ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 71 discussion

Actual exam question from Microsoft's AZ-500
Question #: 71
Topic #: 4
[All AZ-500 Questions]

SIMULATION -
You plan to connect several Windows servers to the WS12345678 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.

Show Suggested Answer Hide Answer
Suggested Answer:
Azure Monitor can collect events from the Windows event logs or Linux Syslog and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected. Follow these steps to configure collection of events from the Windows system log and Linux Syslog, and several common performance counters to start with.

Data collection from Windows VM -
1. In the Azure portal, locate the WS12345678 Azure Log Analytics workspace then select Advanced settings.

2. Select Data, and then select Windows Event Logs.
3. You add an event log by typing in the name of the log. Type System and then select the plus sign +.
4. In the table, check the severities Error and Warning. (for this question, select all severities to ensure that ALL logs are collected).
5. Select Save at the top of the page to save the configuration.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
by dadageer at March 14, 2021, 2:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dadageer
Highly Voted 4 years, 4 months ago
No longer under advanced settings. You need to configure it from 'Agents configuration'
upvoted 23 times
OhBee
4 years, 4 months ago
Correct ^^
upvoted 1 times
...
...
Amit3
Highly Voted 2 years, 10 months ago
Now its under Settings -> Legacy agents management Under Windows event logs Log Name: System - check Error, Warning, Information Click Apply
upvoted 11 times
...
schpeter_091
Most Recent 9 months ago
1. Create a DCR 2.in the resources, add the server(s) you want to get the logs from 3. in data sources: select Windows event logs. Tick the options under System category. in Destination tab above, select the LAW where you wanna save the logs.(WS12345678) 4.save
upvoted 5 times
...
mrt007
1 year, 4 months ago
Sign in to the Azure portal. Navigate to Log Analytics workspaces. Select your workspace, in this case, it’s WS12345678. In the workspace’s left-hand menu, under Workspace Data Sources, select Windows Servers. Click on Add the connected sources and follow the instructions to connect your Windows servers. Once the servers are connected, go back to your workspace and select Advanced settings. Under DATA, select Windows Event Logs. Enter ‘System’ into the text box and click the ‘+’ button to add it to the list. Click Save at the top of the page.
upvoted 2 times
...
Macke53
2 years, 3 months ago
Go to Log Analytics Workspaces, select your workspace Go to Classic, then Legacy Agent Management Under Windows event logs, choose the ones you want
upvoted 2 times
...
Amit3
2 years, 10 months ago
Its now under 'Legacy Agent Management'
upvoted 3 times
...
certmonk
3 years, 2 months ago
No longer under advance settings. Refer https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events
upvoted 2 times
...
hello2tomoki
3 years, 5 months ago
Answer Sign in to Azure Portal Go to Log Analytics Workspaces, select your workspace Go to Agents configuration Select Windows event logs Click Add windows event log, select the event Select Error, Warning, Information event type Click Apply goto VM from Monitoring, select logs Enable
upvoted 7 times
tnagy
3 years ago
Sign in to Azure Portal Go to Log Analytics Workspaces, select your workspace Go to Agents configuration Select Windows event logs Click Add windows event log, select the event Select Error, Warning, Information event type Click Apply Go to "VM" page from Insights, Enable https://docs.microsoft.com/en-us/azure/azure-monitor/vm/tutorial-monitor-vm-enable
upvoted 4 times
...
...
imie
3 years, 7 months ago
in Exam 31 Dec 2021.
upvoted 2 times
haitao1234
3 years, 3 months ago
Suggest to disable this use since he is replying to all simulations with "in exam"
upvoted 3 times
...
...
Fred64
4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/azure-monitor/vm/quick-collect-azurevm#enable-the-log-analytics-vm-extension Don't forget to connect vm to log analytics
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel