Azure Monitor is an analytics and insights tool that monitors the operational health of your applications and provides system-wide visibility of your Network Security deployment. Azure Monitor collects metrics and logs data for your Network Security virtual appliance by monitoring IPS and inspection events. Learn more about Microsoft's Azure Monitor.
Create the Log Workspace
- Navigate to Log analytics workspace → + Add.
- Fill in the Basics, Pricing tier, and Tags tabs.
- Click Review + Create → Create.
The workspace ID and key information are required to ensure Network Security and Azure Monitor communicate with each other.
- Select your workspace, then select Advanced settings.
- Select Agents management.
- Copy and paste the Workspace ID and Primary key into a text editor.
These values will be used in the CLI commands listed below.
Here are some of the most common commands you will use for your Network Security virtual appliance:
|Enable or disable IPS event logging||
|Enable or disable inspection event logging||
|Set workspace ID and key||
|Commit the changes||
|Save the changes||
|Show the Azure Monitor status||
|Show the Azure Monitor configuration||
View the logs
You can manually query the logs and data collected by Azure Monitor by using Microsoft's query language, or follow the steps below.
- Select your workspace.
- Select Logs → LogManagement → Syslog.
- Hover your mouse over Syslog, then click the eye icon. A preview of the data will appear.
- Click See in query editor.