Send Devolutions Hub Business logs to Azure Log Analytics

This guide provides instructions for creating and configuring all the components needed to send Devolutions Hub Business logs to Azure Log Analytics.

Create a new app registration

  1. Open the Azure portal and navigate to App Registrations.

  2. Click on New Registration.

  3. Give your app a name and click Register (no Redirect URL is necessary).

  4. Under Supported account types, select Accounts in this organizational directory only.

Retrieve client ID and tenant ID

After registration, locate Client ID and Tenant ID under the Overview section. These will be required later.

Set up a Data Collection Endpoint (DCE)

Create a Data Collection Endpoint (DCE) in Azure to receive requests from Devolutions Hub Business. In Devolutions Hub Business, this corresponds to the Azure Endpoint field.

Create an Azure log analytics table

Follow Microsoft's tutorial to create a Log Analytics table in Azure for sample data. Here is the required sample data sent by Devolutions Hub Business.

The TimeGenerated column in Azure Log Analytics is essential because it's the primary timestamp that determines when a log record was ingested into the system.

Transformation editor : source | extend TimeGenerated = now() will create a column TimeGenerated and log the time of the sync.

It is recommended to wait about 40 minutes after configuring Azure to allow all settings to fully synchronize. The synchronization frequency can be adjusted as needed.

Assign permissions to the Data Collection Rule (DCR)

Assign the required permissions to the DCR: Monitoring Metrics Publisher.

  1. Access DCR.

  2. Access control (IAM).

  3. Add Role assignment.

  4. Select Monitoring Metrics Publisher.

  5. Click Next.

  6. In the Members section, select the app registration that was previously created.

Devolutions Hub Business configuration

  1. Open the Devolutions Hub Business web interface.

  2. Go to Administration - Logging.

  3. Enter the Azure credentials.

Install Devolutions Hub Services

The Devolutions Hub Services installer facilitates the installation and configuration of different features such as the Privileged Access Management module, the Encryption Service (SSO-enabled feature) and the Hub Reporting service. The installed service will establish communication between your Devolutions Hub Business and your internal resources.

Note that the log synchronization between your Devolutions Hub Business and Microsoft Azure requires the Devolutions Hub Services to be installed and active.

Create an Application identity

  1. Open Devolutions Hub Business.

  2. Click AdministrationApplication Identities.

    Administration – Application Identities
    Administration – Application Identities
  3. Select Add Application identity (+).

    Add Application Identity (+)
    Add Application Identity (+)
  4. Enter a name and click Add.

  5. Save the given Application Secret and Application key to your clipboard or as a PDF file. It will be needed during Devolutions Hub Services' installation.

    Save the given Application Secret and Application key
    Save the given Application Secret and Application key

Edit permissions for the Application identities

  1. Go to Devolutions Hub Business.

  2. Click AdministrationSystem permissions. Administration – System permissions

  3. Go to the edit form. Edit form

  4. Select System.

  5. Select your Application User in the drop-down menu under Manage privileged access tasks, Manage privileged access providers and View administration logs and user activity.

You need to grant permission on the vault either at System level or Individual PAM vault level.

For all system vaults

  1. In Devolutions Hub Business, go to AdministrationConfiguration & SecuritySystem permissions.

  2. Go to the edit form.

  3. Select Vault.

  4. Choose your Application user in the drop-down menu under the Contributor section.

  5. Click Update to close the window.

For a specific PAM vault

  1. In Devolutions Hub Business, go to AdministrationManagementVault.

  2. Click Add.

  3. Select PAM Vault in the menu to create your PAM Vault.

  4. Go to the Security menu.

  5. Select the Edit tab.

  6. Choose your Application user in the drop-down menu under the Contributor section.

  7. Click Add to close the window.

Installation of Devolutions Hub Services

  1. Download Devolutions Hub Services.

  2. Launch the installer that you downloaded.

    setup
    setup
  3. Click Next.

  4. Read the End-User License Agreement and click I accept the terms in the License Agreement.

  5. Click Next.

  6. Select PAM in the Custom Setup. Note that the Encryption feature is currently unavailable.

  7. Click Next.

  8. Enter your Host URL.

  9. Enter the Application Secret and Application key previously saved.

  10. Click Finish to complete the installation.

  11. Click Test Connection.

  12. If your connection is successful, press Next.

    Connection successful
    Connection successful

Check Devolutions Hub Services logs

Devolutions Hub Services logs are available here: C:\ProgramData\Devolutions\Hub\Reporting Service\Logs.

Devolutions Forum logo Give us Feedback