Azure Monitor: Send monitoring data to an event hub

Postado em 12 dezembro, 2017

Program Manager II, Azure Monitor

With Azure Monitor’s diagnostic settings you can set up your resource-level diagnostic logs and metrics to be streamed to any of three destinations including a storage account, an Event Hubs namespace, or Log Analytics. Sending to an Event Hubs namespace is a convenient way to stream Azure logs from any source into a custom logging solution, 3rd party SIEM product, or other logging tool.

Previously, you could only route your resource diagnostic logs to an Event Hubs namespace, in which an event hub was created for each category of data sent. Now, you can optionally specify which event hub within the namespace should be used for a particular diagnostic setting. This is helpful if you are routing multiple types of logs to a single endpoint, for example, a SIEM connector. Rather than having to configure that endpoint to read from multiple event hubs, you can simply route all log types to a single event hub and have your endpoint listen to that one source.

You can try this out today in the Azure Portal by creating or modifying a diagnostic setting and selecting “Stream to an event hub”.

Diagnostics settings

This can also be set up using a Resource Manager template. PowerShell and CLI support will follow in the coming months. Try it out and let us know your thoughts!