Skip to content

Commit 86e8ff4

Browse files
SnehaSudhirGSnehaSudhirG
committed
added about creation of dcr
1 parent 2a0ff2c commit 86e8ff4

File tree

4 files changed

+367
-3
lines changed

4 files changed

+367
-3
lines changed

articles/automation/change-tracking/change-tracking-data-collection-rule-creation.md

Lines changed: 347 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,347 @@
1+
---
2+
title: Script Sample - Create a data collection rule in Change Tracking.
3+
description: Learn about how to create a data collection rule
4+
ms.topic: sample
5+
ms.date: 02/06/2023
6+
author: SnehaSudhirG
7+
ms.author: sudhirsneha
8+
---
9+
10+
11+
# JSON script to create a data collection rule
12+
13+
This script helps you to create a data collection rule in Change tracking and inventory.
14+
15+
## Sample script
16+
17+
```json
18+
{
19+
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
20+
"contentVersion": "1.0.0.0",
21+
"parameters": {
22+
"dataCollectionRuleName": {
23+
"type": "string",
24+
"metadata": {
25+
"description": "Specifies the name of the data collection rule to create."
26+
},
27+
"defaultValue": "Microsoft-CT-DCR"
28+
},
29+
"workspaceResourceId": {
30+
"type": "string",
31+
"metadata": {
32+
"description": "Specifies the Azure resource ID of the Log Analytics workspace to use to store change tracking data."
33+
}
34+
}
35+
},
36+
"resources": [
37+
{
38+
"type": "microsoft.resources/deployments",
39+
"name": "get-workspace-region",
40+
"apiVersion": "2020-08-01",
41+
"properties": {
42+
"mode": "Incremental",
43+
"template": {
44+
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
45+
"contentVersion": "1.0.0.0",
46+
"resources": [],
47+
"outputs": {
48+
"workspaceLocation": {
49+
"type": "string",
50+
"value": "[reference(parameters('workspaceResourceId'), '2020-08-01', 'Full').location]"
51+
}
52+
}
53+
}
54+
}
55+
},
56+
{
57+
"type": "microsoft.resources/deployments",
58+
"name": "CtDcr-Deployment",
59+
"apiVersion": "2020-08-01",
60+
"properties": {
61+
"mode": "Incremental",
62+
"parameters": {
63+
"workspaceRegion": {
64+
"value": "[reference('get-workspace-region').outputs.workspaceLocation.value]"
65+
}
66+
},
67+
"template": {
68+
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
69+
"contentVersion": "1.0.0.0",
70+
"parameters": {
71+
"workspaceRegion": {
72+
"type": "string"
73+
}
74+
},
75+
"resources": [
76+
{
77+
"type": "Microsoft.Insights/dataCollectionRules",
78+
"apiVersion": "2021-04-01",
79+
"name": "[parameters('dataCollectionRuleName')]",
80+
"location": "[[parameters('workspaceRegion')]",
81+
"properties": {
82+
"description": "Data collection rule for CT.",
83+
"dataSources": {
84+
"extensions": [
85+
{
86+
"streams": [
87+
"Microsoft-ConfigurationChange"
88+
],
89+
"extensionName": "ChangeTracking-Windows",
90+
"extensionSettings": {
91+
"enableFiles": true,
92+
"enableSoftware": true,
93+
"enableRegistry": true,
94+
"enableServices": false,
95+
"enableInventory": true,
96+
"registrySettings": {
97+
"registryCollectionFrequency": 3000,
98+
"registryInfo": [
99+
{
100+
"name": "Registry_1",
101+
"groupTag": "Recommended",
102+
"enabled": false,
103+
"recurse": true,
104+
"description": "",
105+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Startup",
106+
"valueName": ""
107+
},
108+
{
109+
"name": "Registry_2",
110+
"groupTag": "Recommended",
111+
"enabled": false,
112+
"recurse": true,
113+
"description": "",
114+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Shutdown",
115+
"valueName": ""
116+
},
117+
{
118+
"name": "Registry_3",
119+
"groupTag": "Recommended",
120+
"enabled": false,
121+
"recurse": true,
122+
"description": "",
123+
"keyName": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
124+
"valueName": ""
125+
},
126+
{
127+
"name": "Registry_4",
128+
"groupTag": "Recommended",
129+
"enabled": false,
130+
"recurse": true,
131+
"description": "",
132+
"keyName": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components",
133+
"valueName": ""
134+
},
135+
{
136+
"name": "Registry_5",
137+
"groupTag": "Recommended",
138+
"enabled": false,
139+
"recurse": true,
140+
"description": "",
141+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\ContextMenuHandlers",
142+
"valueName": ""
143+
},
144+
{
145+
"name": "Registry_6",
146+
"groupTag": "Recommended",
147+
"enabled": false,
148+
"recurse": true,
149+
"description": "",
150+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Background\\ShellEx\\ContextMenuHandlers",
151+
"valueName": ""
152+
},
153+
{
154+
"name": "Registry_7",
155+
"groupTag": "Recommended",
156+
"enabled": false,
157+
"recurse": true,
158+
"description": "",
159+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Shellex\\CopyHookHandlers",
160+
"valueName": ""
161+
},
162+
{
163+
"name": "Registry_8",
164+
"groupTag": "Recommended",
165+
"enabled": false,
166+
"recurse": true,
167+
"description": "",
168+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
169+
"valueName": ""
170+
},
171+
{
172+
"name": "Registry_9",
173+
"groupTag": "Recommended",
174+
"enabled": false,
175+
"recurse": true,
176+
"description": "",
177+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
178+
"valueName": ""
179+
},
180+
{
181+
"name": "Registry_10",
182+
"groupTag": "Recommended",
183+
"enabled": false,
184+
"recurse": true,
185+
"description": "",
186+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
187+
"valueName": ""
188+
},
189+
{
190+
"name": "Registry_11",
191+
"groupTag": "Recommended",
192+
"enabled": false,
193+
"recurse": true,
194+
"description": "",
195+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
196+
"valueName": ""
197+
},
198+
{
199+
"name": "Registry_12",
200+
"groupTag": "Recommended",
201+
"enabled": false,
202+
"recurse": true,
203+
"description": "",
204+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Extensions",
205+
"valueName": ""
206+
},
207+
{
208+
"name": "Registry_13",
209+
"groupTag": "Recommended",
210+
"enabled": false,
211+
"recurse": true,
212+
"description": "",
213+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\Extensions",
214+
"valueName": ""
215+
},
216+
{
217+
"name": "Registry_14",
218+
"groupTag": "Recommended",
219+
"enabled": false,
220+
"recurse": true,
221+
"description": "",
222+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32",
223+
"valueName": ""
224+
},
225+
{
226+
"name": "Registry_15",
227+
"groupTag": "Recommended",
228+
"enabled": false,
229+
"recurse": true,
230+
"description": "",
231+
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32",
232+
"valueName": ""
233+
},
234+
{
235+
"name": "Registry_16",
236+
"groupTag": "Recommended",
237+
"enabled": false,
238+
"recurse": true,
239+
"description": "",
240+
"keyName": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\KnownDlls",
241+
"valueName": ""
242+
},
243+
{
244+
"name": "Registry_17",
245+
"groupTag": "Recommended",
246+
"enabled": false,
247+
"recurse": true,
248+
"description": "",
249+
"keyName": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
250+
"valueName": ""
251+
}
252+
]
253+
},
254+
"fileSettings": {
255+
"fileCollectionFrequency": 2700
256+
},
257+
"softwareSettings": {
258+
"softwareCollectionFrequency": 1800
259+
},
260+
"inventorySettings": {
261+
"inventoryCollectionFrequency": 36000
262+
},
263+
"servicesSettings": {
264+
"serviceCollectionFrequency": 1800
265+
}
266+
},
267+
"name": "CTDataSource-Windows"
268+
},
269+
{
270+
"streams": [
271+
"Microsoft-ConfigurationChange"
272+
],
273+
"extensionName": "ChangeTracking-Linux",
274+
"extensionSettings": {
275+
"enableFiles": true,
276+
"enableSoftware": true,
277+
"enableRegistry": false,
278+
"enableServices": false,
279+
"enableInventory": true,
280+
"fileSettings": {
281+
"fileCollectionFrequency": 900,
282+
"fileInfo": [
283+
{
284+
"name": "ChangeTrackingLinuxPath_default",
285+
"enabled": true,
286+
"destinationPath": "/etc/*.conf",
287+
"useSudo": true,
288+
"recurse": true,
289+
"maxContentsReturnable": 5000000,
290+
"pathType": "File",
291+
"type": "File",
292+
"links": "Follow",
293+
"maxOutputSize": 500000,
294+
"groupTag": "Recommended"
295+
}
296+
]
297+
},
298+
"softwareSettings": {
299+
"softwareCollectionFrequency": 300
300+
},
301+
"inventorySettings": {
302+
"inventoryCollectionFrequency": 36000
303+
},
304+
"servicesSettings": {
305+
"serviceCollectionFrequency": 1800
306+
}
307+
},
308+
"name": "CTDataSource-Linux"
309+
}
310+
]
311+
},
312+
"destinations": {
313+
"logAnalytics": [
314+
{
315+
"workspaceResourceId": "[parameters('workspaceResourceId')]",
316+
"name": "Microsoft-CT-Dest"
317+
}
318+
]
319+
},
320+
"dataFlows": [
321+
{
322+
"streams": [
323+
"Microsoft-ConfigurationChange"
324+
],
325+
"destinations": [
326+
"Microsoft-CT-Dest"
327+
]
328+
}
329+
]
330+
}
331+
}
332+
]
333+
}
334+
}
335+
}
336+
]
337+
}
338+
```
339+
340+
## Execute the script
341+
342+
Save the above script on your machine with a name as *CtDcrCreation.json*. For more information, see [Enable Change Tracking and Inventory using Azure Monitoring Agent (Preview)](enable-vms-monitoring-agent.md#enable-change-tracking-at-scale-using-azure-monitoring-agent).
343+
344+
## Next steps
345+
346+
[Learn more](manage-change-tracking-monitoring-agent.md) on Manage change tracking and inventory using Azure Monitoring Agent (Preview).
347+

articles/automation/change-tracking/enable-vms-monitoring-agent.md

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: Enable Azure Automation Change Tracking for single machine and multiple m
33
description: This article tells how to enable the Change Tracking feature for single machine and multiple machines at scale from the Azure portal.
44
services: automation
55
ms.subservice: change-inventory-management
6-
ms.date: 12/14/2022
6+
ms.date: 02/06/2023
77
ms.topic: conceptual
88
---
99

@@ -93,10 +93,27 @@ Using the Deploy if not exist (DINE) policy, you can enable Change tracking with
9393
1. In the **Enable ChangeTracking and Inventory for virtual machines** page, enter the following options:
9494
1. In **Basics**, you can define the scope. Select the three dots to configure a scope. In the **Scope** page, provide the **Subscription** and **Resource group**.
9595
1. In **Parameters**, select the option in the **Bring your own user assigned managed identity**.
96-
1. Provide the **Data Collection Rule Resource id**.
96+
1. Provide the **Data Collection Rule Resource id**. Learn more on [how to create data collection rule](#create-data-collection-rule).
9797
1. Select **Review + create**.
9898

99-
99+
100+
### Create Data Collection Rule
101+
1. Download [CtDcrCreation.json](change-tracking-data-collection-rule-creation.md) script on your machine.
102+
1. Go to Azure portal and in the search, enter *Deploy a custom template*.
103+
1. In the **Custom deployment** page > **select a template**, select **Build your own template in the editor**.
104+
:::image type="content" source="media/enable-vms-monitoring-agent/build-template.png" alt-text="Screenshot to get started with building a template.":::
105+
1. In the **Edit template**, select **Load file** to upload the *CtDcrCreation.json* file.
106+
1. Select **Save**.
107+
1. In the **Custom deployment** > **Basics** tab, provide **Subscription** and **Resource group** where you want to deploy DCR. The **Data Collection Rule Name** is optional.
108+
:::image type="content" source="media/enable-vms-monitoring-agent/build-template-basics.png" alt-text="Screenshot to provide subscription and resource group details to deploy data collection rule.":::
109+
110+
>[!NOTE]
111+
>- Ensure that the name of your DCR is unique in that resource group, else the deployment will overwrite the existing DCR.
112+
>- The Log Analytics Workspace Resource Id specifies the Azure resource ID of the Log Analytics workspace used to store change tracking data. Ensure that location of workspace is from the [Change tracking supported regions](../how-to/region-mappings.md)
113+
114+
1. Select **Review+create** > **Create** to initiate the deployment of *CtDcrCreation*.
115+
1. After the deployment is complete, select **CtDcr-Deployment** to see the DCR Name. Use the **Resource ID** of the newly created DCR for Change tracking and inventory deployment through policy.
116+
100117
## Next steps
101118

102119
- For details of working with the feature, see [Manage Change Tracking](../change-tracking/manage-change-tracking-monitoring-agent.md).

articles/automation/change-tracking/media/enable-vms-monitoring-agent/build-template-basics.png

116 KB
Loading

articles/automation/change-tracking/media/enable-vms-monitoring-agent/build-template.png

108 KB
Loading

0 commit comments

Comments
 (0)