Configuring the eG Agent to Read Logs Sent to Log Analytics Workspaces

A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services. Each workspace has its own data repository and configuration but might combine data from multiple services.

Typically, logs are sent to a Log Analytics Workspace to:

• Correlate log data with other monitoring data collected by Azure Monitor.

• Consolidate log entries from multiple Azure subscriptions and tenants into one location for analysis together.

• Use log queries to perform complex analysis and gain deep insights on Activity Log entries.

• Use log alerts with Activity entries allowing for more complex alerting logic.

• Store log entries for longer than the log retention period.

You can use a single workspace for all your data collection. You can also create multiple workspaces based on requirements such as:

• The geographic location of the data.

• Access rights that define which users can access data.

• Configuration settings like pricing tiers and data retention.

The eG agent requires access to Log Analytics Workspace(s) for monitoring the following:

• Activity logs

• Firewall logs

• Diagnostic logs of VPN Gateways

To enable the eG agent to read these logs and report metrics, you need to follow the broad steps below:

• Configure all these logs to be sent to a single workspace. The procedure for this varies with the type of log. Therefore, use the links below to know how to configure the destination for each type of log that eG monitors:

  Configuring the Activity Log to be Sent to a Log Analytics Workspace

  Configuring the Firewall Logs to be Sent to a Log Analytics Workspace

  Configuring a VPN Gateway's Diagnostic Logs to be Sent to a Log Analytics Workspace

• Configure the eG tests monitoring these logs with the name of the appropriate Log Analytics Workspace