In part 1 we looked at enable diagnostic logging on Azure resources via the Portal or via PowerShell.
Now, let’s get this ingested into Log Analytics!
It’s worth noting that the current, up-to-date documentation is at: https://azure.microsoft.com/en-us/documentation/articles/log-analytics-powershell-azure-diagnostics-json/.
OK for this, I’m assuming you’ve got WMF 5 installed on your machine. If you’ve not (where have you been!?) go to https://www.powershellgallery.com/ & hit the ‘Get WMF 5.0’ button.
Open up an Administrative PowerShell and make sure you’ve got the up to date AzureRM module:
Import the OMS module, making sure you’ve got at least version 1.0.8:
Import-Module AzureRM.OperationalInsights -MinimumVersion 1.0.8
Login to your Azure Account:
Run the command to configure the diagnostic into Log Analytics:
OK OK. Hold up – let’s talk about this Add-AzureDiagnosticsToLogAnalyticsUI cmdlet.
Basically, it’s just like one of those choose your own adventure command line games. Like the ones I used to play on the BBC computer in school… Only this is better
Add-AzureDiagnosticsToLogAnalyticsUI guides you through ingesting those diagnostic logs into Log Analytics.
Adventure Question 1: Whatcha want to collect?
In part 1, I enabled NSG logging, so let’s grab that by hitting 3:
Adventure Question 2:
OK you can see that it located my NSG and verified diagnostics were turned on. Awesome.
You can see it’s listed out my NSG here & listed it as number 1. If you had more, you’d see them listed here.
To select my NSG diagnostics to ingest into Log Analytics, I’ll hit 1:
Adventure Question 3:
Which Log Analytics workspace? I’ve only got one on this Azure Subscription, so it’s listed here.
If you have a few, you can select which one the logging will be ingested into:
OK – that’s it! You’re done:
Great – that was too easy right!? All you need to do now is get a cup of tea & after a little bit, you’ll see that diagnostic data show up in Log Analytics!
OK now I had a cuppa, I’ve gone to my Log Analytics portal & clicked Search. I’m going to enter the query to see all the stuff: *
Sweet!! Under ‘TYPE’ I can now see NetworkSecuritygroups.
I’m going to select it & click apply to make the query: * (Type=NetworkSecuritygroups)
Et voila! Here ya go!
Note you can see the 2 categories of logging here too, so you can filter down & all that stuff!
You can now do all the normal Log Analytics goodness, like filtering, custom fields, alerting, remediation, saving, queries and building kickass dashboards!