Allow full IP to be collected
App Insights drops the last octet of an IP. The only way to collect full IP is to do it manually or mess with telemetry initializers. Not a big deal, but IPs are not so sensitive and I don't think these should be obfuscated at all. At least give us an option (ideally in the portal) to collect the full IP.
In order to enable IP collection the customer needs to set “DisableIpMasking” property of Application Insights component to “true”. This can be done either in their ARM templates or by calling REST API.
If they want to update in bulk they can use a script that calls PATCH on each resource with the following payload:
PATCH https://management.azure.com/subscriptions//resourceGroups//providers/microsoft.insights/components/?api-version=2018-05-01-preview HTTP/1.1
Hope this helps!
Missed your question back in July Rich. Sorry. There is more info in the document here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-collection#storing-ip-address-data
Can you add more detail on calling the REST API? According to the docs - https://dev.applicationinsights.io/reference - I only see endpoints to get metrics and run queries. Not to update properties.
Justin Sherinski commented
I know this is an old thread, but I wanted to include my 2cents. I really like the beauty of App Insights - it is providing a great deal of information about our web apps.
Why would we need to know the IP Address? It's quite simple - When you're hosting an application that roughly 3,500 individual users will access and generate roughly 3 times the hits per hour - if someone is complaining about slowness or failed page loading being able to search by IP will assist in locating the related requests exponentially faster.
For now I'll figure out how to incorporate the custom event per the thread below - but this really should be a default feature!
Ole Albers commented
I strongly agree that this behavior is the best way to do it. Especially since we have the GDPR I am very happy that we do not collect personal data like the IP. Otherwise we would have to add the possibility to download and delete that data.
As mentioned, AI is not an "intrusion detection system", but focusses on the application, not the user
Akash Kava commented
Whole purpose of Application Insights to find failures and attacks !! How on earth we find IP of an attacker constantly trying to harm server, is it not one of the biggest potential benefit of using Application Insights?
Usman Masood commented
we have a good user base often from same city for api services. sometime we are receiving a lot of requests for a particular api where user is getting some error (often due to authentication) and we have no context available to track them and ask them to fix this.
Jeff Pigott commented
WE need this as we have a large BI Internet Explorer application that is running queries. The application shares a integrated security user/pass so we need the IP Address to help identify the end user machine.
Thanks for your feedback. We already support logging of the full IP. Just log it using the AI SDK as a custom event. We've also added a suggestion to add an option (off by default) to collect full IP as part of the default auto-collection. Please let us know if you are still blocked on your scenario.
-AI Product Team
Why do Microsoft care why we want the full IP? Just add an option to turn on.
And the best and only argument you need is that customers, partners and developers might want it, and it is your job to make the framework as flexible and useful as possible.
Stop this "big brother" attitude, it is getting really close to fascism!
Re. "Can you describe a scenario where the full IP is required to triage/diagnose a production issue?"
Our specific case was being crawled by unknown sources. We want to know the IP(s) of these crawlers for a couple of reasons:
1- We want to completely block their IP
2- We want to throttle their traffic differently than other customers
We have intranet web application which we track all access to. Restrictions are placed multiple ways from the application. Application Insights can be used to track access to the different parts of out application and monitor how well the sites are doing from each of the locations connect to the application. For our use it will not collect non-company resources because only company resources can have valid access. An issue for us is six of our public ip addresses are the same except for the last octet.