Data not being collected by Log Analytics workspace

%3CLINGO-SUB%20id%3D%22lingo-sub-1251948%22%20slang%3D%22en-US%22%3EData%20not%20being%20collected%20by%20Log%20Analytics%20workspace%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1251948%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20just%20starting%20with%20Azure%20and%20was%20working%20with%20Azure%20Log%20Analytics.%20I%20created%20a%20new%20Log%20Analytics%20workspace%2C%20connected%20a%20RHEL%206.10%20VM%20with%20it%20and%20then%20configured%20the%20data%20sources%20to%20Syslog%20and%20some%20common%20performance%20counters.%20But%20I%20don't%20see%20any%20data%20being%20collected%20from%20my%20VM%20to%20ALA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20problem%20which%20I%20suspect%20is%20configuration%20of%20the%20NSG%20rules%20on%20the%20subnet%20of%20which%20this%20VM%20is%20part%20of.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%20the%20NSG%20with%20outbound%20rules%20as%20following.%3C%2FP%3E%3CP%3E1.%20Created%20a%20rule%20named%20%E2%80%9CDenyInternet%E2%80%9D%20which%20denies%20all%20internet%20access%20with%20following%20parameters%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ESource%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EDestination%20-%20Service%20Tag%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EService%20tag%20-%20Internet%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EDestination%20port%20range%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EProtocol%20-%20%E2%80%9Cany%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EAction%20-%20Deny%3C%2FP%3E%3CP%20class%3D%22lia-align-left%20lia-indent-padding-left-30px%22%3EPriority%20-%204000%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Created%20another%20outbound%20rule%20which%20allows%20connectivity%20to%20Azure%20Storage%20with%20following%20parameters%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ESource%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20-%20Service%20Tag%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20service%20tag%20-%20%E2%80%9CStorage%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20port%20range%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProtocol%20-%20%E2%80%9Cany%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EAction%20-%20allow%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EPriority%20-%20100%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Create%20third%20outbound%20rule%20which%20allows%20connectivity%20to%20Azure%20Log%20Analytics%20with%20following%20parameters%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ESource%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20-%20Service%20Tag%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20service%20tag%20-%20AzureMonitor%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EDestination%20port%20range%20-%20*%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProtocol%20-%20%E2%80%9Cany%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EAction%20-%20allow%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EPriority%20-%20110%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20as%20per%20the%20above%20rules%20applied%20on%20the%20NSG%20it%20should%20Deny%20all%20Internet%20access%20but%20should%20allow%20access%20to%20Storage%20and%20Azure%20Log%20Analytics%2C%20but%20still%20I%20believe%20logs%20are%20not%20being%20pushed%20to%20ALA%20workspace.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20can%20anyone%20please%20help%20me%20out%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1251948%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

Hello,

 

I am just starting with Azure and was working with Azure Log Analytics. I created a new Log Analytics workspace, connected a RHEL 6.10 VM with it and then configured the data sources to Syslog and some common performance counters. But I don't see any data being collected from my VM to ALA.

 

The only problem which I suspect is configuration of the NSG rules on the subnet of which this VM is part of.

 

I created the NSG with outbound rules as following.

1. Created a rule named “DenyInternet” which denies all internet access with following parameters

Source - *

Destination - Service Tag

Service tag - Internet

Destination port range - *

Protocol - “any”

Action - Deny

Priority - 4000

 

2. Created another outbound rule which allows connectivity to Azure Storage with following parameters

Source - *

Destination - Service Tag

Destination service tag - “Storage”

Destination port range - *

Protocol - “any”

Action - allow

Priority - 100

 

3. Create third outbound rule which allows connectivity to Azure Log Analytics with following parameters

Source - *

Destination - Service Tag

Destination service tag - AzureMonitor

Destination port range - *

Protocol - “any”

Action - allow

Priority - 110

 

So as per the above rules applied on the NSG it should Deny all Internet access but should allow access to Storage and Azure Log Analytics, but still I believe logs are not being pushed to ALA workspace.

 

So can anyone please help me out here.

0 Replies