Are you in control? – or are some of your core infrastructure processes like patching, antivirus, bitlocker enablement drifting? Or would you like to do advanced inventory, where you can lookup your warranty state against Lenovo or Dell warranty, then keep reading.
Check out ClientInspector (github), which can help you get great insight to your complete client environment.
ClientInspector is free to the community – built to be a cool showcase of how you can bring back data from your clients using Azure Log Ingestion Pipeline, Azure Data Collection Rules, Azure LogAnalytics; view them with Azure Monitor & Azure Dashboards – and get “drift-alerts” using Microsoft Sentinel.
The little “helper” that makes the magic is my new Powershell module, AzLogDcrIngestPS (github). I have also written a blog-post about this module
You can get the whole infrastructure for ClientInspector up and running within 10 min using the DeploymentKit for ClientInspector (github).
Quick Links
What data is being collected ?
Desired State Dashboards – How to get insight of my environment from the data ?
How do I query the data? – Kusto (KQL) is the answer
Architecture, Schema & Networking
Implementation
Dependencies
Running ClientInspector.ps1 – 3 modes
Sample output of ClientInspector
Security
Layout of ClientInspector data-set
Verbose-mode & More help
Cost – How much does it cost to store these data ?
Contact
Videos of solution
Video 3m 19s – Running ClientInspector using commandline (normal mode)
Video 1m 40s – Automatic creation of 2 tables & DCRs (verbose mode)
Video 1m 37s – Automatic creation of 2 tables & DCRs (normal mode)
Video 1m 34s – See schema of DCR and table)
Video 2m 19s – Data manipulation
Video 1m 58s – Kusto queries against data
Video 3m 01s – Dashboards
Video 0m 48s – Sample usage of data – lookup against Lenovo warranty db
Video 7m 25s – Deployment via ClientInspector DeploymentKit
Archicture & flow of ClientInspector
ClientInspector (v2) is uploading the collected data into custom logs in Azure LogAnalytics workspace – using Log ingestion API, Azure Data Collection Rules (DCR) and Azure Data Collection Endpoints (DCE).
Sample Dashboards
Disclaimer
It is important for me to state that I’m not trying to build a separate management tool, which will compete with Microsoft security and management stack.
Nothing beats Microsoft Azure/M365 management and security stack. They are rock star solutions.
But I’m really passioned about the logging capabilities and the power to bring data back from clients, servers, cloud and 3rd party systems – and getting cool valueable information out of the data.
I have a similar solution for servers – ServerInspector. Unfortunately, it is not public.
Happy hunting 😄
Big thanks – you are rock stars 🙂
Lastly, I would like to give big credits to a few people, who I have worked together with on building AzLogDcrIngestPS Powershell module and my daily work with the Azure log & viewing capabilities:
| Name | Role |
|---|---|
| Ivan Varnitski | Program Manager – Azure Pipeline |
| Evgeny Ternovsky | Program Manager – Azure Pipeline |
| Nick Kiest | Program Manager – Azure Data Collection Rules |
| Oren Salzberg | Program Manager – Azure LogAnalytics |
| Guy Wild | Technical Writer – Azure LogAnalytics |
| John Gardner | Program Manager – Azure Workbooks |
| Shikha Jain | Program Manager – Azure Workbooks |
| Ingo Bringemeier | Principal Program Manager – Azure Monitor |
| Shayoni Seth | Program Manager – Azure Monitor Agent |
| Jeff Wolford | Program Manager – Azure Monitor Agent |
| Xema Pathak | Program Manager – Azure VMInsight (integration to Azure Monitor Agent) |
1 thought on “ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS”