我在让Azure虚拟机将诊断信息发送到事件中心时遇到一些问题。最终目标只是配置代理以提取事件日志并将其发送到事件中心,以供第三方SIEM使用。
我被建议沿着这条路线走,这似乎是最可行的选择,但是我无法将任何消息发送到事件中心。此时,由于所有内容似乎都已正确配置,因此我不确定我还能做什么。
任何建议都将不胜感激。
我能够看到对eventhub的请求进入了,但是发生了错误。 [1]
正在处理的请求-名称空间https://imgur.com/hKDkqgw无消息-namespacehttps://imgur.com/Cdbs5oU事件中心(evt)指标https://imgur.com/kbRBh0s
我的private.json文件
{
"storageAccountName": "storageaccountname",
"storageAccountKey": "connection string omitting prefixing ?",
"EventHub": {
"Url": "https://eventhub-ns.servicebus.windows.net/evt",
"SharedAccessKeyName": "SendRule",
"SharedAccessKey": "KEY base64 encoded"
}
}
我的publicconfig.json文件
{
"StorageAccount": "storageaccountname",
"WadCfg": {
"DiagnosticMonitorConfiguration": {
"overallQuotaInMB": 5120,
"Metrics": {
"resourceId": "/subscriptions/subid/resourceGroups/test1/providers/Microsoft.Compute/virtualMachines/vm1",
"MetricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
]
},
"DiagnosticInfrastructureLogs": {
"scheduledTransferLogLevelFilter": "Error",
"scheduledTransferPeriod": "PT1M"
},
"PerformanceCounters": {
"scheduledTransferPeriod": "PT1M",
"sinks": "HotPath",
"PerformanceCounterConfiguration": [
{
"counterSpecifier": "\\Processor(_Total)\\% Processor Time",
"sampleRate": "PT3M"
},
{
"counterSpecifier": "\\Memory\\Available MBytes",
"sampleRate": "PT3M"
},
{
"counterSpecifier": "\\Web Service(_Total)\\ISAPI Extension Requests/sec",
"sampleRate": "PT3M"
}
]
},
"WindowsEventLog": {
"scheduledTransferPeriod": "PT1M",
"sinks": "HotPath",
"DataSource": [
{
"name": "Application!*[System[(Level=1 or Level=2 or Level=3)]]"
},
{
"name": "System!*[System[(Level=1 or Level=2 or Level=3)]]"
},
{
"name": "Security!*[System[(band(Keywords,13510798882111488))]]"
}
]
},
"Directories": {
"scheduledTransferPeriod": "PT1M"
},
"SinksConfig": {
"Sink": [
{
"name": "HotPath",
"EventHub": {
"Url": "https://eventhub-ns.servicebus.windows.net/evt",
"SharedAccessKeyName": "SendRule"
}
}
]
}
}
}
}
无法找到指标表以外的任何错误消息
@@ Pulsar您是否能够解决此问题?我遇到了同样的问题