建立資料收集規則的 API 要求範例 (DCR)
本文提供建立資料收集規則 (DCR) 和 DCR 關聯 (DCR) 以搭配 Azure 監視器代理程式 (AMA) 使用的 API 要求和回應的一些範例。
Syslog/CEF
下列範例適用於使用 AMA 收集 Syslog 和 CEF 訊息的 DCR。
Syslog/CEF DCR
這些範例包括用於建立 DCR 的 API 要求和回應。
Syslog/CEF DCR 建立要求 URL 和標頭
範例:
PUT https://management.azure.com/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Insights/dataCollectionRules/Contoso-DCR-01?api-version=2022-06-01
Syslog/CEF DCR 建立要求本文
以下是 DCR 建立要求的範例。 針對每個資料流,您可以在一個 DCR 中擁有數個 ,根據您想要擷取的訊息來源來變更欄位的值 "Streams"
:
記錄來源 | "Streams" 域值 |
---|---|
Syslog | "Microsoft-Syslog" |
Cef | "Microsoft-CommonSecurityLog" |
Cisco ASA | "Microsoft-CiscoAsa" |
{
"location": "centralus",
"kind": "Linux",
"properties": {
"dataSources": {
"syslog": [
{
"name": "localsSyslog",
"streams": [
"Microsoft-Syslog"
],
"facilityNames": [
"auth",
"local0",
"local1",
"local2",
"local3",
"syslog"
],
"logLevels": [
"Critical",
"Alert",
"Emergency"
]
},
{
"name": "authprivSyslog",
"streams": [
"Microsoft-Syslog"
],
"facilityNames": [
"authpriv"
],
"logLevels": [
"Error",
"Alert",
"Critical",
"Emergency"
]
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.OperationalInsights/workspaces/Contoso",
"workspaceId": "11111111-2222-3333-4444-555555555555",
"name": "DataCollectionEvent"
}
]
},
"dataFlows": [
{
"streams": [
"Microsoft-Syslog"
],
"destinations": [
"DataCollectionEvent"
]
}
]
}
}
Syslog/CEF DCR 建立回應
以下是您應該根據上述範例要求收到的回應:
{
"properties": {
"immutableId": "dcr-0123456789abcdef0123456789abcdef",
"dataSources": {
"syslog": [
{
"streams": [
"Microsoft-Syslog"
],
"facilityNames": [
"auth",
"local0",
"local1",
"local2",
"local3",
"syslog"
],
"logLevels": [
"Critical",
"Alert",
"Emergency"
],
"name": "localsSyslog"
},
{
"streams": [
"Microsoft-Syslog"
],
"facilityNames": [
"authpriv"
],
"logLevels": [
"Error",
"Alert",
"Critical",
"Emergency"
],
"name": "authprivSyslog"
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.OperationalInsights/workspaces/Contoso",
"workspaceId": "11111111-2222-3333-4444-555555555555",
"name": "DataCollectionEvent"
}
]
},
"dataFlows": [
{
"streams": [
"Microsoft-Syslog"
],
"destinations": [
"DataCollectionEvent"
]
}
],
"provisioningState": "Succeeded"
},
"location": "centralus",
"kind": "Linux",
"id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Insights/dataCollectionRules/Contoso-DCR-01",
"name": "Contoso-DCR-01",
"type": "Microsoft.Insights/dataCollectionRules",
"etag": "\"00000000-0000-0000-0000-000000000000\"",
"systemData": {
}
}
Syslog/CEF DCRA
Syslog/CEF DCRA 建立要求 URL 和標頭
PUT
https://management.azure.com/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Compute/virtualMachines/LogForwarder-VM-1/providers/Microsoft.Insights/dataCollectionRuleAssociations/contoso-dcr-assoc?api-version=2022-06-01
Syslog/CEF DCRA 建立要求本文
{
"properties": {
"dataCollectionRuleId": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Insights/dataCollectionRules/Contoso-DCR-01"
}
}
Syslog/CEF DCRA 建立回應
{
"properties": {
"dataCollectionRuleId": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Insights/dataCollectionRules/Contoso-DCR-01"
},
"id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/ContosoRG/providers/Microsoft.Compute/virtualMachines/LogForwarder-VM-1/providers/Microsoft.Insights/dataCollectionRuleAssociations/contoso-dcr-assoc",
"name": "contoso-dcr-assoc",
"type": "Microsoft.Insights/dataCollectionRuleAssociations",
"etag": "\"00000000-0000-0000-0000-000000000000\"",
"systemData": {
}
}
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應