Comment on page
Azure sources allow you to ingest different types of Azure logs. Currently we only support Azure Activity Logs.
Azure Activity Logs allow you to view the actions taken in your Azure subscription.
There are three sections involved when setting up your Azure logging.
- 1.Forwarding the Azure Activity Logs to an Azure Event Hub
- 2.Create your RunReveal source to ingest Azure Activity logs
- 3.Setting up the provided Azure Function to trigger on new events and forward to RunReveal
RunReveal relies on Azure forwarding logs to an Event Hub namespace. Navigate to the Azure Event Hub Resource page and follow along with the Microsoft documentation to create a namespace and event hub.
Once created you can set up activity logs to export to the event hub. On the Activity Log resource page, click on the "Export Activity Logs" button.
On the diagnostic settings page, add a new diagnostic setting. Give the diagnostic setting a name, choose the categories you wish to include in your events, and select "Stream to an event hub" filling in the details with the event hub that was created.
On the sources page choose the Azure Activity Log source and give it a descriptive name. Once created make note of the webhook url, this will be needed when setting up the Azure function.
The last step is hooking everything together. RunReveal provides a prebuilt Azure Function that can be used to forward the event hub messages to your RunReveal source. Navigate to our GitHub repo to view the source code of the Azure Function getting deployed. Click on the above button to start the Azure deployment.
To get started fill in the Subscription, resource group, and function name. Select the event hub namespace where the logs are sent and the access policy that will be used to read events. The GitHub repo and branch are used to download the function source code. Keep these default unless you plan to fork the repo to your own GitHub account.
Check the "Enable Activity Log Event Hub Functions" box to bring up the options for Activity Logs. Fill in the RunReveal webhook URL that was obtained earlier. Then select the event hub and consumer group that are being used to store the activity logs.
Once created Azure will begin the deployment of the function. This may take a few minutes, but when complete logs should begin flowing to RunReveal.