From b86a7a279f9474603ae8b4bae4bf579828fa603a Mon Sep 17 00:00:00 2001 From: Jake Lee Date: Thu, 20 Feb 2025 10:16:48 -0800 Subject: [PATCH 1/2] Update audit.md removing references to old collection arm template that does not exist --- docs/integrations/microsoft-azure/audit.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/integrations/microsoft-azure/audit.md b/docs/integrations/microsoft-azure/audit.md index e0dc930f2e..8200c761d6 100644 --- a/docs/integrations/microsoft-azure/audit.md +++ b/docs/integrations/microsoft-azure/audit.md @@ -31,9 +31,10 @@ In this step, you configure a pipeline for shipping logs from [Azure Monitor](ht 1. Select the log type in **Category details** that you want to ingest. 1. Select the **Stream to an event hub** checkbox and then select the following: * **Subscription.** Pull-down, select a subscription. - * **Event hub namespace.** If you have chosen Method 1 (Azure Event Hubs Source) for collecting logs, select the **EventHubNamespace** created manually, or else if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select `SumoAzureLogsNamespace` namespace created by the ARM template. - * **Event hub name (optional).** If you have chosen Method 1 (Azure Event Hub Source) for collecting logs, select the event hub name, which you created manually, or if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select **insights-operational-logs**. - * **Event hub policy name.** Leave the default policy, **RootManageSharedAccessKey**, or select another as desired.
diagnostic-setting-audit.png + * **Event hub namespace.** + * **Event hub name (optional).** + * **Event hub policy name.** Leave the default policy, **RootManageSharedAccessKey**, or select another as desired. +
diagnostic-setting-audit.png 1. Click **Save.** ## Installing the Azure Audit app From eb50161de9826432a7b95225d2639d3c0935c9ee Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Thu, 20 Feb 2025 13:23:34 -0600 Subject: [PATCH 2/2] Updates from review --- docs/integrations/microsoft-azure/audit.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/integrations/microsoft-azure/audit.md b/docs/integrations/microsoft-azure/audit.md index 8200c761d6..9cc3d759a6 100644 --- a/docs/integrations/microsoft-azure/audit.md +++ b/docs/integrations/microsoft-azure/audit.md @@ -30,10 +30,10 @@ In this step, you configure a pipeline for shipping logs from [Azure Monitor](ht 1. In the **Activity Log** window, click **Export Activity Logs**.
activity-log 1. Select the log type in **Category details** that you want to ingest. 1. Select the **Stream to an event hub** checkbox and then select the following: - * **Subscription.** Pull-down, select a subscription. - * **Event hub namespace.** - * **Event hub name (optional).** - * **Event hub policy name.** Leave the default policy, **RootManageSharedAccessKey**, or select another as desired. + * **Subscription**. Select a subscription. + * **Event hub namespace**. Select the namespace. + * **Event hub name (optional)**. Select the hub name. + * **Event hub policy name**. Leave the default policy, **RootManageSharedAccessKey**, or select another as desired.
diagnostic-setting-audit.png 1. Click **Save.**