SOLVED

Log windows security event to Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-1127515%22%20slang%3D%22en-US%22%3ELog%20windows%20security%20event%20to%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1127515%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3ECan%20anyone%20help%20me%20with%20this%20please%3C%2FP%3E%3CP%3EI%20know%20how%20to%20log%20application%20and%20System%20but%20not%20sure%20on%20how%20to%20log%20security%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167035i501E95C345794913%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1127515%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1127578%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20windows%20security%20event%20to%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1127578%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F527004%22%20target%3D%22_blank%22%3E%40stuart355%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20not%20possible%20trough%20Log%20Management%20feature%20for%20Security%20event%20log.%20Due%20to%20the%20nature%20of%20the%20logs%20(high%20velocity)%20you%20have%20to%20use%20either%20Azure%20Security%20Center%20that%20enables%20the%20Security%20solution%20which%20gathers%20those%20logs.%20Keep%20in%20mind%20that%20ASC%20just%20uses%20Log%20Analytics%20as%20platform%20and%20because%20of%20that%20there%20is%20separate%20pricing%20that%20occurs%20when%20you%20enable%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1130927%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20windows%20security%20event%20to%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1130927%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F527004%22%20target%3D%22_blank%22%3E%40stuart355%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Security%20Events%20configuration%20done%20on%20ASC.%26nbsp%3B%20Below%20is%20the%20path%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EASC-%26gt%3BPricing%20and%20settings%20-%26gt%3B%20Select%20subscription-%26gt%3BData%20Collection-%26gt%3B%20Windows%20Security%20Events%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20answered%20your%20ask.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi

Can anyone help me with this please

I know how to log application and System but not sure on how to log security

clipboard_image_0.png

 

2 Replies
Best Response confirmed by Stanislav Zhelyazkov (MVP)
Solution

Hi@stuart355 

This is not possible trough Log Management feature for Security event log. Due to the nature of the logs (high velocity) you have to use either Azure Security Center that enables the Security solution which gathers those logs. Keep in mind that ASC just uses Log Analytics as platform and because of that there is separate pricing that occurs when you enable that.

Hi @stuart355 

 

Windows Security Events configuration done on ASC.  Below is the path

 

ASC->Pricing and settings -> Select subscription->Data Collection-> Windows Security Events

 

I hope this answered your ask.