Use Splunk to Collect Logs from Office 365 and Azure AD

Microsoft has a lot of options to view Azure log data in one form or another. There is the Security Center, Azure Sentinel, Log Analytics, and Insights.  This is fine for an Azure centric organization, but many organizations already have log collection systems in place such as Splunk, and using multiple logging platforms is not efficient.  This article walks through sending Azure AD and Office 365 logs to Splunk.

Continue reading “Use Splunk to Collect Logs from Office 365 and Azure AD”

Writing to the Windows Event Log with PowerShell

Odds are,  you were Googling something like ‘write event log PowerShell’ and you stumbled on this page.  If that’s the case and you just want to write an event to the Event Log to test something like a monitoring or alerting app, I won’t disappoint, below is what you need to know.  If you want a little more information on writing to the Event Log as part of a script, keep going.

Write-eventlog requires 4 parameters, EventID, LogName, Message and Source.  It’s the -Source part that trip people up.  If you don’t know what the source is, simply make one up.  Create the new source with the New-Eventlog command like this:

New-EventLog -LogName <Log you are writing to> -Source ‘Make one up’

For example, Adding the source HAL to the application log looks like this:

New-EventLog -LogName Application -Source ‘HAL’

Continue reading “Writing to the Windows Event Log with PowerShell”