Log Analytics Gateway

Visitor

Hi folks

 

Some clarification needed please.

 

I want to ingest data from my on-prem Windows computers to Azure Sentinel.

 

I understand that I can use a Log Analytics Gateway (LAG) on-prem to act as a HTTP proxy/forwarder to the Azure Log Analytics Workspace (and subsequently Azure Sentinel).

 

How do I tell my on-prem Windows computers to use / go via the LAG? There is only an option to put in the Workspace ID.

 

Once installed, do I configure the proxy settings in the standalone OMS Agent on the Windows server to use the IP address and port of the on-prem LAG? 

 

Also, does the LAG need the standalone OMS agent installing as well?

 

thanks

 

1 Reply
1. Install the Gateway
"On the Port and proxy address page:
a. Enter the TCP port number to be used for the gateway. Setup uses this port number to configure an inbound rule on Windows Firewall. The default value is 8080."
https://techcommunity.microsoft.com/t5/azure-sentinel/log-analytics-gateway/m-p/2280290

2. Configure Agents with Proxy set to the Gateway name and its port
UI: "If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. "
PS: "OPINSIGHTS_PROXY_URL URI for the proxy to use"
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows#install-agent-using-comman...