Azure Monitor

Rahul Nair 86 Reputation points
2022-01-20T21:34:58.91+00:00

Hello, I do the Azure CSPM Integration for my company. I came across few checks for which I have to write the code.

  • Ensures Load Balancers Log Analytics logs are being properly delivered to Azure Monitor
  • Ensures Key Vault Log Analytics logs are being properly delivered to Azure Monitor
  • Ensures Network Security Group logs are sent to the Log Analytics workspace
  • Ensures the Log Profile is configured to export all activities from the control and management planes in all active locations
  • Ensures that Log Profiles have a long retention policy.
  • Ensure that Azure Monitor Logs are enabled for all logging categories and being archived in a Storage Account.

How do I enable these in the Azure Portal.. Also, since it's all sent to the Monitor, what is the endpoint to retrieve the JSON Data of the monitor after enabling these..? I know it might be a lot, but please help me out.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,787 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 20,781 Reputation points MVP
    2022-01-21T08:17:00.393+00:00

    Hi,
    All these refer to enabling Diagnostic settings on the mentioned resources and sending them to Log Analytics workspace. Diagnostic settings can be configured to send logs to Storage account as well which is probably the last requirement. There is also ability to export logs from Log Analytics to storage account but it has certain limitations that should be aware. Most notably not all tables in Log Analytics are supported. This item "Ensures the Log Profile is configured to export all activities from the control and management planes in all active locations" probably refers to sending Azure Activity logs to Log Analytics which is basically configuring diagnostic settings on the subscription(s). You can also use Azure Policy to enforce these settings. There are built-in policy definitions available just search for diagnostic settings or Log Analytics and you will see different policies available. Retention for placing the logs on Storage account is configured when you set the diagnostic settings. Retention for Log Analytics is either configured on workspace level or on table level. The requirements are a little vague and very general so you will have to do some reading on the docs mentioned.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful