Syslog - Microsoft Azure Log Integration
Microsoft Azure is an open, flexible, enterprise-grade cloud computing platform. Move faster, do more, and save money with IaaS + PaaS.
The Azure Log integration feature was deprecated on 15 June 2019. AzLog downloads were disabled on 27 June 2018.
Device Details
Vendor | Microsoft |
|---|---|
Device Type | Cloud (System and Application) |
Supported Model Name/Number | Azure Log Integration |
Supported Software Version(s) | 1.0 |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Microsoft Azure Log Integration |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://docs.microsoft.com/en-us/azure/security/security-azure-log-integration-get-started The Event logs are available in ‘JSON’, Syslog (LEEF) and MS Event Log formats. The LEEF format is the configuration used by this policy. |
Prerequisites
- An Azure subscription
- A storage account for Windows Azure Diagnostics (WAD) logging
- A machine that runs the Azure Log Integration service & a machine that would be monitored
Device Configuration Checklist
- Installed Azure Log Integration from the installer
- Post-installation and validation steps
- Integrate Windows VM Logs
- Integrate Azure activity logs
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
Administrative | 1.0 | Description, level, resourceGroupName, status |
Service health | 1.0 | eventName, level, resourceType, status |
Alert | 1.0 | Description, level, resourceGroupName, resourceId, status |
Security | 1.0 | Description, level, resourceGroupName, resourceType, resourceId, status |
Parsed Metadata Fields
Product Field Name | LogRhythm Metadata Field | Value/Data Type |
cat | vmid | Vendor Message ID |
resourceGroupName | group | Group |
resourceId | object | Object |
resourceType | objecttype | Object Type |
resourceType | objecttype | Object Type |
sev | severity | Severity |
src | sip | Source IP Address |
status | status/result | Status/Result |
usrName | login | Login |