{"id":198,"date":"2018-05-30T13:49:56","date_gmt":"2018-05-30T11:49:56","guid":{"rendered":"http:\/\/inzecloud.com\/?p=198"},"modified":"2018-05-30T13:49:56","modified_gmt":"2018-05-30T11:49:56","slug":"azure-log-analytics-oms-definition-et-utilisation-des-groupes-dordinateur","status":"publish","type":"post","link":"https:\/\/inzecloud.com\/index.php\/2018\/05\/30\/azure-log-analytics-oms-definition-et-utilisation-des-groupes-dordinateur\/","title":{"rendered":"Azure Log Analytics (OMS) : D\u00e9finition et utilisation des groupes d&rsquo;ordinateur"},"content":{"rendered":"<p>Les groupes d\u2019ordinateurs (computer groups) permettent dans <strong>Log analytics<\/strong> de d\u00e9finir un scope de recherche bas\u00e9 sur des ordinateurs en particulier (ex tous les DC, ou bien tous les serveurs d&rsquo;une application &#8230;).<\/p>\n<p>Chaque groupe est d\u00e9fini par une requ\u00eate ou bien par l&rsquo;importation de groupe \u00e0 partir de SCCM, Active Directory ou WSUS.<\/p>\n<p>Nous allons voir o\u00f9 et comment d\u00e9finir et utiliser les groupes d&rsquo;ordinateur.<\/p>\n<p>Les groupes sont visibles dans la partie <strong>Settings \/ Computer Groups<\/strong> d&rsquo;OMS.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-201 size-full\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_2-3.png?resize=317%2C271\" alt=\"\" width=\"317\" height=\"271\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_2-3.png?w=317&amp;ssl=1 317w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_2-3.png?resize=300%2C256&amp;ssl=1 300w\" sizes=\"auto, (max-width: 317px) 100vw, 317px\" \/><\/p>\n<p>On retrouve bien ici les diff\u00e9rentes \u00ab\u00a0sources\u00a0\u00bb :<\/p>\n<ul>\n<li>Les <strong>Saved Groups<\/strong> sont en fait des groupes d&rsquo;ordinateurs issues de requ\u00eates.<\/li>\n<li><strong>Active directory<\/strong> permet d&rsquo;importer les groupes d&rsquo;ordinateurs AD dans OMS<\/li>\n<li><strong>WSUS<\/strong> importe les groupes d\u2019ordinateurs interne \u00e0 WSUS<\/li>\n<li><strong>SCCM<\/strong> permet de remonter les collections qui deviennent ici des groupes.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>D\u00e9finir un groupe d&rsquo;ordinateur<\/h2>\n<p>Pour d\u00e9finir un groupe d&rsquo;ordinateurs de mani\u00e8re manuelle, il faut tout d&rsquo;abord d\u00e9finir quels ordinateurs doivent le composer et sur quel(s) \u00e9l\u00e9ment(s) nous allons nous baser pour les reconna\u00eetre.<\/p>\n<p>Par exemple si tous vos contr\u00f4leurs de domaine commence par VSSC-ADDxxxxx, alors nous utiliserons une requ\u00eates qui s\u00e9lectionnera tous les ordinateurs commen\u00e7ants par VSSC-ADD.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-204 size-full\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_3-3.png?resize=470%2C444\" alt=\"\" width=\"470\" height=\"444\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_3-3.png?w=470&amp;ssl=1 470w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_3-3.png?resize=300%2C283&amp;ssl=1 300w\" sizes=\"auto, (max-width: 470px) 100vw, 470px\" \/><\/p>\n<p>Si votre nomenclature de nommage ne permet pas de diff\u00e9rencier vos DC alors nous partirons sur des \u00e9l\u00e9ments propres \u00e0 des contr\u00f4leurs de domaine.<\/p>\n<p>Par exemple les logs Kerberos (4768, 4769, 4770)<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-205 size-full\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_4-4.png?resize=423%2C451\" alt=\"\" width=\"423\" height=\"451\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_4-4.png?w=423&amp;ssl=1 423w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_4-4.png?resize=281%2C300&amp;ssl=1 281w\" sizes=\"auto, (max-width: 423px) 100vw, 423px\" \/><\/p>\n<p>Une fois que votre requ\u00eate renvoie les ordinateurs d\u00e9sir\u00e9s, il suffit de l&rsquo;enregistrer en tant que \u00ab\u00a0Computer Group\u00a0\u00bb<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-208 size-large\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?resize=640%2C308\" alt=\"\" width=\"640\" height=\"308\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?resize=1024%2C492&amp;ssl=1 1024w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?resize=300%2C144&amp;ssl=1 300w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?resize=768%2C369&amp;ssl=1 768w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?w=1904&amp;ssl=1 1904w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_5-2.png?w=1280 1280w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>En cliquant sur le bouton \u00ab\u00a0Save\u00a0\u00bb une fen\u00eatre de dialogue va appara\u00eetre.\u00a0 Il faut maintenant nommer votre requ\u00eate, surtout ne pas oublier de mettre \u00ab\u00a0Computer Group\u00a0\u00bb \u00e0 <strong>YES<\/strong> et ensuite donner un Alias \u00e0 votre requ\u00eate. Cet alias est celui que vous allez utiliser ensuite dans vos requ\u00eates.<\/p>\n<p>&nbsp;<\/p>\n<h2>Utiliser un groupe d&rsquo;ordinateur (Alias)<\/h2>\n<p>Dans notre exemple j&rsquo;ai d\u00e9fini un groupe d&rsquo;ordinateur que j&rsquo;ai nomm\u00e9 \u00ab\u00a0AllMyDC\u00a0\u00bb et qui reprend mes 2 contr\u00f4leurs de domaines.<\/p>\n<p>Si je souhaite r\u00e9aliser des requ\u00eates sp\u00e9cifiquement sur ce groupe alors je vais utiliser par exemple :<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-209 size-full\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_6-3.png?resize=484%2C411\" alt=\"\" width=\"484\" height=\"411\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_6-3.png?w=484&amp;ssl=1 484w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_6-3.png?resize=300%2C255&amp;ssl=1 300w\" sizes=\"auto, (max-width: 484px) 100vw, 484px\" \/><\/p>\n<p>Si je souhaite compter mes DC (pour afficher le nombre dans une tuile par exemple)<\/p>\n<p>Ou bien si je souhaite comptabiliser le nombre d&rsquo;<strong>Event Warning et Error<\/strong> sur mes 2 DC je vais utiliser : <strong>where Computer in (AllMyDC)<\/strong><\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-211 size-full\" src=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_8.png?resize=640%2C483\" alt=\"\" width=\"640\" height=\"483\" srcset=\"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_8.png?w=1144&amp;ssl=1 1144w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_8.png?resize=300%2C227&amp;ssl=1 300w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_8.png?resize=768%2C580&amp;ssl=1 768w, https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_8.png?resize=1024%2C773&amp;ssl=1 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>Cela fonctionne bien-sur pour les groupes qui proviennent de WSUS, SCCM et Azure AD.<\/p>\n<p>Enjoy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les groupes d\u2019ordinateurs (computer groups) permettent dans Log analytics de d\u00e9finir un scope de recherche bas\u00e9 sur des ordinateurs en particulier (ex tous les DC, ou bien tous les serveurs d&rsquo;une application &#8230;). Chaque groupe est d\u00e9fini par une requ\u00eate&#8230;<\/p>\n","protected":false},"author":1,"featured_media":200,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[6,22,31,8,7],"class_list":["post-198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-log-analytics","tag-azure","tag-cloud","tag-computers-group","tag-log-analytics","tag-oms"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/inzecloud.com\/wp-content\/uploads\/2018\/05\/Screenshot_1-5.png?fit=1289%2C646&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9Wlas-3c","_links":{"self":[{"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/posts\/198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/comments?post=198"}],"version-history":[{"count":5,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/posts\/198\/revisions"}],"predecessor-version":[{"id":212,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/posts\/198\/revisions\/212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/media\/200"}],"wp:attachment":[{"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/media?parent=198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/categories?post=198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inzecloud.com\/index.php\/wp-json\/wp\/v2\/tags?post=198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}