cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Governance log way to see source of logs?

michaelblanchard
Microsoft

‎Sep 26 2023 01:30 PM

‎Sep 26 2023 01:30 PM

Governance log way to see source of logs?

In the MDCA governance log, you can see all of the uploaded logs and current status.  The question is when it has errors, or of there is less data than you think, how can you tell where the data is coming from?  what if you have multiple logs going to a single collector?  Is there anyway to get the identity of source of the individual files?  What collector and what appliance?

470 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by michaelblanchard (Microsoft)
LeonPavesic

‎Sep 27 2023 02:35 AM

‎Sep 27 2023 02:35 AM

Solution

Re: Governance log way to see source of logs?

Hi @michaelblanchard,

Yes, there is a way to see the source of the logs in the MDCA governance log.

The column "Source" shows the IP address of the device that uploaded the log.

If you have multiple logs going to a single collector, you can use this information to identify the source of each log.

Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery

Example:

The following table shows an example of a governance log with the source column:

Time Source Status
2023-09-27 11:32:11192.168.1.100Success
2023-09-27 11:32:12192.168.1.101Failure
2023-09-27 11:32:13192.168.1.102Success
 

In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.

 

If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.

You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply
michaelblanchard

‎Oct 03 2023 10:23 AM

‎Oct 03 2023 10:23 AM

Re: Governance log way to see source of logs?

I don't see that field in the governance log, only "initiator"
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by michaelblanchard (Microsoft)
LeonPavesic

‎Sep 27 2023 02:35 AM

‎Sep 27 2023 02:35 AM

Solution

Re: Governance log way to see source of logs?

Hi @michaelblanchard,

Yes, there is a way to see the source of the logs in the MDCA governance log.

The column "Source" shows the IP address of the device that uploaded the log.

If you have multiple logs going to a single collector, you can use this information to identify the source of each log.

Microsoft Defender for Cloud Apps documentation: https://learn.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery

Example:

The following table shows an example of a governance log with the source column:

Time Source Status
2023-09-27 11:32:11192.168.1.100Success
2023-09-27 11:32:12192.168.1.101Failure
2023-09-27 11:32:13192.168.1.102Success
 

In this example, you can see that the log from 192.168.1.101 failed to upload successfully. You can use this information to investigate the issue further.

 

If you are using a log collector, you can also use the collector's logs to identify the source of each log. The collector logs should show the IP address of the device that uploaded the log, as well as the time and date of the upload.

You can also use the MDCA governance log to identify the collector and appliance that uploaded each log. The column "Collector" shows the IP address of the collector, and the column "Appliance" shows the type of appliance that was used to collect the logs.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

View solution in original post

0 Likes
Reply