User Profile
cxmelga
Copper Contributor
Joined Jan 22, 2021
User Widgets
Recent Discussions
Can I some how add the 'RenderedDescription' content from Log Analytics to Email Body of Alert
Hello My Azure Monitor is working and I receive the Alert Email OK. This is triggered from a Log Analytics query for a Windows Event log entry However the body of the email alert contains the following (see screenshot at link below) https://1drv.ms/u/s!AqL5zUwOWToZge8hFLkgp7745b7MDw?e=0lV3jF Which is not very useful, I need the RenderedDescription content from the Log shown in the email body as this field contains useful information in plain text (like the serial number of the certificate which has been revoked) Therefore can anyone tell me please how can my Azure Monitor email alerts shoe the text from the RenderedDescription from the Log Analytics logs entry that triggered the alert in the first instance. Thank you in advance Charlie2.4KViews0likes4CommentsA simple Custom XPath Data Source Collection is not working
Can someone please help me with the following I read the following document https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent I am following the information on this document but the XPATH filter is not working If I use the 'basic' for Security > Audit Success, then the information from the Windows Server Security Event log I want 'does appear' in Log Analytics using the following query Event | where EventLog == 'Security' | where Source == 'Microsoft-Windows-Security-Auditing' | where EventID == '4870' | project TimeGenerated,EventID,RenderedDescription,Source,EventLevelName,ParameterXml,EventData However when I use a Custom XPath Query under Add Data Source as follows I paste the following onto the XPath windows *[System[EventID=4870]] However Azure always adds !* to the end so the Xpath query, so the saved Xpath ends up as follows *[System[EventID=4870]]!* I have also tried the XPath Security!*[System[EventID=4870]] I leave this for about an hour, then I regenerate further event 4870 in the Security event log (basically revoking certificates in a test CA) These 4870 events appear on the Server in the security event log as expected. However there are 'not' being sent to Log Analytics and more (as they were with the initial basic filter). I cannot see what is wrong as I followed the document, can you kindly 1) Tell me why the Azure Portal automatically adds !* to the end of my XPath query 2) What is the reason why the data is not longer appearing (being collected) and shown in Log Analytics when using the custom XPath above (when setting us the Data Source and using Custom) Please advise, Thanks Charlie5.1KViews0likes6CommentsRe: Can I some how add the 'RenderedDescription' content from Log Analytics to Email Body of Alert
Hi All Can someone please help me with the above 🙂 To clarify, what I want to achieve seems simple on the surface, but it does not appear to be available with Azure Monitor out of the box without via via a Logic App (which seems odd), So perhaps I am missing something What I want to do is include the text from the RenderedDescription field (as seen in Log Analytics when querying an Event from the Windows Event Log taken from a standard Windows computer) in the email body of an Azure Monitor Alert. So then the email arrives it shows the contents/text/message of the Windows Event Log entry (e.g. the one which was alerted on). My Alert is working OK, in that it fires and I get an email all good. However none of the information/fields in the email alert show the text from the actual Windows Event Log message (aka RenderedDescription from log analytics). The Azure Monitor logic fires on the KQL query (which includes RenderedDescription) but it is not surfaced in the actual email alert body. Please advise if there is a simply way to include the RenderedDescription text in the email alert body when using Azure Monitor for alerting. Thanks All Charlie2.1KViews0likes0CommentsRe: Can I use an Azure Private Endpoint to access Azure WEB Application Gateway
Seshadrr Hello Seshadrr Thanks very much for taking the time to reply, I am still a bit unclear, can you (or someone else on the forum) clarify the following for me a bit further please. if we have an Azure WEB Application Proxy (connecting to a backend app on-premise as normal), but we only want 'company users' to use this (not internet based users). Can remove/disable the public IP address from the WEB Application Proxy (in some way e.g. using a Service EndPoint or Private EndPoint, or some other way) so only internal users can access it. What I really want to achieve is using a private IP address/subnet (e.g. 10.x.x.x ) and therefore one DNS record internally to reach the front end of the WAP can you kindly advise further if this is possible Thanks Charlie1.1KViews0likes0CommentsCan I use an Azure Private Endpoint to access Azure WEB Application Gateway
Hello If I have an Azure WEB application gateway which talks back to an on-premise App (using header based authentication) and I only need users on my own internal network (not internet users or customers) to access it. Can I connect Azure Private Endpoint and Azure Application Gateway to achieve this result (or is there an alternative). if I can do this, is their a URL doc/video showing how this is set up please? Thanks very much Charlie1.2KViews0likes2Comments
Recent Blog Articles
No content to show