Getting Azure logs into your SIEM

When running different resources in Microsoft Azure, these resources together with Azure Resource Manager creates logfiles of different events. A resource could be a virtual machine, SQL database or storage account for example. These resources are provided by the resource manager which also creates events based on actions on these resources. An event could be write, delete or update for example.

The Azure Resource Manager

This video explains how the Azure Resource Group model works:

A short explanation of the resource provider can be found at and if you’re running workloads in classic mode you can find an explanation of the differences at

Enabling logging to storage account

To get the logfiles to your SIEM system you’ll need to enable logging to either a storage account or an event hub. A storage account is easier to manage and will let you use the Azure Log integrator. If you look at your resources, in the pictures I have a virtual machine and a web app, you can enable logging to a storage account.

Enabling diagnostics logging from a virtual machine to a storage account. Note the various levels of logging you can select.
Logging to a storage account from a web app.

Your workloads will start saving their logfiles to your storage account when you’ve saved the settings.

Getting the logs from Azure to your SIEM

That was the easy part. Now getting the logs from Azure storage to your SIEM requires some wizardry. Thank god for the Azure Log Integrator then, to the rescue!

Tom Shinder did a great job writing a guide getting started over at If you don’t like that one there another one:

Once you’ve configured your integration VM you’ll need to configure your SIEM. There’s a guide available for various systems available at


Running WordPress in Azure Webapp with Mysql

In August Microsoft launced the preview of Mysql in-app for Azure webapps. This means that you can enable Mysql in your webapp and you’ll get immediate access to a Mysql database within your application. Running WordPress, Joomla or any other PHP/Mysql-based CMS have never been easier. Please note that this is at the moment not for production workloads due to the single-instance database. Read the article for more information at

So how do you get it up and running?

Create a new webapp.


Name your webapp and if you don’t have one, create an App Service Plan.


Once deployment is finished we need to edit some settings.

Switch to PHP 5.7, and turn off ARR. Click Save.


The magic of turning on MySql is up next. Click “on” and if you’re just testing, don’t touch the logging settings. Click “Save”.


Now you’ll need to head over to and download the package. Save it on your computer and unzip the files. You’ll also need an FTP client. Assuming you’re running Windows you can grab Filezilla for free.

Edit your deployment credentials if you don’t know then.


Check the portal for your FTP hostname and enter the corresponding values in your FTP client.


When the upload is done you can use the brand new editor to change wp-config-sample.php.



You need to delete some code and paste in the following code:

$connectstr_dbhost = '';
 $connectstr_dbname = '';
 $connectstr_dbusername = '';
 $connectstr_dbpassword = '';

foreach ($_SERVER as $key => $value) {
 if (strpos($key, "MYSQLCONNSTR_localdb") !== 0) {
 }$connectstr_dbhost = preg_replace("/^.*Data Source=(.+?);.*$/", "\\1", $value);
 $connectstr_dbname = preg_replace("/^.*Database=(.+?);.*$/", "\\1", $value);
 $connectstr_dbusername = preg_replace("/^.*User Id=(.+?);.*$/", "\\1", $value);
 $connectstr_dbpassword = preg_replace("/^.*Password=(.+?)$/", "\\1", $value);

// ** MySQL settings - You can get this info from your web host ** //
 /** The name of the database for WordPress */
 define('DB_NAME', $connectstr_dbname);

/** MySQL database username */
 define('DB_USER', $connectstr_dbusername);

/** MySQL database password */
 define('DB_PASSWORD', $connectstr_dbpassword);

/** MySQL hostname : this contains the port number in this format host:port . Port is not 3306 when using this feature*/
 define('DB_HOST', $connectstr_dbhost);
Paste the code and save
Rename the file wp-config-sample.php to wp-config.php. This can be done in your FTP client.
Once done you can click your URL in the portal.
If you’ve done everything right so far you’ll see the WordPress installation guide.
Select your language.
Enter a username / password.
Once it’s done you can visit your site and you’re all done. Now you can apply a custom theme and fill your site with content.
Does it work? Well, this site runs in the exact same manner as the guide. So far, so good 🙂