How to get Azure logs working

Jack Hobbs 0 Reputation points
2023-10-07T21:56:26.83+00:00

Pre warning, I have pretty much no IT experience so the issue might be staring me right in the face on this one

On Azure, I have hooked up a Log analytics workspace to my azure vm which is a honeypot for a SIEM that I am trying to configure as a project.

I hooked the LAW up to a .log file which is getting updated regularly by ipgeolocation.io, and I can see the failed rdp's coming in with no issue. only when I try to access it or anything else such as a SecurityEvent Query with Azure LAW logs, it comes up with "No results found within the last 24 hours"

I must be missing something but I can't for the life of me figure out what.

Any help would be appreciated.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,530 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dillon Silzer 54,831 Reputation points
    2023-10-08T03:15:23.3466667+00:00

    Hi Jack,

    I have had issues with syslog before on a server. It required quite a bit of troubleshooting, with no clear solution to fixing the problem. The best thing is to create a ticket with Azure Support to figure this out:

    https://azure.microsoft.com/en-ca/support/create-ticket

    You could always use the troubleshooter steps yourself:

    Troubleshoot your CEF or Syslog data connector

    https://learn.microsoft.com/en-us/azure/sentinel/troubleshooting-cef-syslog?tabs=cef


    If this is helpful please accept answer.

    0 comments No comments