Last active
October 14, 2024 23:46
-
-
Save manasmbellani/a2f49ba9201328e81bc1e023d1ccb863 to your computer and use it in GitHub Desktop.
Script to send sample log to Azure Log Analytics workspace using Azure Monitor Data Collector API: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell. Based on tutorial from Terence Luk: https://terenceluk.blogspot.com/2022/03/using-powershell-to-send-custom-log.html. Response = 200 indicates log was wr…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Replace with the Workspace Customer ID and Primary Key from Log Analytics Workspace already created in Azure | |
| # where logs should be forwarded under Settings > Agents > Log Analytics Agent Instructions | |
| $customerId = "1.....3" | |
| $sharedKey = "c.....=" | |
| # Change this to define the table name in Azure Log Analytics workspace. Table name is | |
| # CustomLog_CL | |
| $logType = "CustomLog" | |
| # Change this to change the log to send to Azure Log Analytics workspace | |
| $jsondata = @" | |
| [ | |
| { | |
| "time": "2024-10-14T07:12:35Z", | |
| "computer": "myComputer", | |
| "event": "UserLogin", | |
| "details": { | |
| "username": "user1", | |
| "status": "success" | |
| } | |
| } | |
| ] | |
| "@ | |
| Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource) | |
| { | |
| $xHeaders = "x-ms-date:" + $date | |
| $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource | |
| $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) | |
| $keyBytes = [Convert]::FromBase64String($sharedKey) | |
| $sha256 = New-Object System.Security.Cryptography.HMACSHA256 | |
| $sha256.Key = $keyBytes | |
| $calculatedHash = $sha256.ComputeHash($bytesToHash) | |
| $encodedHash = [Convert]::ToBase64String($calculatedHash) | |
| $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash | |
| return $authorization | |
| } | |
| Function Post-LogAnalyticsData($customerId, $sharedKey, $body, $logType) | |
| { | |
| $method = "POST" | |
| $contentType = "application/json" | |
| $resource = "/api/logs" | |
| $rfc1123date = [DateTime]::UtcNow.ToString("r") | |
| $contentLength = $body.Length | |
| $signature = Build-Signature ` | |
| -customerId $customerId ` | |
| -sharedKey $sharedKey ` | |
| -date $rfc1123date ` | |
| -contentLength $contentLength ` | |
| -method $method ` | |
| -contentType $contentType ` | |
| -resource $resource | |
| $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" | |
| $headers = @{ | |
| "Authorization" = $signature; | |
| "Log-Type" = $logType; | |
| "x-ms-date" = $rfc1123date; | |
| "time-generated-field" = $TimeStampField; | |
| } | |
| $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing | |
| return $response.StatusCode | |
| } | |
| Post-LogAnalyticsData -customerId $customerId -sharedKey $sharedKey -body ([System.Text.Encoding]::UTF8.GetBytes($jsondata)) -logType $logType |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment