I am looking all over in Microsofts docs to figure out how to stream an existing Azure deployed Windows VM and have it start streaming logs to a newly created event hub. In particular the Windows Event logs containing security, application, and system
logs. I ran across this docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/azure-diagnostics which looks like it is possible. It refers to using Visio Studio etc... How can I modify the existing VM. I am just not sure how to get started
and what to modify to enable this. Is this something I do with the portal? Or directly through powershell? I have already setup an event hub and followed docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-stream-activity-logs-event-hubs
to get the portal activity log to work. I then have my SIEM (Qradar) connect to the eventhub and see those event successfully so I know the activity log portioin is working correctly. It seems like a simple task but I just do not know where to
start. I wish there was a video demostrating this.
↧