Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ Windows Registry ✔️ Windows Files ✔️ Linux Files ✔️ Windows Software
This tutorial describes how to change a workspace and configure data collection rule.
Prerequisites
Before you change a workspace for your virtual machine and configure data collection rule, ensure you've enabled Change Tracking and Inventory on your VM using a data collection rule (DCR). For detailed information on how you can create a Data Collection Rule (DCR), see Create DCR.
Configure Windows, Linux files, and Windows Registry using Data Collection Rules
To configure Windows, Linux files, and Windows Registry using Data Collection Rules, follow these steps:
Sign in to the Azure portal and select the virtual machine.
Select a specific VM for which you would like to configure the Change tracking settings.
Under Operations, select Change tracking to view all the changes that have taken place on the VM.
Select Settings to view the Data Collection Rule Configuration (DCR) pane. Here, you can do the following actions:
- Configure changes on a VM at a granular level.
- Select the filter to configure the workspace.
- Use the filter to view all the DCRs that are configured to the specific LA workspace level.
Note
The settings that you configure apply to all virtual machines associated with the specified DCR. For more information about DCR, see Data collection rules in Azure Monitor.
Select + Add to configure new file settings. Use the procedure as specified for Windows, Linux files, and Windows Registry.
On the Windows Files tab > Select + Add > Add windows file setting pane, enter the information for the file or folder to track and select Add. The following table describes the properties that you can use to enter the information.
| Property | Description |
|---|---|
| Enabled | True if the setting is applied, and false otherwise. |
| Item Name | Friendly name of the file to be tracked. |
| Group | A group name to group files logically |
| Path | The path to check for the file, for example, c:\temp*.txt. You can also use environment variables, such as %winDir%\System32\*.*. |
| Path Type | The type of path. Possible values are File and Folder. |
| Recursion | True if recursion is used when looking for the item to be tracked, and False otherwise. |
You can now view the virtual machines configured to the DCR from the Data collection rules pane in the Azure portal.
Configure file content changes
To configure file content changes, follow these steps:
In your virtual machine, under Operations, select Change tracking > Settings.
On the Data Collection Rule Configuration pane, select the File Content tab > Link to link the storage account.
On the Content Location for Change Tracking pane, select your Subscription and Storage account to be used for file content change tracking.
Confirm if you are using System Assigned Managed Identity.
Select Upload file content for all settings, and then select Save to ensure that the file content changes for all the files residing in this DCR are tracked.
When the storage account is linked using the system assigned managed identity, a blob is created. For system-assigned managed identity, follow these steps:
Sign in to the Azure portal, go to Storage accounts, and select the storage account.
On the Storage accounts pane, under Data storage, select Containers > Changetracking blob > Access Control (IAM).
On the Changetrackingblob | Access Control (IAM) pane, select Add and, then select Add role assignment.
On the Add role assignment pane, use the search for Blob Data contributor to assign a storage Blob contributor role for the specific VM. This permission provides access to read, write, and delete storage blob containers and data.
Select the role and assign it to your virtual machine.
Upgrade the extension version for Windows and Linux
Note
Ensure that ChangeTracking-Linux/ ChangeTracking-Windows extension version is upgraded to the current general release version: GA Extension Version
Use the following command to upgrade the extension version:
az vm extension set -n {ExtensionName} --publisher Microsoft.Azure.ChangeTrackingAndInventory --ids {VirtualMachineResourceId}
The extension for Windows is Vms - ChangeTracking-Windowsand for Linux is Vms - ChangeTracking-Linux.
Configure using wildcards
To configure the monitoring of files and folders using wildcards, consider the following:
- Wildcards are required for tracking multiple files.
- Wildcards can only be used in the last segment of a path, such as C:\folder\file or /etc/.conf*
- If an environment variable includes a path that is not valid, validation will succeed but the path will fail when inventory runs.
- When setting the path, avoid general paths such as *C: * which will result in too many folders being traversed.
Next steps
To enable Azure Change Tracking and Inventory (CTI) from the Azure portal, see Quickstart: Enable Azure Change Tracking and Inventory.