Ship IIS Logs / Event Logs to Azure Log Anlytics?

Question

Have some onprem windows servers and would like to ship the IIS logs and event logs to Azure log analytics. What do we need to install on the onprem vm's to make this happen and how do we configure it?

Mix of Win2008R2 & Windows 2019 VM's

Answer 1

Hi Scott,

You will need the Log Analytics Agent (Microsoft Monitoring Agent) installed on each on-prem servers, and connected (directly or via a Log Analytics Gateway) to your Azure Log Analytics Workspace.
The same Azure Log Analytics Workspace, will need to be configured to "teach" the connected agents to send IIS logs (where IIS is installed) and the Windows Event Logs you need.

I give you below a list of articles to help you with the above "plan" :):

1. Create an Azure Log Analytics Workspace - https://learn.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace
2. Log Analytics Agent overview - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent
3. Manually install Log Analytics Agent on Windows computers - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
4. Log Analytics Gateway overview - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/gateway
5. Configure IIS Log collection in Azure Log Analytics Workspace - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-iis-logs
6. Configure Windows Event Log collection in Azure Log Analytics Workspace - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

P.S.
Windows Server 2008 R2 is supported by the Log Analytics Agent - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview#supported-operating-systems

Enjoy your analysis!
George