- Регистрация
- 1 Мар 2015
- Сообщения
- 14,564
- Баллы
- 155
Introduction
As a platform team, one of the platforms we manage is Azure DevOps. The users and teams using the platform keep growing, and with this growth, we need to implement more tools to maintain control and security without requiring additional time.
One of the tasks is monitoring the audit logs. Unfortunately, the user interface within Azure DevOps is not user-friendly. The only filter available is a time range, but when you want to use the logs, you need to filter by team project, organization, or user. Another important tool that is missing is alerts.
Improving monitoring
To help us improve the monitoring of these logs, we set up a stream to a log analytics workspace in Azure. However, this did not work out of the box, and we received the error message "Forbidden".
This meant that the log analytics resource returned an HTTP 403, even though we set it up as publicly available. After some research, we found out that the feature "disableLocalAuth" was set to true, which blocks the connection with a key.
After setting this to false, configuring the stream worked! The Bicep code to deploy the log analytics workspace is:
module logWorkspaceAdo 'br/public:avm/res/operational-insights/workspace:0.11.0' = {
params: {
name: 'log-${resourceName}-001'
location: location
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
features: {disableLocalAuth: false}
tags: tags
}
}
After this, we can easily implement workbooks, alerts, or create a report in Power BI.
I hope this helps you set up the stream if you had the same problem as me.
As a platform team, one of the platforms we manage is Azure DevOps. The users and teams using the platform keep growing, and with this growth, we need to implement more tools to maintain control and security without requiring additional time.
One of the tasks is monitoring the audit logs. Unfortunately, the user interface within Azure DevOps is not user-friendly. The only filter available is a time range, but when you want to use the logs, you need to filter by team project, organization, or user. Another important tool that is missing is alerts.
Improving monitoring
To help us improve the monitoring of these logs, we set up a stream to a log analytics workspace in Azure. However, this did not work out of the box, and we received the error message "Forbidden".
This meant that the log analytics resource returned an HTTP 403, even though we set it up as publicly available. After some research, we found out that the feature "disableLocalAuth" was set to true, which blocks the connection with a key.
After setting this to false, configuring the stream worked! The Bicep code to deploy the log analytics workspace is:
module logWorkspaceAdo 'br/public:avm/res/operational-insights/workspace:0.11.0' = {
params: {
name: 'log-${resourceName}-001'
location: location
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
features: {disableLocalAuth: false}
tags: tags
}
}
After this, we can easily implement workbooks, alerts, or create a report in Power BI.
I hope this helps you set up the stream if you had the same problem as me.