Forum Discussion
Send Windows Event Logs Into Log Analytics Workpace
I have some on-premise servers where I would like to send specific Windows event log IDs to a Log Analytics workspace. I see I can download the MMA agent. How to configure it to only send specific Ev...
Is this definitely true? Azure Sentinel gives you preconfigured options for only sending certain Security Event IDs, see https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events.
It seems like the functionlity to only send specific events from certain logs is there in Microsoft Monitoring Agent, but I've yet found any info on how we can configure that ourselves.
Sending everything from the System log on all my devices would cost way too much, and I am only interested in a few events.
It seems like the functionlity to only send specific events from certain logs is there in Microsoft Monitoring Agent, but I've yet found any info on how we can configure that ourselves.
Sending everything from the System log on all my devices would cost way too much, and I am only interested in a few events.
hspinto
Microsoft
MicrosoftThe ability to send specific Event logs in MMA exists in some solutions, such as Azure Defender or Sentinel. But other than specific solutions, you can't have granular control over event log capture. However, the new Azure Monitor Agent (in Preview) will be able to do that and much more. Have a look here: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview
- Sounds good if you're wanting to monitor VMs in Azure, but I am using Azure Sentinel to pull logs from laptops, and it seems Azure Monitor is (currently) not interested in physical stuff.
- hspintoThe Azure Monitor Agent works with Azure Arc onboarded servers. It doesn't work yet with client OSes. https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview#supported-operating-systems