Using Azure Log Analytics with Aviatrix

black samsung tablet computer
Photo by PhotoMIX Company on Pexels.com

Special thanks to Jorge, Manny, and Alex!

What is Log Analytics

Log Analytics is a SaaS offering from Microsoft that helps you collect and report against data generated by resources in Azure or from your on-premises environment. It is a very powerful tool can hold and analyze millions of records using the Kusto query language.

Workspace

Log Analytics is a tool in the Azure portal that’s used to edit and run log queries with data in Azure Monitor Logs.

A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Each workspace has its own data repository and configuration but might combine data from multiple services.

Log Forwarder

To ingest Syslog into Log Analytics from Aviatrix appliances, which you can’t install the Log Analytics agent directly as of today, you’ll need to use a Linux machine that will collect the logs from the controller and gateways and forward them to Microsoft Log Analytics workspace. This machine has two components that take part in this process:

  • A syslog daemon
  • The Log Analytics Agent (also known as the OMS Agent)
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog

Linux Deployment

I’m going to use an Ubuntu running 20.04 LTS on top of a X64:

NSG configuration:

  • create an inbound security rule allowing AVX Controller and Gateways to access the VM on tcp port 514

Agent Installation

We use the Data Collection Rules to install the Azure Monitor Agent:

Checking the Log Forwarder agent:

Syslog Reception

Edit /etc/rsyslog.conf and remove comments from the following lines to enable rsyslog to work as a server:

module(load="imtcp")
input(type="imtcp" port="514")

Do not forget to restart the rsyslog daemon after the changes:

sudo service rsyslog restart

Aviatrix Configuration

The rsyslog configuration is done under Settings -> Logging -> Remote Syslog:

Testing

I ran a query to list 10 syslog events to test the configuration:

References

https://docs.microsoft.com/en-us/azure/azure-monitor/

One thought on “Using Azure Log Analytics with Aviatrix

Leave a Reply