- OS Support
- Enterprise Edition Reference Manual
- 136. Man Pages
- 137. Configuration
- 138. Language
- 139. Extension Modules
- 140. Input Modules
- 140.1. Process accounting (im_acct)
- 140.2. AIX auditing (im_aixaudit)
- 140.3. Azure (im_azure)
- 140.4. Batched compression (im_batchcompress)
- 140.5. Basic Security Module Auditing (im_bsm)
- 140.6. Check Point OPSEC LEA (im_checkpoint)
- 140.7. DBI (im_dbi)
- 140.8. Event Tracing for Windows (im_etw)
- 140.9. External programs (im_exec)
- 140.10. File (im_file)
- 140.11. File integrity monitoring (im_fim)
- 140.12. Go (im_go)
- 140.13. HTTP(s) (im_http)
- 140.14. Internal (im_internal)
- 140.15. Java (im_java)
- 140.16. Kafka (im_kafka)
- 140.17. Kernel (im_kernel)
- 140.18. Linux Audit System (im_linuxaudit)
- 140.19. macOS ULS (im_maculs)
- 140.20. Mark (im_mark)
- 140.21. Event Logging for Windows XP/2000/2003 (im_mseventlog)
- 140.22. Event log for Windows 2008/Vista and later (im_msvistalog)
- 140.23. Null (im_null)
- 140.24. ODBC (im_odbc)
- 140.25. Packet capture (im_pcap)
- 140.26. Perl (im_perl)
- 140.27. Named pipes (im_pipe)
- 140.28. Python (im_python)
- 140.29. Redis (im_redis)
- 140.30. Windows Registry Monitoring (im_regmon)
- 140.31. Ruby (im_ruby)
- 140.32. TLS/SSL (im_ssl)
- 140.33. Systemd (im_systemd)
- 140.34. TCP (im_tcp)
- 140.35. Test Generator (im_testgen)
- 140.36. UDP (im_udp)
- 140.37. Unix domain sockets (im_uds)
- 140.38. Windows Performance Counters (im_winperfcount)
- 140.39. Windows Event Collector (im_wseventing)
- 140.40. ZeroMQ (im_zmq)
- 141. Processor Modules
- 142. Output Modules
- NXLog Manager
- NXLog Add-Ons
This module can be used to collect logs from Microsoft Azure applications.
|To examine the supported platforms, see the list of installer packages in the Available Modules chapter.|
Azure web application logging and storage can be configured with the Azure Management Portal.
After logging in to the Portal, click New on the left panel, select the Storage category, and choose the Storage account - blob, file, table, queue.
Create the new storage account. Provide a storage name, location, and replication type.
Click Create Storage Account and wait for storage setup to complete.
Go to Apps, select the application for which to enable logging, and click Configure.
Scroll down to the application diagnostic section and configure the table and blob storage options corresponding with the storage account created above.
Confirm the changes by clicking Save, then restart the service. Note that it may take a while for Azure to create the table and/or blob in the storage.
This mandatory directive specifies the authentication key to use for connecting to Azure.
This directive specifies the storage blob to connect to. One of BlobName and TableName must be defined (but not both).
This Boolean directive allows you to enable data compression when sending data over the network. The compression mechanism is based on the zlib compression library. If the directive is not specified, it defaults to FALSE (the compression is disabled).Note
Some Linux packages (for example, Debian) use the OpenSSL library provided by the OS and may not support the zlib compression mechanism. The module will emit a warning on startup if the compression support is missing. The generic deb/rpm packages are bundled with a zlib-enabled libssl library.
This mandatory directive specifies the name of the storage account from which to collect logs.
This directive specifies the storage table to connect to. One of BlobName and TableName must be defined (but not both).
This directive specifies the URL for connecting to the storage account and corresponding table or blob. If this directive is not specified, it defaults to
http://<table|blob>.<storagename>.core.windows.net. If defined, the value must start with
This boolean directive specifies that the remote connection should be allowed without certificate verification. If set to TRUE the remote will be able to connect with an unknown or self-signed certificate. The default value is FALSE: all HTTPS connections must present a trusted certificate.
This specifies the path to a directory containing certificate authority (CA) certificates, which will be used to check the certificate of the remote HTTPS client. The certificate filenames in this directory must be in the OpenSSL hashed format. A remote’s self-signed certificate (which is not signed by a CA) can also be trusted by including a copy of the certificate in this directory.
This specifies the path of the certificate authority (CA) certificate, which will be used to check the certificate of the remote HTTPS client. To trust a self-signed certificate presented by the remote (which is not signed by a CA), provide that certificate instead.
This optional directive specifies the certificate thumbprint of the certificate authority (CA), which is used to look up the CA certificate from the Windows certificate store. The hexadecimal fingerprint string can be copied straight from Windows Certificate Manager (certmgr.msc), whitespaces are automatically removed. This directive is only supported on Windows. This directive and the HTTPSCADir and HTTPSCAFile directives are mutually exclusive.
This specifies the path of the certificate file to be used for the HTTPS handshake.
This specifies the path of the certificate key file to be used for the HTTPS handshake.
This optional directive specifies the certificate thumbprint to be used for the SSL handshake. The hexadecimal fingerprint string can be copied straight from Windows Certificate Manager (certmgr.msc), whitespaces are automatically removed. This directive is only supported on Windows. This directive and the HTTPSCertFile and HTTPSCertKeyFile directives are mutually exclusive.
This specifies the path to a directory containing certificate revocation lists (CRLs), which will be consulted when checking the certificate of the remote HTTPS client. The certificate filenames in this directory must be in the OpenSSL hashed format.
This specifies the path of the certificate revocation list (CRL) which will be consulted when checking the certificate of the remote HTTPS client.
With this directive, a password can be supplied for the certificate key file defined in HTTPSCertKeyFile. This directive is not needed for passwordless private keys.
This boolean directive specifies that the remote HTTPS client must present a certificate. If set to TRUE and there is no certificate presented during the connection handshake, the connection will be refused. The default value is TRUE: each connection must use a certificate.
This directive can be used to set the allowed SSL/TLS protocol(s). It takes a comma-separated list of values which can be any of the following:
TLSv1.3. By default, the
TLSv1.3protocols are allowed. Note that the OpenSSL library shipped by Linux distributions may not support
SSLv3, and these will not work even if enabled with this directive.
This optional directive specifies the local port number of the connection. If not specified, a random high port number will be used, which may be unsuitable for firewalled network environments.
This directive specifies how frequently the module will check for new events, in seconds. If this directive is not specified, it defaults to 1 second. Fractional seconds may be specified (
PollInterval 0.5will check twice every second).
The following fields are used by im_azure.
A list of event fields in key-value pairs.
The timestamp of the event.
The ID of the process which generated the event.
The severity of the event, if available. The severity is mapped as follows.
Azure Severity Normalized Severity
The name of the application which generated the event, if available.
The ID of the thread which generated the event.