Forum Discussion
Send Windows Event Logs Into Log Analytics Workpace
I have some on-premise servers where I would like to send specific Windows event log IDs to a Log Analytics workspace. I see I can download the MMA agent. How to configure it to only send specific Ev...
hspinto
Microsoft
MicrosoftThe ability to send specific Event logs in MMA exists in some solutions, such as Azure Defender or Sentinel. But other than specific solutions, you can't have granular control over event log capture. However, the new Azure Monitor Agent (in Preview) will be able to do that and much more. Have a look here: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview
Sounds good if you're wanting to monitor VMs in Azure, but I am using Azure Sentinel to pull logs from laptops, and it seems Azure Monitor is (currently) not interested in physical stuff.
- hspintoThe Azure Monitor Agent works with Azure Arc onboarded servers. It doesn't work yet with client OSes. https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview#supported-operating-systems