Azure Automated Log Forwarding Setup

Overview

Use this guide to automate your Azure log forwarding setup with an Azure Resource Manager (ARM) template.

The ARM template deploys resources from a series of Azure services (storage accounts and function apps) into your subscriptions, which collect and forward logs to Datadog. These services automatically scale up or down to match log volume. Scaling is managed by a control plane, which is a set of function apps deployed to a subscription and region of your choice. Storage accounts and function apps are deployed in each of the subscriptions forwarding logs to Datadog.

All sites: Automated log forwarding is available to use on all Datadog sites.

Setup

Begin by opening the Automated Log Forwarding ARM template. The sections below provide instructions for completing each page of the template.

Basics

  1. Under Project details, select the management group. This is needed for the ARM template to grant permissions to the subscriptions you select for automated log forwarding.
  2. Under Instance details, select values for:
    • Region. This is where the control plane is deployed.
    • Subscriptions to Forward Logs. These are the subscriptions to be configured for log forwarding.
    • Control Plane Subscription. This is the subscription that the control plane is deployed to.
    • Resource Group Name. This is the resource group to be used by the control plane. It is recommended to choose a new, unused resource group name to simplify management of control plane services.
The Basics page of the ARM template for Azure automated log forwarding
  1. Click Next.

Datadog Configuration

  1. Enter your Datadog API key value.
  2. Select your Datadog Site.
The Datadog Configuration page of the ARM template for Azure automated log forwarding
  1. Click Next.

Deployment

  1. Click the checkbox to acknowledge the deployment warnings.
  2. Click Review + create.

Review + create

  1. Review the finalized deployment details.
  2. Click Create.

Uninstall

Begin by opening an Azure Cloud Shell, and ensure it is running in Azure CLI/Bash, not PowerShell.

Download and run the uninstall script:

wget https://ddazurelfo.blob.core.windows.net/uninstall/uninstall.py
python uninstall.py

The script first discovers any instances running in each subscription, then prompts you to select the instance(s) to uninstall. Confirm the resource deletions, and wait for the resources to be deleted.

Further reading

Additional helpful documentation, links, and articles:

Best practices for monitoring Microsoft Azure platform logsBLOG more more
PREVIEWING: altan/hidelfobeta