Log Configuration
Applicable to SCEPman Certificate Master version 2.4 and above
Newer SCEPman installations (version 2.4 and later) automatically create a Log Analytics Workspace during deployment and log into Azure Monitor. If you have an older installation, you can follow the steps below to enable this logging feature.
The default retention period for data stored in a Log Analytics Table is 30 days. In case a different retention period is required, adjust the configuration of the Table "SCEPman_CL" accordingly.
- 1.Create a Log Analytics workspace (Microsoft Guide Create a Log Analytics workspace). You can also use an existing one.
- 2.Add the settings AppConfig:LoggingConfig:WorkspaceId and AppConfig:LoggingConfig:SharedKey described in the section on Logging settings. Do this for each of your SCEPman instances (these are more than one for geo-redundancy or if you have multiple deployment slots) and your Certificate Master App Service.
SCEPman_CL
| where Level == "Warn" or Level == "Error" or Level == "Fatal"
SCEPman_CL
| where LogCategory_s == "Scepman.Core.CertificationAuthority.KeyVaultCA" and Level == "Info"
| project Message, RequestBase = trim_end('/', replace_string(replace_regex(RequestUrl_s, "(/pkiclient\\.exe)?(\\?operation=PKIOperation(&message=.+)?)?", ""),"certsrv/mscep/mscep.dll","intune"))
| summarize IssuanceCount = count() by Endpoint = extract("/([a-zA-Z]+)$", 1, RequestBase)