Share via

Log Analytics Audit Login to Servers Onpremise

David Hernan Escalier Yañiquez 21 Reputation points
2021-04-29T15:22:00.413+00:00

Hi team, how can I create alerts to see the logins on their servers, these servers are in OnPremise and all servers have the Log Analytics agent installed, they do not have any server in Azure and less a VPN.

From Azure Log Analytics, I can't configure the query or is there another method?

Thanks for the help.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,146 questions
0 comments
Accepted answer
  1. Yash Mudaliar 191 Reputation points Microsoft Employee
    2021-05-02T12:45:28.743+00:00

    Hi @David Hernan Escalier Yañiquez ,

    If you have onboarded the servers on the log analytics workspace (LAW), you can monitor the logs via the 'Security Events' connector in Sentinel. You can enable the 'Application' and 'System' logs from Agents Configuration in LAW and that should do.

    Please upvote my answer if it was relevant or helpful.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.