Forum Discussion
MaheshUTP
Mar 02, 2021Copper Contributor
ASC auto provisioning
Hi Team,
Suppose we have one centralized management subscription. In that centralized subscription we have created log analytic workspaces in different regions. These log analytic workspaces are enabled with sentinel. due to compliance reason, we would like to keep the log data within the region,
how we can automate the auto provisioning in a way, that each VM's syslog or event logs should forwarded into correct log analytic workspace in centralized subscription.
References:
Support Regions: https://docs.microsoft.com/en-us/azure/security-center/faq-data-collection-agents
Enable AutoProvision: Install the Log Analytics agent for Linux
- StanislavBelov
Microsoft
Hi Mahesh,
Unfortunately, the auto-provisioning is a subscription wide configuration, that means that all VMs in the sub will send data to the same ALA workspace (which can be in a different subscription). That said, if you group your regional resources under separate subs, you can use auto provisioning to accomplish your goal.
Alternatively, you may consider using manual agent provisioning and target agents to different ALA workspaces based on certain criteria, e.g. location, tags, etc.