topic Re: How to connect with and retrieve logs from Azure Active Directory? in Getting Data In

How to connect with and retrieve logs from Azure Active Directory?

rubeniturrieta — Tue, 18 Aug 2015 19:37:27 GMT

Hi to everyone

I need to get logs from Azure AD (Active Directory for Microsoft Azure). Do you know how to do this?

I'll be grateful for any help

Regards

Re: How to connect with and retrieve logs from Azure Active Directory?

hettervik — Tue, 10 Nov 2015 14:39:59 GMT

Hi! Did you work this problem out? We're wondering about the same thing, where I'm currently investigating how to get data from Azure AD and ADFS into Splunk. Is it possible to install a Splunk forwarder "on" Azure, or is it better to have Azure send its data to, and write to file on, some other machine running a Splunk forwarder?

Re: How to connect with and retrieve logs from Azure Active Directory?

rubeniturrieta — Wed, 11 Nov 2015 15:25:44 GMT

Hi hettervi. No, i don't have this problem solved, i gave up 😞

Re: How to connect with and retrieve logs from Azure Active Directory?

bmacias84 — Wed, 11 Nov 2015 20:31:20 GMT

I believe you can with azure diagnostic storage. There are two add-ons have been published in apps.splunk.com. You will likely have to work with support to get the AD logs sent to the diagnostic storage then you should be gravy.

https://splunkbase.splunk.com/app/1586/
https://splunkbase.splunk.com/app/900/

Re: How to connect with and retrieve logs from Azure Active Directory?

hettervik — Thu, 12 Nov 2015 09:47:17 GMT

None of these apps are supported for 6.3.1, the Azure Diagnostics app haven't been updated since 2012, but they might work. Do you have any experience with these apps yourself? Do they access the API of Azure AD, or do you still have to forward your data from Azure AD to some server for them to work? I'm currently trying to figure out a way to make use of Windows Event Forwarder for forwarding of data from Azure AD, but I'm not sure if this is the way to go.

Re: How to connect with and retrieve logs from Azure Active Directory?

bmacias84 — Thu, 12 Nov 2015 21:32:57 GMT

no I have not had any experience with theses apps, but they do use the Azure API. Both apps should work since they are modular inputs which poll the API from a forwarder in your env. All you should need to do is contact Azure support to send your logs to there Diagnostics storage for you to retrieve from there API.