Configure Diagnostics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

7 hours 46 minutes
Video Transcription
Hello and welcome back to Cyber Aires. Microsoft Azure Administrator A Z 103 Course, this is Episode 12 Configure Diagnostics and I'm your instructor, Will Carlson
in today's episode is relatively straightforward. We're gonna be talking about how you configure diagnostic logs,
uh, and talk a little bit more about the different log types here within Azure
to get started, we're gonna jump into portal and I want to call out your attention that
diagnostic logs can be collected both for azure Resource is and also for on premise. Resource is,
I want to remind you two that there is a difference between logs and Metrix Metrix Air gonna be those things that we talked about in the last video that the date is gonna be collected every minute and they're gonna be on by default for a lot of azure resource is
logs are gonna be things that need to be configured to be sent in various degrees today. This is gonna be a relatively straightforward deployment because logging is baked into these azure resource is there's also a component of logging more similar to what you experience. When you use a tool like Splunk,
you have to configure the log recipient and you have to configure the
device that sending the logs so
logs are gonna be text or numeric values that aren't created every minute or aren't even created automatically. Logs are gonna be things that are created when an event occurs. So think Lennox sis logs or Windows event logs. Those are great examples of types of locks
now, specifically to azure. Here
there are going to be two different types of logs diagnostic logs, which we're gonna be setting up today, and then azure activity logs. So as your activity logs were gonna be those things that we see from the arm a p I any time that we do anything with the R, maybe I it's going toe log that activity as an activity log.
These are gonna be at the subscription level,
and by default, they're gonna be retained for 90 days. You can extend this retention if you push those logs over to a storage account or an azure log analytics workspace.
That's activity logs, but the type of long we're going to talk about today, our diagnostic logs and these are gonna be configured on each resource.
The logs it connect collects air gonna be unique to the particular resource that we're talking about and not our resource is support diagnostic logs. So the first thing we're gonna do is look, a diagnostic logs on some out of the box.
Resource is so we're gonna go to resource groups.
We're gonna click on I T Resource Group.
We're gonna go down here to diagnostic settings
and these are the resource is that I can turn on diagnostic logging for without any other intervention on my part.
You can see that we already have the public I p address set too long things. So let's look at that real quickly.
Let's edit this city so I can see with a public I p address. It's going to I'm archiving this to a storage account that I've set up,
and it's sending de dos logs and all of the metrics as faras ingress and egress are going to this long as well.
Now let's go back. Go and look at some other
diagnostic logs that we could set up and actually set one up from scratch.
Look out here, come back to diagnostic logs and let's go ahead and set up diagnostic logs on this network interface,
We're gonna add a diagnostic setting.
When a name this
Nick Internal.
I don't want ark have this to a storage account, as I did before going to select what storage account I wanted to go to.
Gonna select that one that's in this resource group already.
And then I can select
to send all metrics. And then how many days now? Something worth mentioned here is that zero is gonna keep these indefinitely until I run out of storage. So if I don't want to do that, I can set this to store these logs for 10 days or whatever numbers I'd like.
Now you can stream to an event tub, which is not necessarily relevant for a Z 103 But it's a way to earn a place in azure to send a lot of events to and have them ultimately processed. You can also send them to log analytics. We'll be looking at that in a later episode, and that's the Log analytics workspace. But for now,
we're gonna go ahead and have these internal nick
logs sent to a storage account.
I can hit save,
and that's really all there is to it. So if I go back out here to the resource group and into the IittIe resource group
back down here into diagnostic settings,
I can see that I've been able diagnostic logs on this particular network interface. Also, what we showed is that this network interface had very different logs available to be sent. Then the public interface did as well.
So in today's episode, we talked about configuring diagnostic logs on those things that are simple to do an azure. But based on a point and click, these things already have logging
functionality built into them. It just has to be enabled. And you get to that via diagnostic settings
we can set where they go, we can store them in a number of different places, and it's really gonna be different based on what particular resource it is that we're gonna be setting up those diagnostic logs on
coming up next. We're gonna be talking about a really powerful monitoring feature here in Azure about alerts and action groups, and they're gonna help us really keep tabs on what's going on in our azure ecosystem, and I think you'll find that there are a lot of ways that you can ultimately be notified about these alerts.
Thank you so much for joining me today, and I'm really looking forward to the next episode.
Up Next
AZ-103 Microsoft Azure Administrator

This is a training course for the Microsoft Azure AZ-103 Certification. The Microsoft Azure Administrator training course teaches students to perform tasks like managing Azure subscriptions and resources, implementing and managing storage, deploying and managing virtual machines (VM) and networks, and managing identities!

Instructed By