Azure Frontdoor integration

Elastic Stack Elastic Agent
1

Hello everyone,

I need to receive logs “Azure Frontdoor” I see that there is an integration that allows to do this but I have no idea what are the values of the fields that are required as I am not the Azure administrator.

Clearly I should make the request to the Azure administrator but I would like to be very specific with what I am going to request and if possible, I would appreciate if you could help me to understand and where to find the values needed for each field.

What I have researched I have found the following but I don't know if it is correct

Eventhub: found by logging into the azure resource called “Event Hubs” and in the menu “Entities” -> “Event Hubs”.

Connection string: I think this is clear according to microsoft documentation Get connection string - Azure Event Hubs | Microsoft Learn

Storage Account: In the resource called “Storage Account”.

Storage Account Key: I think it is in the resource “Storage Account” -> Menu “Security and Networks” and “Access keys”.

image
image864×1050 62.1 KB

2

You need to create the resources.

Basically you need to configure Azure Frontdoor to send the logs to an Event Hub, this documentation explains how: Configure Azure Front Door logs | Microsoft Learn

Your Azure admin will need to create the Event Hub and the Storage Account, then you get the names of the created resources and configure the integration.

1 Like
3

@leandrojmp thank you for your valuable help, I will proceed to make the request to the Azure administrator.

One last question: At the end it asks for a policy obviously this is not host focused, so should I associate this integration to the policy for the fleet server?

Note: The architecture is like this
Fleet Server
Elasticsearch Cluster [3 servers].
Kibana Server
Logstas Server

Tnx

4

I would say that is better to have a server to run agents like this.

Or you may install it in a policy for the agent on the Logstash server.

1 Like