Topics on this page
Azure Monitor
Azure Monitor is an analytics and insights tool that monitors the operational health of your applications and provides system-wide visibility of your Network Security deployment. Azure Monitor collects metrics and logs data for your Network Security virtual appliance (NSVA) by monitoring IPS and inspection events. Learn more about Microsoft's Azure Monitor.
Azure Monitor Agent
Use the following steps to start using Azure Monitor Agent for Azure Monitor. Learn more about migrating to Azure Monitor Agent from Log Analytics agent in Azure.
Azure Monitor Agent is available in releases on or after August 1st, 2024. For users with NSVAs older than 2024.7, upgrade your Network Security virtual appliance to the latest version, and use the log commands below to disable the previous version of Azure Monitor.
-
Create the Log Workspace if you have not already.
-
Navigate to Log analytics workspace → + Add.
-
Fill in the Basics, Pricing tier, and Tags tabs.
- Click Review + Create → Create.
-
-
Configure your data collection rules. Learn more.
-
Verify your logs from the Azure Portal by following the steps below.
- Select your workspace.
- Select Logs → LogManagement → Syslog.
- Hover your mouse over Syslog, then click the eye icon. A preview of the data will appear.
- Click See in query editor.
Log commands for Azure Monitor
| Action | CLI Command |
|---|---|
| Enable or disable IPS event logging | edit > log > azuremonitor ips-event [enable][disable] |
| Enable or disable inspection event logging | edit > log > azuremonitor inspection-event [enable][disable] |
| Commit the changes | commit |
| Exit | exit |
| Save the changes | save-config -y |