Forum Discussion
Log analytics agent basic logs / analytics logs
Does this mean the log analytics agent will be able to send important logs directly to the LAW and mundane logs into basic logs? Or will you still need some proxy/log collector in between to distingu...
Looking at the documents, it looks like basic logs will apply at a table level, and only certain types of tables are supported.
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=api-1%2Cportal-1
Looking at the types of tables that are supported for basic logs, it does not look like you could do this with logon info and dns data from regular windows servers, unless you somehow use a REST API client with the Data Collection Rule (DCR)-based custom logs API.
Ah yes interesting. But if you have a log aggregator in the middle like a logstash or fluentd, you can convert them to custom logs and send all that info to basic logs ? Of course this means you have to be very well aware of your own generated logs.
- That might indeed be possible.
However, you would need to use the Data Collection Rule (DCR)-based custom logs API.
The current data connector for logstash does not use the above API, but instead uses the HTTP Data Collector REST API, so you would need to migrate to the required API or not use the data connector at all.
https://docs.microsoft.com/en-us/azure/sentinel/connect-logstash
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate
I do not have any experience here so cannot give a definite answer unfortunately.