Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Web interface
  4. /
  5. Sources
  6. /
  7. Azure Log Analytics

Azure Log Analytics

Logmanagers Azure Log Analytics Component utilizes the Azure Monitor Logs service to pull activity logs from Azure environments: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs.

How it works

The LM Azure component connects to your Log Analytics Workspace (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs#log-analytics-workspace) and queries the AzureActivity table at 30-second intervals (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/azureactivity).

Logs pulled from the AzureActivity table provide insights into operations executed against each Azure resource in your subscription. This data helps you determine what action was taken, by whom, and when.

Logs collected via this component only contain information about activities in the Azure environment. Logs generated within individual resources (e.g., Nginx logs on a virtual machine) are not collected. You will need a separate solution to collect such logs.

Configuration

Configure Authentication and API Permissions

LM Azure Log Analytics component uses Azure API to retrieve logs from Log Analytics Workspace. Therefore, authentication and proper API permissions are required:

  1. Create Log Analytics Workspace: https://learn.microsoft.com/en-gb/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal
  2. Set up authentication and assign API permissions: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api?tabs=rest#set-up-authentication. When registering the application, make sure to save the “client secret” generated during this step. You’ll need it later.

Configure the LM Azure Log Analytics component

With authentication configured and API permissions granted, you can now add a new Azure Log Analytics component configuration:

  1. In the Logmanager UI, navigate to: Sources → Azure Log Analytics → Create New.
  2. Fill in the following fields and save:
  • Workspace ID and Subscription ID - available in Azure → Log Analytics Workspace → Overview
  • Client ID and Tenant ID - found under Entra → App Registrations → <your app name> → Overview
  • Client Secret - created in step 2

Forward Logs to Your Log Analytics Workspace

With the component configuration complete, start forwarding logs to your Log Analytics Workspace, from where the LM Azure Log Analytics component can collect them:

  1. Go to Azure → Monitor → Activity Log and click Export Activity Log
  2. Click Add Diagnostic Setting
  3. Give it a meaningful name
  4. Select log categories you are interested in. Some categories can be very noisy and may not provide useful information. You can learn more about log categories here: https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema#categories
  5. In Destination details select Send to Log Analytics workspace
Diagnostic setting

Diagnostic setting

gdoc_arrow_left_alt SQL VMware gdoc_arrow_right_alt