you need to collect all the audit failure data from the security log of a virtual machine to an azure storage account.
process :
Azure monitor can collect data directly from your azure virtual machines into a log analytics workspace for detailed analysis and correlation.
1. In the Azure Portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input.
Select Log Analytics workspaces.
2. Select create and then select choices for the following items.
3. After providing the required information on the Log Analytics workspace panel, select OK.
while the information is verified and the workspace is created, and you can track its progress under notifications from the menu.
4. Enable the log analytics VM extension
Installing the Log Analytics VM extension for windows and linux allows azure monitor to collect data from your Azure VMs.
[ on the left-hand menu, under workspace Data Sources, select Virtual Machines. In the list of virtual machines, select a virtual machine you want to install the agent on. Notice that the log analytics connection status for the VM indicates that it is not connected ].
[ In the details for your virtual machine, select Connect. The agent is automatically installed and configured for your Log Analytics workspace. This process takes a few minutes, during which time the status shows connecting ].
After you install and connect the agent, the Log Analytics connection status will be updated with this workspace.
reference:
No comments:
Post a Comment