Forum Discussion

drp11's avatar
drp11
Copper Contributor
Apr 21, 2021

Log Analytics Gateway

Hi folks

 

Some clarification needed please.

 

I want to ingest data from my on-prem Windows computers to Azure Sentinel.

 

I understand that I can use a Log Analytics Gateway (LAG) on-prem to act as a HTTP proxy/forwarder to the Azure Log Analytics Workspace (and subsequently Azure Sentinel).

 

How do I tell my on-prem Windows computers to use / go via the LAG? There is only an option to put in the Workspace ID.

 

Once installed, do I configure the proxy settings in the standalone OMS Agent on the Windows server to use the IP address and port of the on-prem LAG? 

 

Also, does the LAG need the standalone OMS agent installing as well?

 

thanks

 

4 Replies

  • fkh090's avatar
    fkh090
    Copper Contributor
    May 10, 2023
    After 2 Years, I have one more Question 🙂

    Log Analytics Legacy Agent will be deprecated on August 2024 and in part:
    2. Configure Agents with Proxy set to the Gateway name and its port
    UI: "If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. "

    - So It means that I need Log Analytics Legacy Agent on Windows in all situations.
    - AMA does not support Log Analytics Gateway connection?!

    Thanks in Advance!

    • schroray's avatar
      schroray
      Copper Contributor
      Aug 26, 2024
      AMA is stated as being supported with LAG: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/gateway

      The question how to actually configure the LAG on an Agent is not yet outlined properly - only the use of a general proxy service is stated. So here the proxy details (IP:Port) would be the ones for the LAG: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-network-configuration?tabs=PowerShellWindowsArc#proxy-configuration
  • DaveGrain's avatar
    DaveGrain
    Copper Contributor
    Nov 21, 2022
    The given answer just links back to this page and 2nd link is how to intall the agent to talk directly to Azure. Is there a detailed anser to the question of configuring the agent to send logs via the gateway?
  • imaterek's avatar
    imaterek
    Copper Contributor
    Apr 29, 2021
    1. Install the Gateway
    "On the Port and proxy address page:
    a. Enter the TCP port number to be used for the gateway. Setup uses this port number to configure an inbound rule on Windows Firewall. The default value is 8080."
    https://techcommunity.microsoft.com/t5/azure-sentinel/log-analytics-gateway/m-p/2280290

    2. Configure Agents with Proxy set to the Gateway name and its port
    UI: "If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. "
    PS: "OPINSIGHTS_PROXY_URL URI for the proxy to use"
    https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows#install-agent-using-command-line

Resources