Additional logs for Azure VM filebeat module in my operating system
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 67%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Carolina Zamisnicu
316
Reputation points
Hello,
I have a question regarding the logs received from Azure. Is there any possibility that I might receive other logs that can be useful for an analyst besides the internal logs that I'm receiving from my VM (the linux kind of logs that I'm receiving due to the Azure filebeat module that I installed on my VM)?
For example, if Windows is creating other logs for my VM while the internal ingestion of data is being made in the VM environment.
If there are any other logs, besides that ones that I ingest in Elastic from my VM, how can I collect them? Should I use a separate storage account for them?
I wonder that if there are other logs they might be interesting for me (from an analyst perspective) and I should also take them into consideration.
Thank you!
Windows development | Windows API - Win32
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,256 Reputation points Microsoft Employee Moderator2021-08-23T21:48:03.01+00:00 Filebeat covers activity, sign-in, and audit logs. https://cloudblogs.microsoft.com/opensource/2021/01/07/how-to-monitor-azure-infrastructure-filebeat-elastic-observability/
Sign in to comment
Sign in to answer