Forum Discussion
Automatic Log Upload using Docker on Ubuntu in Azure
- Aug 27, 2018
It appears they made some changes based on my comments because the portal generated command now appears as follows --
(echo e8f2683d346b4cb90e3184b7de7fd464841358808b6ff6fe19fde25b18e78a1) | docker run --name LogCollector_Azure -p 514:514/udp -p 515:515/udp -p 21:21 -p 20000-20099:20000-20099 -e "PUBLICIP='10.3.2.20'" -e "PROXY=" -e "SYSLOG=true" -e "CONSOLE=sawdustinvestments.us2.portal.cloudappsecurity.com" -e "COLLECTOR=LogCollector_Azure" --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --restart unless-stopped -a stdin -i microsoft/caslogcollector starter
I started a support case and by the time they got back to me I'd sorted it out. I changed my command as follows and then it worked --
(echo e8f2683d346b4cb90e3184b7de7fd464841358808b6ff6fe19fde25b18e78a1) | docker run --name LogCollector_Azure -p 21:21 -p 514-515:514-515/udp -p 20000-20099:20000-20099 -e "PUBLICIP='10.3.2.20'" -e "PROXY=" -e "SYSLOG=true" -e "CONSOLE=sawdustinvestments.us2.portal.cloudappsecurity.com" -e "COLLECTOR=LogCollector_Azure" --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --restart unless-stopped -a stdin -i microsoft/caslogcollector starter
I think the commands being generated by the portal during the setup of the collector are wrong when configuring syslogs. I'd used them successfully in the past, but I don't have any record of what they looked like when I last set up a collector successfully. The support engineer said he'd pass my comments back to the team so that they could check on the issue.
Phil
It appears they made some changes based on my comments because the portal generated command now appears as follows --
(echo e8f2683d346b4cb90e3184b7de7fd464841358808b6ff6fe19fde25b18e78a1) | docker run --name LogCollector_Azure -p 514:514/udp -p 515:515/udp -p 21:21 -p 20000-20099:20000-20099 -e "PUBLICIP='10.3.2.20'" -e "PROXY=" -e "SYSLOG=true" -e "CONSOLE=sawdustinvestments.us2.portal.cloudappsecurity.com" -e "COLLECTOR=LogCollector_Azure" --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --restart unless-stopped -a stdin -i microsoft/caslogcollector starter