2.20 Log Analytics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

18 hours 43 minutes
Video Transcription
welcome back. And this episode we're going to take a look at a subset feature of azure monitor called Log Analytics.
My objectives include understanding, log analytics and understanding. Also had a configure log Analytics.
So what is it? Log Analytics. Log Analytics is a tool used to write and execute queries against our log data found on azure Monitor.
As a mention, it is a feature of azure monitor, and the agents are installed on cloud and on purposes. Resource is, and they send data toe azure monitor to store the collected data.
Gathering. This data from our resource is requires agents to me, installed on the resource itself. For this, we have the log analytics agent. This agent was developed not only for cloud compute resource is but also for on premises physical on virtual machines.
This means you can have an all in one cloud based monitoring solution for your cloud and on purposes servers. You can even install this agent on. Compute resource is located another cloud platforms. Besides Azure,
the log analytics agent is also shared across other measure service is that were bundled under the operations management. Sweet ROMs such as azure security center azure automation.
The Log Analytics agent is available both as a Windows and Lennox agent
when it's installed on Windows. It's the Microsoft monitoring Agent or MM ES and installed on Lenox. It's listed as the O. M s Lennox agent.
As I mentioned, the Log Anna Leagues agent can also be installed on on premises service. This records the server to be able to make outbound connections over TCP for 43 and also have tea less 1.2 enabled on the server.
When you go to download the agent inside the Log Analytics workspace, you have the option of selecting the Windows or Lennox's version. And when you do, you're given the workspace i D for the Log Analytics workspace, as well as a primary and secondary key to authenticate against the service.
This will allow the agent to collect an upload from your own premises servers.
Now that we have some basics down, let's jump over to the azure portal and take a look at our Log analytics workspace
back in our azure portal. Before we go look at our Log analytics workspace. I want to go take a look at some of the extensions on our virtual machines just to show you what it looks like before and after we install them.
Let's go check out V M o too.
Click under settings and extensions. You can see we have the O. M s extension right here, which connects to our azure Log analytics workspace.
Let's go back and take a look at V M 03
Even see, we currently do not have any extensions installed that connects to our log analytics workspace.
Now let's go take a look at creating a Log analytics workspace and connecting some of our resources into it.
I've already favorited the long analytics workspace over on the left hand side.
First, let's take a look at creating a log Analytics workspace.
Create one. You will need to give it a name.
Select a subscription and a resource group as well as a location pretty similar to other azure Resource is that we've credit in the past.
I'm gonna close out of creating one
and go ahead and go back to the existing one. Already have.
You can see on our overview page. One of our getting started with Log Analytics steps is to connect data sources,
so let's go down and take a look at our work space data sources.
We go into virtual machines.
It's going to pull in all the virtual machines available. In our current description, you can see we have some of them, like V M 01 and no to which are already connected. And other ones like 80 Connect a one and BMO three, which are not connected, which we also just saw when he looked at V. M O three's extension. Let's go ahead and click on V M 03
to install the agent on this virtual machine and connected to this Log Analytics workspace. It's a simple as clicking on the connect button.
This will start the deployment of the Lenox O. M s extension onto that virtual machine.
While that is finishing deploying, let's go take a look at some advanced settings where we can deploy agents to our on premises servers.
Here we can look at additional resource is that we connect, such as Windows servers. We can download the 32 or 64 bit version of the agent as well as the workspace I D and Keys will need in order to connect the agent when we're installing it to this Lock Analytics workspace
again. Remember, fromthe slides. Thesis server will need outbound axis over TCP for 43 as well as used Teal s 1.2.
We have the same option for our clinic servers By downloading the agent and having the workspace i d. In keys we can use
as well as connecting azure storage accounts. And once we have the agents installed, we can define what type of data we want to extract from them.
For example, Windows event logs in performance counters, as well as Lennox performance counters and CeCe locks.
We can also dive a little bit deeper and gather information from our I s locks on Windows servers
going back to her over you. Page One other thing we can look at is the activity lock.
Remember, the activity log contains other actions that are taken inside the tenet, such as actions on virtual machines or inside the subscription.
Here. I'm gonna change our filter
to the last week as well as change our resource to all resource is and remove our sick our resource group filter.
You can see the type of actions that are created in here, such as creating or updating version machines or creating an updating metrics. You can think of this as taking a look into the administration activities that are occurring inside the tenant
that does it for a demo. Let's jump back to the slides and wrap this up.
Coming up next, we're gonna talk a little bit about Azure adviser and cost management inside our tenant. See you in the next episode.
Up Next