Forum Discussion
Review events of a File Server de Windows with azure Monitor
Hello, I am looking for a way to be able to consult the events that I get from my file server onpremise with azure monitor.
Some can give me some idea of how to do it.?
Noa Kuperberg
Microsoft
MicrosoftHi Karlos_Mar,
Not sure what exactly you need here. To collect events from your server, you should install a Log Analytics agent on it (read more here).
If you're already collecting logs and need help analyzing them - please explain what data you want to get from your logs.
Thanks!
Hello, Noa
I have a local on-premises server that is as a file server, this one already has auditing enabled for (access object), the server also has AMA and at the Azure Monitor level Security Center is enabled However there are event IDs that when I make the query kusto do not come out, 4659
Now if I execute the query 4663 sale but it does not bring me the information that an object has been deleted, if I go to the local Event Viewer of the team the event appears even 4659.
Again in the case of event id 4663 i observe that in the query it brings me information about the event but taken from the XML.
I have a local on-premises server that is as a file server, this one already has auditing enabled for (access object), the server also has AMA and at the Azure Monitor level Security Center is enabled However there are event IDs that when I make the query kusto do not come out, 4659
Now if I execute the query 4663 sale but it does not bring me the information that an object has been deleted, if I go to the local Event Viewer of the team the event appears even 4659.
Again in the case of event id 4663 i observe that in the query it brings me information about the event but taken from the XML.