Sep 26 2023 01:30 PM
In the MDCA governance log, you can see all of the uploaded logs and current status. The question is when it has errors, or of there is less data than you think, how can you tell where the data is coming from? what if you have multiple logs going to a single collector? Is there anyway to get the identity of source of the individual files? What collector and what appliance?
Sep 27 2023 02:35 AM
SolutionYes, there is a way to see the source of the logs in the MDCA governance log.
The column "Source" shows the IP address of the device that uploaded the log.
If you have multiple logs going to a single collector, you can use this information to identify the source of each log.
Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
Example:
The following table shows an example of a governance log with the source column:
2023-09-27 11:32:11 | 192.168.1.100 | Success |
2023-09-27 11:32:12 | 192.168.1.101 | Failure |
2023-09-27 11:32:13 | 192.168.1.102 | Success |
In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.
If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.
You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Oct 03 2023 10:23 AM
Sep 27 2023 02:35 AM
SolutionYes, there is a way to see the source of the logs in the MDCA governance log.
The column "Source" shows the IP address of the device that uploaded the log.
If you have multiple logs going to a single collector, you can use this information to identify the source of each log.
Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
Example:
The following table shows an example of a governance log with the source column:
2023-09-27 11:32:11 | 192.168.1.100 | Success |
2023-09-27 11:32:12 | 192.168.1.101 | Failure |
2023-09-27 11:32:13 | 192.168.1.102 | Success |
In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.
If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.
You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)