Sigin Logs of Azure Virtual Machine

MuthuKugan · ‎Feb 22 2022

Hi, Is there any way to find out number of users logged in into each azure vm's and signed in user information from azure portal. In log Analytics workspace also we verified, we couldn't able to see any parameters required to collect the user signed in information and count of users.

Could u please let us know to configure the same from azure portal.

David Pazdera · ‎Feb 22 2022

Sign in to Azure VMs (e.g., an RDP or an SSH session) is a 'data plane' operation that is logged on the VM level in the Event log (or syslog), not in the Azure Activity Log (unless you are using Azure AD Sign-in to VMs feature). There is a way to collect System Event Log (or syslog) to Log Analytics using Log Analytics agent, but this needs to be configured properly.

MuthuKugan · ‎Feb 23 2022

@David Pazdera ok, Thanks for the comment. can u provide the exact steps on collecting system event log to log analytics.

David Pazdera · ‎Feb 24 2022

One of the options is to use the Microsoft Monitoring Agent (MMA), also known as Log Analytics Agent and use the following article to configure Event Logs as 'data sources': https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

Tejasree12032 · ‎Jun 30 2022

@David Pazdera

But in logs the username was not specified. How we can find which user has logged in.

Sigin Logs of Azure Virtual Machine

Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Sigin Logs of Azure Virtual Machine

Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine

Re: Sigin Logs of Azure Virtual Machine