Forum Discussion
Azure Activity data collector with Azure Policy : data is not ingested
- I finally found out what the problem was. I had forgotten to enable a remediation during the policy creation. ow it works.
GaryBushey , thank you for your answer. The diagnostic settings worked with the old version of the connector. The new one relies on an Azure Policy that i supposed to send the activity to Sentinel's log. Or do I also need to configure the diag settings for this new connector ? It's not mentioned in MS's docs.
Regards,
P.
- Sorry for my misunderstanding. The policy show 100% Compliant, no errors. Problem - ? - is that the policy also tells me there's no ressource associated. I scoped it to the Subscription I want to monitor via Azure Activity connector - as per MS doc. But do I need to add my Sentinel Log Analytics workspace as a resource to this policy ?
PhilippeAugras I think that it makes sense that there is no ressources associated, because the policy is applied to the subscription only and not specific resources.
So if you go to the subscription for which you applied the policy, then choose "Activity Logs" and then choose "Diagnostic Settings" in the top of the window, you should be able to see the diagnostic settings from the subscription is being sent to sentinel.
It seems like you expect all resources in the subscription to have their diagnostic settings updated (please correct me if im wrong). Only the chosen subscription's diagnostic settings will be set.
Bonus: if you want to have multiple subscriptions set, you need to create a management group, and assign the policy to a group containing multiple subscriptions.- I finally found out what the problem was. I had forgotten to enable a remediation during the policy creation. ow it works.
