Linking an Application's logs in multiple servers to Azure Log analytics RRS feed

  • Question

  • Consider i have 20 VMs and I've linked those VMs to log analytics workspace. I've an Firewall and Antivirus installed in 15 VMs. Now the log analytics workspace doesn't get the firewall and antivirus logs from those VMs.

    How do i configure workspace to collect application logs across 15 VMs?

    Wednesday, November 20, 2019 9:56 AM

All replies

  • Thanks for reaching out! AFAIK,all the firewall and antivirus logs for windows OS are stored in Event  viewer. To collect the data from this, i would suggest you to browse through this document which has detailed steps.

    Hope this helps!
    Thursday, November 21, 2019 4:38 AM
  • What  about the third party applications that generate log files?
    Monday, December 9, 2019 10:53 AM
  • Can you please specify an example of third party applications like is it still related to firewall and antivirus or something else?
    Monday, December 9, 2019 11:34 AM
  • Sophos Endpoint Protection.

    This application loads logs and i could see them in Event viewer. How do i get them to Log analytics?

    Wednesday, December 18, 2019 12:08 PM