cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ASC auto provisioning

MaheshUTP
Copper Contributor

‎Mar 02 2021 09:47 AM - last edited on ‎Nov 29 2021 11:51 AM by

‎Mar 02 2021 09:47 AM - last edited on ‎Nov 29 2021 11:51 AM by

ASC auto provisioning

Hi Team,

 

Suppose we have one centralized management subscription. In that centralized subscription we have created log analytic workspaces in different regions.  These log analytic workspaces are enabled with sentinel. due to compliance reason, we would like to keep the log data within the region,

 

how we can automate the auto provisioning in a way, that each VM's syslog or event logs should forwarded into correct log analytic workspace in centralized subscription.

 

Screen Shot 2021-03-03 at 2.28.18.png

 

References:

Support Regions: https://docs.microsoft.com/en-us/azure/security-center/faq-data-collection-agents

Enable AutoProvision:  Install the Log Analytics agent for Linux

Labels:
1,950 Views
0 Likes
1 Reply
Reply
1 Reply
Stanislav Belov

‎Mar 09 2021 05:31 AM

‎Mar 09 2021 05:31 AM

Re: ASC auto provisioning

Hi Mahesh,

 

Unfortunately, the auto-provisioning is a subscription wide configuration, that means that all VMs in the sub will send data to the same ALA workspace (which can be in a different subscription). That said, if you group your regional resources under separate subs, you can use auto provisioning to accomplish your goal. 

Alternatively, you may consider using manual agent provisioning and target agents to different ALA workspaces based on certain criteria, e.g. location, tags, etc. 

0 Likes
Reply