英文:
Is there a way to create alerts for logs in Directory log in Azure Monitor?
问题
我正在尝试为 Azure Monitor 目录日志部分中特定的“将调用者分配到用户访问管理员角色”日志条目创建警报,以便在触发时可以发送电子邮件到特定地址。
但是,每当我点击该日志条目时,我都没有看到出现在特定订阅日志上的“新警报规则”按钮。所以我想知道是否有实际的方法来创建警报,或者也许有其他方式可以在“将调用者分配到用户访问管理员角色”日志条目出现时触发一些逻辑。
英文:
I am trying to create an alert for the specific "Assigns the caller to User Access Administrator role" log entry in the Azure Monitor Directory log section, so that when it is triggered, I can send an e-mail to a specific address.
However, whenever I click on said log entry, I don't get the "New Alert Rule" button that does appear on Suscription specific logs. So I was wondering if there is an actual way to create an alert, or maybe another way that I can trigger some logic when the "Assigns the caller to User Access Administrator role" log entry appears.
答案1
得分: 0
你在哪里看到这种事件?我不记得曾经看到过这种事件,也不知道你所说的“Azure Monitor Directory log section”具体指的是什么,但似乎与Azure AD有关,不是吗?
我建议你为Azure AD创建一个诊断设置,将其日志发送到一个Log Analytics Workspace,然后使用KQL查询检索此事件,并基于查询结果创建一个警报规则。
你只需要知道这种事件属于哪个类别,因为Active Directory日志中有几个可用的类别,你应该只导出你真正需要的内容,但你可能在看到日志消息的地方已经有了这些信息。
英文:
Where did you see this kind of event? I don´t remember to have already seen this kind of event and I don´t know what exactly did you mean by "Azure Monitor Directory log section", but it seems to be related to Azure AD, isn´t it?
I would say that you should create a Diagnostic Setting for your Azure AD to send its logs to a Log Analytics Workspace, and then use a KQL query to retrieve this event and create an alert rule for this query based on its results.
You just have to know in which category this kind of event exists, as there are several categories available in Active Directory logs and you should export just what you really need, but you may have this information available where you have seen the log message.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论