我被要求使用 Powershell 查询 Azure WAS 日志以查找被阻止的请求。我找到了https://cloudrobots.net/2021/03/07/download-azure-wav-v2-blocking-logs-w-powershell/但遇到了一些麻烦。
首先,我创建了一个新的服务主体并为其分配了贡献者角色分配。我还创建了一个秘密并授予它“AuditLog.Read.All”API 权限。
现在我正在使用以下代码:
$TenantId = '<tenant id>'
$AzureADCred = Get-Credential -UserName <tenant id> -Message "Enter secret value"
Connect-AzAccount -ServicePrincipal -Credential $AzureADCred -TenantId $TenantId
$WorkspaceID = '<workspace id>'
$UserPrincipalName = 'user@domain.com'
#Create the query for log analytics workspace for last sign in for user which goes back 180 days
$query = 'SigninLogs | Where-Object TimeGenerated > ago(180d) | Where-Object UserPrincipalName == "' + $UserPrincipalName + '" | summarize signInCount = count() by UserPrincipalName | Sort-Object by signInCount desc'
#Create the query for log analytics workspace for top matched rules
$query = 'AzureDiagnostics | where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog" | summarize count() by ruleId_s, bin(TimeGenerated, 1m) | where count_ > 10 | render timechart'
$result = Invoke-AzOperationalInsightsQuery -WorkspaceId $WorkspaceID -Query $query
Disconnect-AzAccount
但我只会回来:
Invoke-AzOperationalInsightsQuery:操作返回无效状态代码“BadRequest”
是什么赋予了?