Skip to content
/ AzLogDcrIngestPSLogHub Public

Solution that acts as an intermediate hub for "no internet connected" endpoints or incompliant endpoints, where you will be sending data using Azure Pipeline/Log Ingestion API

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KnudsenMorten/AzLogDcrIngestPSLogHub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
LOGHUB/MODULES
LOGHUB/MODULES
 
 
img
img
 
 
.gitattributes
.gitattributes
 
 
AzDcrLogIngestPSLogHub.ps1
AzDcrLogIngestPSLogHub.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AzLogDcrIngestPSLogHub

Solution that acts as an intermediate hub for "no internet connected" endpoints or incompliant endpoints, where you will be sending data using Azure Pipeline/Log Ingestion API

Quick links

Video of "log-hub" solution (2 min)
Learn more about AzLogDcrPS powershell module
ClientInspector - cool solution using AzLogDcrIngestPS module

Flow highlevel

Architecture

Detailed flow

Data collection

Instead of sending to DCE/Azure Pipeline, server sends JSON-file to specific UNC-path (LogHubPath). Collection from REST endpoint - ServerInspector

Upload format

Data-format contains the following fields Format of JSON data-file coming from REST endpoint

Temporary inbound location (max 10 sec)

Files are sent to teporary loghub path and kept there for max 10 sec. Inbound folder from endpoints

Upload to Azure

On the Log-hub server, there is a job, which is scanning the LogHubPath for new files (every 10 sec) It will process the files and send it to the correct DCE – with DCR information – and if succesfully, delete the file.

Data being uploaded by log-hub (AzLogDcrIngestPSLogHub script)

Onboarding

You need to adjust the variable-section according to the settings you have in for example ClientInspector.

Please note these 2 settings are specific for the log hub

    $LogHubUploadPath                           = "\\<servername>\logupload$\INBOUND"
    $LogHubPsModulePath                         = "\\<servername>\logupload$\MODULES"

All settings


    $TenantId                                   = "" 
    $LogIngestAppId                             = "" 
    $LogIngestAppSecret                         = "" 

    $DceName                                    = "" 
    $LogAnalyticsWorkspaceResourceId            = "" 
    $AzDcrResourceGroup                         = ""
    $AzDcrPrefix                                = "" 
    $AzDcrSetLogIngestApiAppPermissionsDcrLevel = $false
    $AzDcrLogIngestServicePrincipalObjectId     = "" 
    $AzLogDcrTableCreateFromReferenceMachine    = @()
    $AzLogDcrTableCreateFromAnyMachine          = $false

    $LogHubUploadPath                           = "\\<servername>\logupload$\INBOUND"
    $LogHubPsModulePath                         = "\\<servername>\logupload$\MODULES"

About

Solution that acts as an intermediate hub for "no internet connected" endpoints or incompliant endpoints, where you will be sending data using Azure Pipeline/Log Ingestion API

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages