Category Archives: Log

Integrate Azure AD logs with Azure Log Analytics

Posted on by
Reply
 

Integrate Azure AD logs with Azure Log Analytics

This post describes how to Integrate Azure AD logs with Azure Log Analytics. We know log Analytics allows to perform tasks like

  • query data to find particular events
  • analyze trends
  • perform correlation across various data sources

Integrate Azure AD logs with Azure Log Analytics will help to perform tasks like:

  • Compare Azure AD sign-in logs against security logs published by Azure Security Center
  • Troubleshoot performance bottlenecks on application’s sign-in page by correlating application performance data from Azure Application Insights

How to Send logs to Log Analytics

Follow the steps below to send logs to log analytics

  • Sign in to the Azure portal
  • Navigate to Azure Active Directory ->Diagnostic settings->Add diagnostic setting.
  • Under “Diagnostic settings” menu, select “Send to Log Analytics” check box, and then select “Configure”.
  • We can select either the Log Analytics workspace we want to send the logs to, or can create a new workspace in the provided dialog box.
Integrate Azure AD logs with Azure Log Analytics 1209x526
  • Next select either or both from “LOG”. Select “AuditLogs” check box to send audit logs to Log Analytics workspace, select “SignInLogs” check box to send sign-in logs to Log Analytics workspace.
  • Click on “Save” to save the setting.
  • After few minutes at least 15 minutes you notice events are streamed to Log Analytics workspace.

log management open source

Posted on by
Reply

log management open source

In this article we will discuss about log management open source. How to manage log using powershell. Below are points we will check using powershell.

  • Check what are the diagnostic provider
  • How to disable or enable event log provider
  • ULS log settings or sharepoint 2016 logs location
  • Change ULS log settings or sharepoint 2016 logs location
  • How to find ULS logging level
  • Set ULS log verbose

Check what are the diagnostic provider

we can use the powershell cmdlet “Get-SPDiagnosticsProvider” to check what are the diagnostic provider.

log-management_1589x611

How to disable or enable event log provider

We can run the below to command to disable event log provider that is “job-diagnostics-event-log-provider” provider.

Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$false
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider
job-diagnostics-event-log-provider-1581x277

We can run the below to command to enable event log provider that is “job-diagnostics-event-log-provider” provider

Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$true
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider
enable-job-diagnostics-event-log-provider-1577x268

ULS log settings or sharepoint 2016 logs location

We can run the command “Get-SPDiagnosticConfig” to get ULS  logging settings

Get-SPDiagnosticConfig
Get-SPDiagnosticConfig-1315x687

Change ULS log settings or sharepoint 2016 logs location

we can run the command “Set-SPDiagnosticConfig” to Change ULS log settings or sharepoint 2016 logs location.

PS C:\> Set-SPDiagnosticConfig -DaysToKeepLogs 7 -LogLocation "E:\Logs" -EventLogFloodProtectionEnabled
PS C:\> Get-SPDiagnosticConfig
change-sharepoint-2016-logs-location-1317x712
diagnostic-logging-1255x665

How to find ULS logging level

We can run the command “Get-SPLogLevel” to find ULS logging level.

Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel-1314x534

Set ULS log verbose

we can set ULS log Verbose and categories by using “Set-SPLogLevel

Set-SPLogLevel -TraceSeverity verbose -EventSeverity verbose -Identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"
Set-SPLogLevel-1317x625

Create new log file

we can create a new log file by running the command below.

New-SPLogFile
new-splogfile-1316x108

Windows server Task scheduler Monitoring event id 111

Posted on by
Reply

The history of a task is tracked by events. These events can be viewed in Task Scheduler for each task to track when the task was registered, run, and when it completed or failed. The progress of a task can be monitored through its history. A task can be controlled by running or stopping the task manually (on-demand).

Event Details

Product:  Windows Operating System
ID:  111
Source:  Microsoft-Windows-TaskScheduler
Version:  6.1
Symbolic Name:  JOB_TERMINATION
Message:  Task Scheduler terminated the “%2” instance of the “%1” task due to exceeding the time allocated for execution, as configured in the task definition. Increase the configured task timeout or investigate external reasons for the delay.

Resolve

Fix task configuration settings

The task was stopped due to a configured setting. Possible causes include:
•The task ran for longer than the maximum configured run time.
•The task was configured to stop when the computer switched to battery power.
•The task was configured to stop when the computer is no longer idle.
•The task was configured to stop when a new instance of the task is triggered.

This behavior might be as expected. However, if the behavior was unexpected you can reconfigure the task configuration settings.

To update the task settings and conditions:

  1. Click the Start button and type Task Scheduler in the Start Search box.
  2. Select the Task Scheduler program to start Task Scheduler.
  3. Select the task to configure by locating the task in the task folder hierarchy. Right-click the task, and select Properties.
  4. On the Settings and Conditions tabs, update the task settings and conditions.
  5. Click OK.

Verify

To verify that the execution of a task has completed as expected:

  1. Click the Start button and type Task Scheduler in the Start Search box.
  2. Select the Task Scheduler program to start Task Scheduler.
  3. Select the task to run by locating the task in the task folder hierarchy.
  4. On the Actions menu click Run. You can also click Run in the Actions pane.
  5. Click the History tab for the task to verify that it contains events indicating the task was registered successfully. Also, ensure that the task completed successfully or that the task timed out as expected.