Setup Diagnostic Logs Export
This article explains how to configure Azure resources to enable diagnostic logs export in Syskit Point.
Syskit Point allows you to export diagnostics logs saved in Application Insights. They contain data that helps the Syskit Point support team resolve issues you might be facing when using Syskit Point.
Please note! If you are a new customer and deployed Syskit Point version 2022.2.2 or later, all requirements for diagnostic logs export are set up for you automatically. Use the steps described in this article if you are an existing customer upgrading from a previous version to set up diagnostic logs export in Syskit Point manually.
You will need to set up the following in the Syskit Point Azure resource group:
Enable user access to key vault
Create a new key vault secret
Remove user access from the key vault
Assign a role to the user-assigned managed identity
Please note! To perform changes described in this article, you need to have the owner role assigned on the Syskit Point resource group.
Enable User Access to Key Vault
Before you can create a new key vault secret, enable access to the key vault:
Open Azure portal and open resource group where Syskit Point is deployed
On the resource group Overview screen, find and click the Key Vault resource
Click Access policies (1) in the Settings section
Click Add Access Policy (2); the Add access policy screen opens
On the next screen:
Select the Secret Management option (1) in the Configure from the template drop-down
Click the None selected link (2) under Select principal
Find and click the currently signed-in user (3); the user is shown in the Selected items section (4)
Click Select (5)
Click Add (6) on the Add access policy screen; the initial Access Policy screen opens
Click Save on the Access policies screen to save your changes
Next, allow your IP adress to access the key vault. On the key vault resource:
Navigate to Settings > Networking (1)
Enter your IP address (2)
Click Save
Create a New Key Vault Secret
First, find the Application Insights app ID:
Open the Application Insights resource in Syskit Point resource group
Click API Access (1) under the Configure section
Copy and save aside the Application ID (2); you will need this value when creating the new key vault secret
Next, create a new key vault secret:
Open the Key vault resource
Click Secrets (1) under the Settings section
Click Generate/Import (2); Create a secret screen opens
On the Crate a secret screen:
Under Name (1), enter the following string:
AppInsightsAppId
Under Value(2) paste the Application ID that you saved earlier
Click Create (3)
Once the new key vault secret is created, you can remove the previously added access policy and IP address rule to secure the key vault resource.
Remove User Access from Key Vault
First, delete the Access Policy:
Open the Key vault resource
Click Access policies (1) under the Settings section
Find your user and click Delete (2)
Click Save (3)
Next, remove access for your IP address:
Open the Key vault resource
Click Networking (2) under the Settings section
Find your IP address and click the delete icon (3)
Click Save
Assign a Role to the User-Assigned Managed Identity
Last thing left to do is assign
Navigate to Syskit Point resource group
Click Access control (IAM) (1) in the left menu
Add > Add role assignment (2); Add role assingment screen opens
On the Add role assignment screen:
Find and select the Log Analytics Reader role (1)
Click Next (2); Members tab opens
Select Managed identity (3) under Assign access to
Click Select members (4)
Select User-assigned managed identity (5) under Managed identity
Find and click Syskit Point user-assigned managed identitiy (6)
Click select (7)
Click Review + assign (8) to navigate to the next tab
Click Review + assign again to run the role assignment action
Next steps
After the setup is complete, diagnostic logs export in Syskit Point should be enabled. To check if the export is working, use the following article explaining how to export diagnostic logs in Syskit Point.
Last updated