which connector/table can I see Azure CLI issued commands?

%3CLINGO-SUB%20id%3D%22lingo-sub-1522797%22%20slang%3D%22en-US%22%3Ewhich%20connector%2Ftable%20can%20I%20see%20Azure%20CLI%20issued%20commands%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1522797%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20like%20to%20know%20how%20to%20monitor%20Azure%20CLI.%20The%20'Security%20Events'%20is%20not%20for%20it.%20The%20'AzureActivity'%20was%20supposed%20to%20have%20it%2C%20but%20no.%20Anyone%20with%20experience%20on%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1522797%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20CLI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ekql%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emonitor%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1563701%22%20slang%3D%22en-US%22%3ERe%3A%20which%20connector%2Ftable%20can%20I%20see%20Azure%20CLI%20issued%20commands%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1563701%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F584375%22%20target%3D%22_blank%22%3E%40jjsantanna%3C%2FA%3E%3A%20AzureActity%20would%20not%20include%20the%20PowerShell%20commands%20as%20you%20type%20them%2C%20but%20will%20include%20the%20resulting%20API%20calls.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1566990%22%20slang%3D%22en-US%22%3ERe%3A%20which%20connector%2Ftable%20can%20I%20see%20Azure%20CLI%20issued%20commands%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1566990%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20table%20or%20method%20to%20log%2Ftrack%20Log%20Analytics%20Scheduled%20Queries%20%3F%20So%20we%20know%20if%20those%20scheduled%20queries%20running%20in%20the%20background%20are%20succeeding%2C%20failing%2C%20timing%20out..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1579458%22%20slang%3D%22en-US%22%3ERe%3A%20which%20connector%2Ftable%20can%20I%20see%20Azure%20CLI%20issued%20commands%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1579458%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540154%22%20target%3D%22_blank%22%3E%40majo01%3C%2FA%3E%3A%20Not%20at%20this%20time.%20We%20are%20working%20to%20add%20this%20capability.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1580508%22%20slang%3D%22en-US%22%3ERe%3A%20which%20connector%2Ftable%20can%20I%20see%20Azure%20CLI%20issued%20commands%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1580508%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20thinking%20of%20a%20workaround%20to%20monitor%20the%20scheduled%20log%20analytics%20rules%20as%20following.%20Is%20it%20feasible%20%3F%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20creating%20a%20special%20log%20analytics%20rule%20whose%20condition%20is%20always%20true%20and%20will%20always%20result%20in%20alert%2C%20for%20example(%20Syslog%20%7C%20limit%2010000)%20in%20an%20environment%20where%20we%20know%20it%20always%20has%2010k%20syslog%20records.%3C%2FP%3E%3CP%3E-%20schedule%20the%20rule%20every%205%20mins%2C%20so%20we%20expect%20an%20alert%20to%20be%20always%20generated%20every%205%20mins.%3C%2FP%3E%3CP%3E-%20Monitor%20the%20generated%20alerts%3B%20if%20there%20is%20no%20alert%20at%20one%20of%20the%20rule%20runs%20%2C%20then%20there%20must%20be%20a%20service%20issue%20or%20latency%20issue%2C%20which%20is%20the%20case%20we%20want%20to%20capture.%3C%2FP%3E%3CP%3E-%20Optional%3A%20if%20the%20alert%20timestamps%20are%20consistent%2C%20we%20can%20find%20how%20long%20the%20rule%20run%20took%20to%20finish%20(comparing%20ProcessingEndTime%20with%20EndTime).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I would like to know how to monitor Azure CLI. The 'Security Events' is not for it. The 'AzureActivity' was supposed to have it, but no. Anyone with experience on it?

4 Replies
Highlighted

@jjsantanna: AzureActity would not include the PowerShell commands as you type them, but will include the resulting API calls. 

Highlighted

@Ofer_Shezaf 

 

Is there a table or method to log/track Log Analytics Scheduled Queries ? So we know if those scheduled queries running in the background are succeeding, failing, timing out..

Highlighted

@majo01: Not at this time. We are working to add this capability.  

Highlighted

@Ofer_Shezaf 

I'm thinking of a workaround to monitor the scheduled log analytics rules as following. Is it feasible ?:

 

- creating a special log analytics rule whose condition is always true and will always result in alert, for example( Syslog | limit 10000) in an environment where we know it always has 10k syslog records.

- schedule the rule every 5 mins, so we expect an alert to be always generated every 5 mins.

- Monitor the generated alerts; if there is no alert at one of the rule runs , then there must be a service issue or latency issue, which is the case we want to capture.

- Optional: if the alert timestamps are consistent, we can find how long the rule run took to finish (comparing ProcessingEndTime with EndTime).

 

?