SFTP Gateway Support

3.0

Diagnostic Screen - Azure Log Streaming

Overview

Azure Log Analytics lets you to collect and query log information in Azure. This article walks you through using Azure Log Analytics Workspace to collect and consolidate the SFTP Gateway logs into one location.

Note: This feature applies to SFTP Gateway version 3.4.0 and later.

Create an Azure Log Analytics Workspace

An Azure Log Analytics Workspace is an Azure service for consolidating log information.

To create an Azure Log Analytics Workspace:

  1. Go to the Azure Log Analytics Workspace service

  2. Click Create

  3. Choose your subscription, region, and resource group

    Note: you can deploy this into its own resource group, or to the same resource group in which SFTP Gateway is deployed. Create Log Analytics Workspace

  4. Give the log workspace a descriptive name

  5. Click Review + Create Workspace Review and Create

  6. Click Create

Connect your VM to the Workspace

In this section, you will wire your SFTP Gateway VM to the Log Analytics Workspace.

In the Log Analytics Workspace, go to Workspace Data Sources

Go to Virtual Machines.

Select your SFTP Gateway VM.

Click Connect

This connects SFTP Gateway to your Log Analytics Workspace.

connect

Configure Log Collection

A Custom Log pulls log files from the VM, based on file naming convention and path. Log content is then parsed and stored in the Log Analytics Workspace.

In this section, you will create Custom Logs for both the SFTP Gateway application and audit logs.

  1. In the Log Analytics Workspace, under Settings, go to Custom Logs

    Custom Logs

  2. Click Add custom log

    Add Custom Log This will bring you to a page that will ask you to upload an Example log. Log Analytics will parse the uploaded file to determine the log format. Sftp Gateway has two types of log files, which you can download below:

  3. Upload the application log file, and hit Next (later, you'll repeat this process for the audit log file)

  4. Keep the Record Delimiter set to New Line, and click Next.

    Record Delimiter

  5. Add the Linux path to the files on the server (see below for corresponding paths). Then click Next.

    • Application log: /opt/sftpgw/log/application-*.log
    • Audit log: /opt/sftpgw/log/sftp-audit-*.log

    Collection Path

  6. On the Details page, add a name and description to the custom log. Then click Next.

    Note: This name will be displayed in the Log Analytics Workspace, and used in log queries. Log Details

  7. Review the custom log information. Then click Create.

Once you have created the first custom log, go back and repeat these steps for the audit SFTP Gateway log.

Note: It may take up to 1 hour for the initial collection of the log data from the server. After that, the log data should be collected approximately every 5 minutes. For more detailed information, please refer to the Azure Custom Log documentation.

Query Log Data

To view the logs, you will need to query the data from the Log Analytics Workspace database:

  1. Go to the Logs section of the Workspace

    Logs Section

    Note: This will open a list of default query templates, which you can close by hitting the X in the upper right corner Query Templates

  2. To view the raw log data, in the query field enter the following query, then hit Run

    <log_file_name>
| project RawData

    This will display the data as you would see it in the log file on the server.

Query Results