Adding Auditd Logs to Azure Log Analytics
In my last post entitled Forwarding Syslog to Azure Log Analytics we setup our Linux VMs to send Syslog data for centralized collection to Azure Log Analytics. This allowed us to capture all our Syslog data as well as setup alerts for anomalous behavior in our logs. In this post we want to take it a step further and add auditd to our Linux VMs and setup some very specific auditing rules around file access and modifications and send those to Log Analytics as well.
Forwarding Syslog to Azure Log Analytics
I was recently tasked with coming up with a solution that enabled several different types of information related to Azure VMs to be collected and reported on. Types of information included application logs, operating system logs and Azure activity logs. Readers of this blog may not know that Azure has a product called Log Analytics that is similar to Splunk (except for the cost) that can capture and report on just about any kind of logs you can imagine. In this post we’ll take a look at what goes into getting syslog information into Log Analytics and then running some basic queries against those logs.
Using SSH Tunnel with RDP
In this post we’ll take a look at what it takes to connect to an Azure DevTest Lab when you only have outbound access to connect to resources on port 443. I was recently working with a customer who could only connect outbound on port 443 and they wanted to use Remote Desktop Protocol (RDP) to connect to a Windows VM running in a DevTest Lab. There are a few different ideas that we came up with but using SSH was a quick and dirty solution that got them connected quickly.
Publish a Jekyll Website with Azure DevOps
Haven’t you always wanted to setup your website so that every change you make to your repo produces the cooresponding change in production automatically? Well in this post we’ll look at how to setup Azure DevOps to monitor a GitHub repository that contains a Jekyll website and compile and publish on every commit to master.
Query Log Analytics from the Command Line
I’ve been doing some work with Azure Log Analytics lately and found the az tool limiting as it relates to querying Log Analytics. So like anyone who gets an itch and needs to scratch it, I decided to put something together myself to help make it a bit easier for me. So using Python and some awesome modules I wrote a little utility that could query Log Analytics and provide data back in a few different formats.