hi @alakijaD could you please confirm the python version, thanks!

v-vdixit avatar Mar 08 '23 07:03 v-vdixit

Hi, sorry just seeing this thread.

Thanks for your response @anki-narravula

Yes from what i can see in the JSON, our linuxFxVersion is python 3.9 - however this appears to be our default setting. How can i change this value?

Within the configuration of the function app, the "FUNCTION_EXTENSION_VERSION"/Function runtime settings, seems to be the only relevant setting. This is currently set to "~3".

alakijaD avatar Mar 08 '23 10:03 alakijaD

@alakijaD - No worries. For consumption plan we dont have option from UI to change. I would suggest to redeploy the function app and our default settings are python 3.8. Or you can change with command - https://stackoverflow.com/questions/72000572/how-to-change-python-version-of-azure-function

If you are using premium function app plan then you can navigate to Configuration --> General Settings and choose

image

anki-narravula avatar Mar 13 '23 13:03 anki-narravula

@alakijaD - No worries. For consumption plan we dont have option from UI to change. I would suggest to redeploy the function app and our default settings are python 3.8. Or you can change with command - https://stackoverflow.com/questions/72000572/how-to-change-python-version-of-azure-function

If you are using premium function app plan then you can navigate to Configuration --> General Settings and choose

image

@anki-narravula - Thank you very much for your support. I have managed to change it to python 3.8 following these instructions. However, we now get a new error:

"TypeError: object of type 'NoneType' has no len() Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py"

Shown by the attachment below

error

alakijaD avatar Mar 15 '23 09:03 alakijaD

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Apr 10 '23 12:04 github-actions[bot]

Hi @alakijaD we have added exception for 'NoneType' error, please use the latest zip in WEBSITE_RUN_FROM_PACKAGE of the function app, thanks!

v-vdixit avatar May 15 '23 12:05 v-vdixit

Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond on it in the next 2 days. If we don't receive response, we will be closing this issue as per our standard procedures, thanks!

v-vdixit avatar May 22 '23 07:05 v-vdixit

Since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

v-vdixit avatar May 24 '23 08:05 v-vdixit

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar May 24 '23 08:05 github-actions[bot]