Dev.to

Streaming Azure DevOps auditlogs to azure monitor

Introduction As a platform team, one of the platforms we manage is Azure DevOps. The users and teams using the platform keep growing, and with this growth, we need to implement more tools to maintain control and security without requiring additional time. One of the tasks is monitoring the audit logs. Unfortunately, the user interface within Azure DevOps is not user-friendly. The only filter available is a time range, but when you want to use the logs, you need to filter by team project, organization, or user. Another important tool that is missing is alerts. Improving monitoring To help us improve the monitoring of these logs, we set up a stream to a log analytics workspace in Azure. However, this did not work out of the box, and we received the error message "Forbidden". This meant that the log analytics resource returned an HTTP 403, even though we set it up as publicly available. After some research, we found out that the feature "disableLocalAuth" was set to true, which blocks the connection with a key. After setting this to false, configuring the stream worked! The Bicep code to deploy the log analytics workspace is: module logWorkspaceAdo 'br/public:avm/res/operational-insights/workspace:0.11.0' = { params: { name: 'log-${resourceName}-001' location: location publicNetworkAccessForIngestion: 'Enabled' publicNetworkAccessForQuery: 'Enabled' features: {disableLocalAuth: false} tags: tags } } After this, we can easily implement workbooks, alerts, or create a report in Power BI. I hope this helps you set up the stream if you had the same problem as me.

Apr 19, 2025 - 13:21
 0
Streaming Azure DevOps auditlogs to azure monitor

Introduction

As a platform team, one of the platforms we manage is Azure DevOps. The users and teams using the platform keep growing, and with this growth, we need to implement more tools to maintain control and security without requiring additional time.

One of the tasks is monitoring the audit logs. Unfortunately, the user interface within Azure DevOps is not user-friendly. The only filter available is a time range, but when you want to use the logs, you need to filter by team project, organization, or user. Another important tool that is missing is alerts.

Improving monitoring

To help us improve the monitoring of these logs, we set up a stream to a log analytics workspace in Azure. However, this did not work out of the box, and we received the error message "Forbidden".

This meant that the log analytics resource returned an HTTP 403, even though we set it up as publicly available. After some research, we found out that the feature "disableLocalAuth" was set to true, which blocks the connection with a key.

After setting this to false, configuring the stream worked! The Bicep code to deploy the log analytics workspace is:

module logWorkspaceAdo 'br/public:avm/res/operational-insights/workspace:0.11.0' = {
  params: {
    name: 'log-${resourceName}-001'
    location: location
    publicNetworkAccessForIngestion: 'Enabled'
    publicNetworkAccessForQuery: 'Enabled'
    features: {disableLocalAuth: false}
    tags: tags
  }
}

After this, we can easily implement workbooks, alerts, or create a report in Power BI.

I hope this helps you set up the stream if you had the same problem as me.

Read More

Tags:

Previous Article

I Spent 45 Hours To Built this Image Compressor Give Your Thoughts On it

Next Article

take my game dev ideas. I’m done.

Related Posts

Meta’s $200 Billion AI Data Center Expansion Plans

Meta’s $200 Billion AI Data Center Expansion Plans

Feb 26, 2025  0

RT

RT

Apr 9, 2025  0

Manus AI: The Future of Autonomous Artificial Intelligence

Manus AI: The Future of Autonomous Artificial Intellige...

Apr 16, 2025  0