Table of contents

Azure Monitor

Azure Monitor is an analytics and insights tool that monitors the operational health of your applications and provides system-wide visibility of your Network Security deployment. Azure Monitor collects metrics and logs data for your Network Security virtual appliance by monitoring IPS and inspection events. Learn more about Microsoft's Azure Monitor.

Create the Log Workspace

  1. Navigate to Log analytics workspace+ Add.
  2. Fill in the Basics, Pricing tier, and Tags tabs.
  3. Click Review + CreateCreate.

Obtain the workspace ID and key

The workspace ID and key information are required to ensure Network Security and Azure Monitor communicate with each other.

  1. Select your workspace, then select Advanced settings.
  2. Select Agents management.
  3. Copy and paste the Workspace ID and Primary key into a text editor.

These values will be used in the CLI commands listed below.

Log commands

Here are some of the most common commands you will use for your Network Security virtual appliance:

Action CLI Command
Enable or disable IPS event logging edit > log > azuremonitor ips-event [enable]
Enable or disable inspection event logging edit > log > azuremonitor inspection-event [enable]
Set workspace ID and key edit > log > azuremonitor workspace-id <ID> primary-key <Key>
Exit exit
Commit the changes commit
Exit exit
Save the changes save-config -y
Show the Azure Monitor status show azuremonitor
Show the Azure Monitor configuration show conf azuremonitor

View the logs

You can manually query the logs and data collected by Azure Monitor by using Microsoft's query language, or follow the steps below.

  1. Select your workspace.
  2. Select LogsLogManagementSyslog.
  3. Hover your mouse over Syslog, then click the eye icon. A preview of the data will appear.
  4. Click See in query editor.