Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Why no AMA Gateway (like log analytics gateway) ?

Copper Contributor

Is there something I don't understand about how the Azure Monitor Agent works? Shouldn't there be a local collector or gateway/proxy or something for on-prem devices, like the log analytics gateway at the moment? Or should be let them all connect individually to an endpoint / a  Sentinel workspace?

 

let me clarify: i know it's technically possible to go through a LAG. But isn't that thing going to be deprecated soon, like the log analytics agent?

3 Replies
If they all already have HTTPS access to the internet, let them connect out anyway. But that has limited applications, you aren't going to be deploying to devices with that lax network controls.

I believe that the Log Analytics Gateway is compatible with the AMA, at least the documentation says so here: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview?tabs=PowerS...
Also, there are no signs that the LAG will be deprecated any time soon. The Azure monitor is in place because it does more than the LAA did, while also doing what it did, so why support both? I can't see that happening with the LAG.

The LAA and AMA used to coexist. One was chosen over the other and became de facto, The fact is that there is nothing in Microsoft's tooling at the moment which does the job of the LAG, so it is safe.
Indeed. But i still see to see one big problem
-> so you need the AMA agent on the LAG installed to get information from linux and windows machines. No problem there.
-> But if you do that. You can't forward CEF / syslog anymore because AMA doesn't support it yet and you can't have the LAA installed on the LAG when AMA is installed.

So it's waiting for CEF to get out of private preview. : /