Azure Log Streaming
Overview
Azure Log Analytics is a service that allows you to collect and query vital information about your services and applications in your Azure account. We can use Azure Log Analytics Workspace to collect and consolidate the SFTP Gateway logs one location.
Note: This is unavailable in version 3.3.3
and any following versions that are on Ubuntu 22.04
due to incompatibility with the OMSAgent.
Creating an Azure Log Analytics Workspace
To create an Azure Log Analytics Workspace:
Go to the Azure Log Analytics Workspace service
Click Create
Choose your subscription, region, and resource group
Note: you can add this to your SFTP Gateway resource group or an individual resource group
Give the log workspace a descriptive name and click "Review + Create"
Configure SFTP Gateway With Log Agent
To configure the log agent in SFTP Gateway:
In the Log Analytics Workspace, Go to Agents Management
Under the Linux Servers tab, click the copy button on the Download Agent For Linux field
SSH to SFTP Gateway server and run the command:
sudo apt install python3.9
then paste the agent download and onboarding link
This will download the Azure log agent and run through the onboarding script that will install the agent and connect it to your Log Analytics Workspace.
Configure Log Collection
In the Log Analytics Workspace under Settings, go to the Custom Logs
Click Add Custom Log
This will bring you to a page that will ask you to upload an Example log so that Log Analytics can parse the log data and understands how the log file is laid out. Sftp Gateway has 2 log files that can be collected. Bellow is a downloadable example of both files. Download both example log files.
- Example application log file
- Example sftp-audit log file
Choose one of the log files, to start, and upload the example log file. Then hit Next
Keep the Record Delimiter set to New Line, and hit Next
Add the Linux path to the files on the server. Then hit Next
- Application.log:
/opt/sftpgw/log/application-*.log
- Sftp-audit.log:
/opt/sftpgw/log/sftp-audit-*.log
- Application.log:
On the Details page, add a name and description to the custom log. Then hit Next
Note: This is how the log file will be stored in the Log Analytics Workspace, and how you will query this log for information.
Review the custom log information. Then hit Create
Once you have created the first custom log go back and repeat these steps for the other SFTP Gateway log file. Upon creation of the custom logs, it may take up to 1 hour for the initial collection of the log data from the server. After that the log data should be collected approximately every 5 minutes. For more detailed information, please refer to the Azure Custom Log documentation.
Query Log Data
To view the logs, you will need to query the data from the Log Analytics Workspace database:
Go to the Logs section of the Workspace
Note: This will open a list of default query templates, you can close this by hitting the X in the upper right corner
To view the raw log data, in the query field enter the following query, then hit Run
<log_file_name> | project RawData
This will display the data as you would see it in the log file on the server.