Topics on this page
Azure Monitor
Azure Monitor is an analytics and insights tool that monitors the operational health of your applications and provides system-wide visibility of your Network Security deployment. Azure Monitor collects metrics and logs data for your Network Security virtual appliance by monitoring IPS and inspection events. Learn more about Microsoft's Azure Monitor.
Create the Log Workspace
- Navigate to Log analytics workspace → + Add.
- Fill in the Basics, Pricing tier, and Tags tabs.
- Click Review + Create → Create.
Obtain the workspace ID and key
The workspace ID and key information are required to ensure Network Security and Azure Monitor communicate with each other.
- Select your workspace, then select Advanced settings.
- Select Agents management.
- Copy and paste the Workspace ID and Primary key into a text editor.
These values will be used in the CLI commands listed below.
Log commands
Here are some of the most common commands you will use for your Network Security virtual appliance:
Action | CLI Command |
---|---|
Enable or disable IPS event logging | edit > log > azuremonitor ips-event [enable] |
Enable or disable inspection event logging | edit > log > azuremonitor inspection-event [enable] |
Set workspace ID and key | edit > log > azuremonitor workspace-id <ID> primary-key <Key> |
Exit | exit |
Commit the changes | commit |
Exit | exit |
Save the changes | save-config -y |
Show the Azure Monitor status | show azuremonitor |
Show the Azure Monitor configuration | show conf azuremonitor |
View the logs
You can manually query the logs and data collected by Azure Monitor by using Microsoft's query language, or follow the steps below.
- Select your workspace.
- Select Logs → LogManagement → Syslog.
- Hover your mouse over Syslog, then click the eye icon. A preview of the data will appear.
- Click See in query editor.