Azure Storage Blob Container Configuration Example
Unlock seamless integration by configuring the Nodinite Pickup Logging Service to fetch JSON Log Events directly from your Azure Storage Account Blob Containers. This guide empowers you to set up secure, scalable, and reliable log event collection for your enterprise systems.
✅ Effortless integration with Azure Storage Account Blob Containers
✅ Secure and reliable log event collection
✅ Scalable setup for enterprise environments
✅ Long-term storage and compliance-ready
The diagram above illustrates how the Pickup Service interacts with Azure Blob Containers, processes messages, and stores them in the Nodinite Log Database. Invalid messages are routed to the Backout Container for further review.
BlobContainers
The BlobContainers section lets you manage all Azure Storage Account Blob Container sources for your log events.
In the Remote Configuration GUI, navigate to the Blob Containers tab. Here, you can add, edit, or remove Blob Container configurations. Each configuration defines how the Nodinite Pickup Log Events Logging Service connects to and processes messages from a specific Azure Blob Container.
Example of the Blob Container configuration tab in the Remote Configuration GUI.
Click the Add button to create a new Blob Container configuration. Fill in the required fields, such as container name, connection credentials, and backout container settings. You can also configure access verification and blob cleanup options.
Example of a Blob Container configuration accordion in the Remote Configuration GUI.
Expand the accordion for each Blob Container configuration to access advanced settings, including Replace Rules for message processing. These rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards.
General tab
The General tab provides the fundamental settings for your Blob Container configuration within the Remote Configuration GUI.
The General tab contains basic settings for the Blob Container configuration.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Enabled | Checkbox to activate or deactivate this Blob Container configuration | No | When unchecked, the Pickup Service will skip this configuration |
| Display Name | User-friendly name for this Blob Container source configuration | Yes | Used in the GUI and logs for easy identification |
| Description | Optional detailed description of the Blob Container configuration | No | Helps document the purpose and details of this specific container setup |
Guidelines:
- Use descriptive names that clearly indicate the Azure Storage Account and container purpose (e.g., "Production Azure Storage - Order Events")
- In the Description field, note important details such as the container's business purpose, owner contact, or any special processing notes
- The Display Name appears throughout the Nodinite interface, so keep it concise yet meaningful
- Leave the configuration disabled during initial setup if you're not ready to start consuming messages
Source tab
The Source tab contains the container configuration and blob processing settings for your Azure Storage Account.
The Source tab contains settings for connecting to and processing blobs from the Azure Storage Account container.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Container Name | The unique name of the Azure Blob Storage container | Yes | The container must exist in your Azure Storage Account and contain JSON Log Events formatted as blobs |
| Backout Container | Name of the blob backout container for failed/invalid blobs | Yes | Use a unique backout container per source for easier troubleshooting and monitoring |
| Remove Empty Blobs | Checkbox to automatically delete empty blobs | No | When checked, empty blobs are removed during processing |
Guidelines:
- Ensure the specified Container Name exists in your Azure Storage Account before enabling this configuration
- Use a descriptive container name that reflects the type of events it contains (e.g.,
order-events-log,integration-errors) - Always configure a Backout Container to capture and review invalid or unparseable blobs
- Enable Remove Empty Blobs to keep your storage clean and reduce costs
- Test the connection before scaling to multiple Blob Container sources
- Ensure proper blob naming conventions and UTF-8 encoding for optimal processing
Destination tab
The Destination tab configures where processed log events are stored. By default, events are sent to the Nodinite Log API where they are written to the Log Database for long-term storage and analysis.
The Destination tab contains settings for connecting to the Log API and authentication options.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Use Log API | Checkbox to enable sending events to the Log API | Yes | When checked, processed events are written to the Log Database through the Log API |
| Log API Base URL | Base URL for your Log API instance | Yes | Example: http://{host}:{port}/LogAPI/ |
| Protected | Checkbox to enable OAuth 2.0 authentication | No | Check this if you are using an authenticated Log API |
| Client ID | Public identifier for your application (issued by IDP) | Conditional | Required when Protected is checked |
| Client Secret | Confidential key for application authentication | Conditional | Required when Protected is checked; keep this secure |
| Scope | Space-separated list of access permissions | Conditional | Required when Protected is checked (e.g., read write) |
| IDP Token Endpoint | URL where authentication requests are sent | Conditional | Required when Protected is checked; this is where the client obtains access tokens |
Guidelines:
- Always ensure Use Log API is checked to maintain proper log event storage
- For local/development environments, use unprotected Log API URLs (e.g.,
http://localhost:40002/LogAPI/) - For production environments with authentication, check the Protected checkbox and provide valid OAuth 2.0 credentials
- When using Protected authentication, ensure your Client ID, Client Secret, and Scope are correctly configured with your identity provider (IDP)
- The IDP Token Endpoint must be accessible from the Pickup Service instance
- Keep Client Secret values secure and never commit them to version control
Example Configurations:
- Unprotected:
http://localhost:40002/LogAPI/(Protected checkbox unchecked) - Protected:
https://mynodinite.acme.com:40002/LogAPI/Requires Client ID, Client Secret, Scope, and IDP Token Endpoint configured with your OAuth provider
Example of the Destination tab with Protected authentication enabled.
Authentication tab
The Authentication tab contains the credentials required to connect to and authenticate with your Azure Blob Storage account. Azure Blob Storage supports both connection string authentication and Azure AD App Registration (OAuth) authentication.
![Authentication Tab][8]
The Authentication tab contains settings for connecting to Azure Blob Storage, including authentication options.
Key Fields:
Connection String Method (unchecked "Use App Registration"):
| Field | Description | Required | Notes |
|---|---|---|---|
| Blob Storage Connection String | Full connection string for Azure Storage Account | Yes | Include all necessary credentials and endpoints; format: DefaultEndpointsProtocol=https;AccountName=xxx;AccountKey=xxx;EndpointSuffix=core.windows.net |
| Disable Access Check | Checkbox to skip blob access rights verification | No | When checked, access validation is skipped; uncheck to verify permissions before each run |
Azure AD App Registration Method (checked "Use App Registration"):
![Authentication Tab RBAC Example][9] Example of the Authentication tab using Azure AD App Registration for authentication.
| Field | Description | Required | Notes |
|---|---|---|---|
| Tenant ID | Azure AD Tenant ID (GUID) | Yes | The directory ID where the App Registration is created |
| Storage Account Name | Name of your Azure Storage Account | Yes | Example: mystorageaccount (without .blob.core.windows.net) |
| Client ID | Azure AD App Registration Client ID | Yes | The public identifier for the registered application |
| Client Secret | Azure AD App Registration Client Secret | Yes | The confidential key for application authentication; keep this secure |
| Disable Access Check | Checkbox to skip blob access rights verification | No | When checked, access validation is skipped; uncheck to verify permissions before each run |
Guidelines for Connection String Authentication:
- Use connection string authentication for straightforward setups without Azure AD requirements
- Keep connection strings secure and never commit them to version control
- Rotate storage account keys periodically for enhanced security
- Include all required components in the connection string (protocol, account name, key, endpoint suffix)
- Enable Disable Access Check only if access verification causes performance issues; default is recommended for reliability
Guidelines for Azure AD App Registration Authentication:
- Use Azure AD App Registration for enhanced security and to avoid storing storage keys directly
- Ensure your Azure AD tenant has the App Registration created with appropriate permissions
- Grant the App Registration the "Storage Blob Data Reader" role on the Storage Account
- Keep Client Secret values secure and regenerate them periodically
- Tenant ID and Storage Account Name are both required when using App Registration
- Document which App Registrations are used for which configurations
Security Best Practices:
- Use separate credentials for development, staging, and production environments
- Implement Azure RBAC (Role-Based Access Control) to limit access to the Storage Account
- Regularly review access permissions and remove unused accounts or apps
- Monitor audit logs in Azure to detect unusual access patterns
- Consider using Azure Key Vault to store and manage sensitive credentials
- When using connection strings, prefer shared access keys over master account keys
- For production environments, prefer Azure AD App Registration over connection strings when possible
Replace Rules
Read about Replace Rules in the shared configuration section. Replace Rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards.
The Replace Rules tab allows you to configure rules for modifying message content.
Configuration file
C:\Program Files\Nodinite\Logging Agent - Pickup Service\Settings.json
{
...
"BlobContainers": [
{
"Enabled": true,
"LogAPI": "http://localhost/Nodinite/Dev/LogAPI/",
"UseConfigurationDatabase": false,
"ConfigurationDatabaseConnectionString": null,
"BlobStorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=xyz;AccountKey=xyz==;EndpointSuffix=core.windows.net",
"ContainerName": "nodinitelogevents",
"BackoutContainerName": "nodinitelogeventsbackout",
"DisableCheckAccessRights": false,
"RemoveEmptyBlobs": false,
"ReplaceRules": [
{
"Name": "Fix Endpoint real customer id to {customerId}",
"ReplaceName": false,
"ReplaceUri": true,
"Pattern": "/([0-9]{4,})$",
"Group1Value": "{customerId}"
}]
}]
...
}
BlobContainers is an array of BlobContainer configurations. Each entry defines how the Log Agent connects to and processes messages from a specific Azure Blob Container. This setup ensures your Nodinite JSON Log Events are reliably collected and managed.
| Property | Description | Value Example | Comment |
|---|---|---|---|
| RemoveEmptyBlobs | When true, the system removes empty blobs |
true, false |
Empty blobs should not exist |
| BlobStorageConnectionString | Connection string for Storage Account | DefaultEndpointsProtocol=https;AccountName=replaceme;AccountKey=replaceme;EndpointSuffix=core.windows.net |
|
| ContainerName | The Container with Blobs (Nodinite JSON Log Events) | nodinitelogevents | |
| BackoutContainerName | The Container for malformed or invalid blobs | nodinitelogeventsbackout | |
| DisableCheckAccessRights | Enable/disable checking access to Containers before each run | false | Opt out to save costs, but default is more reliable |
| Enabled | See the Shared Configuration section for more info | ||
| LogAPI | See the Shared Configuration section for more info | ||
| UseConfigurationDatabase | See the Shared Configuration section for more info | ||
| ConfigurationDatabaseConnectionString | See the Shared Configuration section for more info | ||
| ReplaceRules | See the shared Replace Rules section for more info |
Important
You must restart the Nodinite Pickup Logging Service for configuration changes to take effect.