Azure Monitor

CHI-LTD
CHI-LTD used Ask the Experts™
on
Hi
I appear to not have the Export to Event hub option as mentioned here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-export
Any ideas why?
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hardware Tester and Debugger
Commented:
Hi there! :)

Just to confirm, you might want to looking a the required prerequisites. Either that or you haven not configured log collection. You may refer to the following link provided by the official Microsoft Support team.

Reference: https://docs.microsoft.com/sl-si/azure/active-directory//reports-monitoring/howto-integrate-activity-logs-with-log-analytics

To use this feature, you need:

An Azure subscription. If you don't have an Azure subscription, you can sign up for a free trial.
An Azure AD tenant.
A user who's a global administrator or security administrator for the Azure AD tenant.
A Log Analytics workspace in your Azure subscription. Learn how to create a Log Analytics workspace.


Here is an alternative called sumologic which can also be used to achieve what you have mentioned. You may refer to the following link for more information. After you have configured the logging, then look at Step 3. Push logs from Azure Monitor to Event Hub.

Reference: https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Azure_Monitoring/Collect_Logs_from_Azure_Monitor

Step 3. Push logs from Azure Monitor to Event Hub
Various Azure Services connect to Azure Monitor to send monitoring data to an Event Hub. For more information, see Azure Monitor: Send monitoring data to an event hub and How do I set up Azure platform monitoring data to be streamed to an event hub? in Azure help.

We will use Azure Active Directory Service as an example to push Audit logs to Event Hub with Azure Monitor.  

  1. Login into Azure Portal.
  2. Click Azure Active Directory > Activity > Audit logs.
  3. Click Export Settings.
  4. You will see the Diagnostic Settings blade which will show all your existing settings if any already exist. Click Edit Setting if you want to change your existing settings, or click Add diagnostic setting to add a new one. You can have a maximum of three settings.
  5. Check the Stream to an event hub box and click on Event hub / Configure.
  6. Select an Azure subscription.
  7. Select the Event Hubs namespace you created in Step 2. It should start with “SumoAzureLogsNamespace<UniqueSuffix>”.
  8. Select insights-operational-logs from the Select event hub name dropdown.
  9. Select RootManageSharedAccessKey from Select event hub policy name dropdown.
  10. Click OK to exit event hub configuration.
  11. Check the box under “Logs” labeled “Audit”.
  12. Click Save.

diagonostic-settings.png

Author

Commented:
Thanks.  It looks like it is a Cisco documentation problem as its essentially what you have showed me..  Diagnostics button...

thanks

Author

Commented:
Thanks.  It looks like it is a Cisco documentation problem as its essentially what you have showed me..  Diagnostics button...

thanks
NoahHardware Tester and Debugger

Commented:
@CHI-LTD You're welcome! Glad I was of help :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial