Log Analytics Gateway

%3CLINGO-SUB%20id%3D%22lingo-sub-2280290%22%20slang%3D%22en-US%22%3ELog%20Analytics%20Gateway%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280290%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20clarification%20needed%20please.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20ingest%20data%20from%20my%20on-prem%20Windows%20computers%20to%20Azure%20Sentinel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20that%20I%20can%20use%20a%20%3CSTRONG%3ELog%20Analytics%20Gateway%20(LAG)%3C%2FSTRONG%3E%20on-prem%20to%20act%20as%20a%20HTTP%20proxy%2Fforwarder%20to%20the%20Azure%20Log%20Analytics%20Workspace%20(and%20subsequently%20Azure%20Sentinel).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20I%20tell%20my%20on-prem%20Windows%20computers%20to%20use%20%2F%20go%20via%20the%20LAG%3F%20There%20is%20only%20an%20option%20to%20put%20in%20the%20Workspace%20ID.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20installed%2C%20do%20I%20configure%20the%20proxy%20settings%20in%20the%20standalone%20OMS%20Agent%20on%20the%20Windows%20server%20to%20use%20the%20IP%20address%20and%20port%20of%20the%20on-prem%20LAG%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20does%20the%20LAG%20need%20the%20standalone%20OMS%20agent%20installing%20as%20well%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2305444%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20Gateway%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2305444%22%20slang%3D%22en-US%22%3E1.%20Install%20the%20Gateway%3CBR%20%2F%3E%22On%20the%20Port%20and%20proxy%20address%20page%3A%3CBR%20%2F%3Ea.%20Enter%20the%20TCP%20port%20number%20to%20be%20used%20for%20the%20gateway.%20Setup%20uses%20this%20port%20number%20to%20configure%20an%20inbound%20rule%20on%20Windows%20Firewall.%20The%20default%20value%20is%208080.%22%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Flog-analytics-gateway%2Fm-p%2F2280290%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Flog-analytics-gateway%2Fm-p%2F2280290%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20Configure%20Agents%20with%20Proxy%20set%20to%20the%20Gateway%20name%20and%20its%20port%3CBR%20%2F%3EUI%3A%20%22If%20the%20computer%20needs%20to%20communicate%20through%20a%20proxy%20server%20to%20the%20Log%20Analytics%20service%2C%20click%20Advanced%20and%20provide%20the%20URL%20and%20port%20number%20of%20the%20proxy%20server.%20%22%3CBR%20%2F%3EPS%3A%20%22OPINSIGHTS_PROXY_URL%20URI%20for%20the%20proxy%20to%20use%22%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fagents%2Fagent-windows%23install-agent-using-command-line%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fagents%2Fagent-windows%23install-agent-using-command-line%3C%2FA%3E%3C%2FLINGO-BODY%3E
Visitor

Hi folks

 

Some clarification needed please.

 

I want to ingest data from my on-prem Windows computers to Azure Sentinel.

 

I understand that I can use a Log Analytics Gateway (LAG) on-prem to act as a HTTP proxy/forwarder to the Azure Log Analytics Workspace (and subsequently Azure Sentinel).

 

How do I tell my on-prem Windows computers to use / go via the LAG? There is only an option to put in the Workspace ID.

 

Once installed, do I configure the proxy settings in the standalone OMS Agent on the Windows server to use the IP address and port of the on-prem LAG? 

 

Also, does the LAG need the standalone OMS agent installing as well?

 

thanks

 

1 Reply
1. Install the Gateway
"On the Port and proxy address page:
a. Enter the TCP port number to be used for the gateway. Setup uses this port number to configure an inbound rule on Windows Firewall. The default value is 8080."
https://techcommunity.microsoft.com/t5/azure-sentinel/log-analytics-gateway/m-p/2280290

2. Configure Agents with Proxy set to the Gateway name and its port
UI: "If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. "
PS: "OPINSIGHTS_PROXY_URL URI for the proxy to use"
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows#install-agent-using-comman...