Configure a VM to feed its Event Logs into App Insights or the Data Lake?

Cataster 641 Reputation points
2021-10-29T00:32:32.247+00:00

We want to add Azure cloud compute audit logs to Data Lake. For Virtual Machines, these would be Event Logs, and includes one time historical and ongoing. We want to do this for auditing purposes. Is there an option we can enable for this? We are trying to avoid having to feed this data manually extracting and then loading the data ourselves. So if there is an option in place that would be ideal!!

I looked into the possibility of ETW Events but isnt that just useful at the application level and not the VM level?

Ive also looked at this thread and there was a comment referring to an alternative solution called "Log Analytics" from Azure but clicking the link leads to an unknown page

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,783 questions
Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,335 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,081 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KalyanChanumolu-MSFT 8,316 Reputation points
    2021-10-29T06:13:06.727+00:00

    @Cataster Thank you for reaching out.

    If you need to ingest event logs into Azure Data Lake, you will need to build an ingestion pipeline that will extract and load data.

    However, if the requirement is to hold this data for auditing purposes, Azure Monitor offers a cheaper and scalable option.
    You can persist the event and activity logs (you can choose the retention period) not just for Virtual machines but for many other Azure services that you may provision in future.

    Please refer to this document to understand more.
    Monitor virtual machines with Azure Monitor

    Log Analytics is a feature within Azure Monitor that lets you query the metrics and logs just like you would from Azure DataLake and lets you build reports and dashboards.

    Read more here
    Overview of Log Analytics in Azure Monitor

    Please let us know if you have any further questions.

    ----------

    If an answer is helpful, please click on 130616-image.png or upvote 130671-image.png which might help other community members reading this thread.