Windows log collection via AMA from local (offline) device

Question

Hello,

I need to find a solution to collect logs with windows Azure Monitoring Agent (AMA) from strict on-premises environment, no internet access.

Servers are not in Azure and does not have Azure Arc agents.

Right now log collection is done by legacy agents (OMS). Its configured to send windows event logs to other server with legacy agent installed which has internet access and forwards all log data to Azure Log Analytics workspace.

Because of upcoming changes (retire of Log Analytics agent date) I need to find a solution to keep log collection if possible with current environment design.

Copy from MS documentation:

Note: On 31 August 2024, we'll retire the Log Analytics agent that you use in Azure Monitor. Before that date, you'll need to start using the Azure Monitor agent to monitor your VMs and servers in Azure.

Any ideas or workarounds are welcome!

Answer 1

The primary challenge is with no internet access, there is no direct communication with Azure Monitor. As a workaround you can try sending logs via a forwarder and leveraging custom log collection See: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola

Answer 2

If you can use a proxy you can try the log analytics gateway. The gateway should be sending the logs.

You only need to configure a the clients to use the proxy server.

See https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-network-configuration?tabs=PowerShellWindows#log-analytics-gateway-configuration

You can mark it 'Accept Answer' and 'Upvote' if this helped you