How to get Azure logs working

Jack Hobbs 0 Reputation points

Pre warning, I have pretty much no IT experience so the issue might be staring me right in the face on this one

On Azure, I have hooked up a Log analytics workspace to my azure vm which is a honeypot for a SIEM that I am trying to configure as a project.

I hooked the LAW up to a .log file which is getting updated regularly by, and I can see the failed rdp's coming in with no issue. only when I try to access it or anything else such as a SecurityEvent Query with Azure LAW logs, it comes up with "No results found within the last 24 hours"

I must be missing something but I can't for the life of me figure out what.

Any help would be appreciated.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,530 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dillon Silzer 54,831 Reputation points

    Hi Jack,

    I have had issues with syslog before on a server. It required quite a bit of troubleshooting, with no clear solution to fixing the problem. The best thing is to create a ticket with Azure Support to figure this out:

    You could always use the troubleshooter steps yourself:

    Troubleshoot your CEF or Syslog data connector

    If this is helpful please accept answer.

    0 comments No comments