Forum Discussion
Ingesting Logs through Azure Private Link
Hi,
We are currently using Azure Private Link within our environment and we are attempting to ingest logs into Log Analytics. When I reached out to Microsoft Support, it appears that the CCF connectors will not work using Private Link and the Azure Functions connectors are becoming depricated.
Has anyone else run into this issue and what is the solution for getting logs into Sentinel through the Private Link, specifically API log sources? Did this require a custom app for each of these log sources or some sort of custom script that lives on an AMA host within the Private Link to ingest the logs?
Any advice here would be greatly appeciated.
Thank you,
2 Replies
I believe yes, this is a known architectural limitation, for Sentinel/Log Analytics ingestion over Private Link, it may require Azure Monitor Private Link Scope (AMPLS) + Data Collection Endpoint (DCE) + DCR / Logs Ingestion API. For API sources that are reachable only from your own private network, CCF is generally not the right fit, because CCF is a fully SaaS connector service rather than something that runs inside your VNet.
Use Azure Private Link to connect networks to Azure Monitor - Azure Monitor | Microsoft Learn
Logs Ingestion API in Azure Monitor - Azure Monitor | Microsoft Learn
Create a codeless connector for Microsoft Sentinel | Microsoft Learn
Is there any location where there are pre-made Logs Ingestion API config? Since Azure Functions is also being deprecated as well, this appears to be the only solution for getting API log sources into Sentinel.
