Forum Discussion
MicrosoftGovernance log way to see source of logs?
In the MDCA governance log, you can see all of the uploaded logs and current status. The question is when it has errors, or of there is less data than you think, how can you tell where the data is coming from? what if you have multiple logs going to a single collector? Is there anyway to get the identity of source of the individual files? What collector and what appliance?
Hi michaelblanchard,
Yes, there is a way to see the source of the logs in the MDCA governance log.
The column "Source" shows the IP address of the device that uploaded the log.
If you have multiple logs going to a single collector, you can use this information to identify the source of each log.Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
Example:
The following table shows an example of a governance log with the source column:
Time Source Status2023-09-27 11:32:11 192.168.1.100 Success 2023-09-27 11:32:12 192.168.1.101 Failure 2023-09-27 11:32:13 192.168.1.102 Success In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.
If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.
You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
2 Replies
Hi michaelblanchard,
Yes, there is a way to see the source of the logs in the MDCA governance log.
The column "Source" shows the IP address of the device that uploaded the log.
If you have multiple logs going to a single collector, you can use this information to identify the source of each log.Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
Example:
The following table shows an example of a governance log with the source column:
Time Source Status2023-09-27 11:32:11 192.168.1.100 Success 2023-09-27 11:32:12 192.168.1.101 Failure 2023-09-27 11:32:13 192.168.1.102 Success In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.
If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.
You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
michaelblanchardI don't see that field in the governance log, only "initiator"