Configuring the Activity Log to be Sent to a Log Analytics Workspace

It is recommended that you create a new Log Analytics Workspace for monitoring purposes, and send all the logs that eG monitors to that workspace. If such a workspace pre-exists, then proceed to set that workspace as the destination for Activity logs. To achieve this, use steps 5-10 of the procedure detailed below. If no such workspace is available, then do the following:

  • Use steps 1-4 of the procedure discussed below to create a new log analytics workspace.

  • Then, use steps 5-10 of the procedure to configure the activity logs to be sent to the new workspace you created.

  1. To create a new Log Analytics Workspace, first, login to the Microsoft Azure Portal, and use the Search text box therein to search for the string 'log analytics'. The Log Analytics Workspace option will then appear in the sear\\\ch results (see Figure 1). Click on that option.

    Selecting Log Analytics Workspace Option

    Figure 1 : Selecting the Log Analytics Workspace option

  2. Figure 2 will then appear. If one/more Log Analytics Workspaces pre-exist, then Figure 2 will reveal them. To create a new workspace, click on the Create link indicated by Figure 2.

    Clicking On Create Link In Log Analytics Workspaces Window

    Figure 2 : Clicking on the Create link in the Log Analytics Workspaces window

  3. Doing so will invoke Figure 3. From the Subscription drop-down in Figure 3, select the Azure Subscription for which the new workspace is being created. This should be the Microsoft Azure Subscription that you are monitoring. Next, select the Resource Group to which the chosen subscription belongs, and its Region. Finally, specify Name of the new Log Analytics Workspace.

    Figure 3 : Creating a New Log Analytics Workspace

  4. Finally, click the Review + Create button to add the new log analytics workspace.

  5. Now, proceed to set this workspace as the destination for activity logs. For that, select Activity log from Azure Services, as indicated by Figure 4.

    Selecting Activity Log Option

    Figure 4 : Selecting the Activity log option

  6. Figure 5 will then appear. Click on the Export Activity Logs button indicated by Figure 5.

    Clicking On Export Activity Logs

    Figure 5 : Clicking on Export Activity Logs

  1. Figure 6 will then appear. From the Subscription drop-down in Figure 6, select the Azure subscription being monitored currently. The diagnostic settings that pre-exist for the chosen subscription will then appear. If any of the existing diagnostic settings have already been configured with Log Analytics Workspaces, then Figure 6 will display these workspace names and the diagnostic settings they map to. However, If the Log Analytics workspace column in Figure 6 is blank for all the existing diagnostic settings, it is a clear indication that the Activity log is yet to be configured to be sent to any Log Analytics Workspace. In this case therefore, you should create a new diagnostic setting for the target Subscription, where a Log Analytics Workspace is configured as the destination for the Activity log. To achieve this, click on the Add diagnostic setting button in Figure 6.

    Clicking On Add Diagnostic Setting Button

    Figure 6 : Clicking on the Add diagnostic setting button

  2. In Figure 7 that appears next, first specify the Diagnostic setting name. Then, select the Categories of events you want logged by clicking on the corresponding check boxes. To make sure that this test report valid values for all measures, select the Categories indicated by Figure 8. Then, from the Destination details section, select Send to Log Analytics workspace.

    Configuring Diagnostic Setting For Sending Activity Log To Log Analytis Workspace

    Figure 7 : Configuring a diagnostic setting for sending the Activity log to a Log Analytis Workspace

    Categories Of Activity Logs

    Figure 8 : The Categories of Activity logs to be sent to a Log Analytics Workspace

  1. Upon selecting this option, you will be required to select the Subscription for which this diagnostic setting applies and the Log Analytics workspace to which the Activity log has to be sent. Make sure that you select the Azure subscription being monitored from the Subscription drop-down. Also, ensure that you either select the Log Analytics workspace that you created earlier in this procedure, or that Log Analytics workspace that you have used as the destination for all other logs that eG monitors.

  2. Finally, to save the configuration, click on the Save button in Figure 7.