Deploy OMS Monitoring to Azure Virtual Machines
In this post I will show you two ways to deploy Azure Log Analytics (OMS) monitoring to Azure virtual machine, and to some of the services running in those machines.
Monitor Virtual Machine Logs
The first method that I am showing you is possible, but not optimal. You can configure Azure virtual machines to write the logs of some services to a storage account. OMS is capable of gathering the logs listed below that originated from a virtual machine from a storage account:
- Linux Syslog: Logs from a Linux guest OS.
- Windows Event: Classic logs from a Windows guest OS.
- IIS Log: Logs generated by IIS in a Windows guest OS
- Windows ETWEvent: Logging that a developer can enable.
This capability means that instead of trying to troubleshoot applications, such as a website that is load balanced across many machines, on one machine at a time, you have a central repository of log data that you can query or create alerts from.
I will need a storage account to store my log data. You could reuse the storage account that the virtual machines are stored in, but I prefer to create a dedicated storage account in a systems management resource group. I have created a general purpose storage account on standard storage in a resource group called rg-sysmgmt-01. This storage account will store all log data from virtual machines in the same region.
The virtual machines must be configured to write their logs to this storage account. Open the settings of your virtual machines and browse to Diagnostics. Make sure the status is set to On. Click Storage Account and select the storage account that you have created for the purpose of storing diagnostics data. Then select the logs from the guest OS that you want to write to this storage account. The screen shot below shows an example of a Windows Server virtual machine. Save the settings and repeat this process with every other machine that you want to gather logs from.
Click Add and select the storage account that your logs are being written to. Under Data Type, select IIS Logs and click OK. Click Add again, select the storage account again, and select Events under Data Type. OMS is now configured to gather those two types of logs from the diagnostics-enabled virtual machines.
Note that Microsoft recommends using the Log Analytics VM extension for deeper insight into Windows and Linux logs. That’s what we’ll look at next.
Monitor Virtual Machines by Extension
You can monitor Azure virtual machines using the Log Analytics VM extension; this is an agent that is deployed to the virtual machine from your OMS instance or workspace.
To deploy the extension, browse to Virtual Machines in the settings of the Log Analytics (OMS) instance. Here you can see each of the virtual machines that your OMS workspace can monitor. You can filter this list if you have a lot of virtual machines.
Select a virtual machine; this opens a new blade where you can click Connect to enable monitoring for this virtual machine. You don’t need to stay on this blade to wait for the connection process to complete. Repeat this for every virtual machine.
A few minutes later, the virtual machines will switch to a Connected state in your workspace, meaning that the machines are now monitored by OMS.
More in Cloud Computing
Microsoft Dev Box Adds New Features Ahead of its General Availability in July
May 23, 2023 | Laurent Giret
Microsoft Changes Windows Server 2022 Licensing Policies
Apr 26, 2023 | Rabia Noureen
Cloud Computing and the Energy Crisis: Is Building More Data Centers Sustainable?
Mar 17, 2023 | Aidan Finn
Cloud Repatriation: Is It a Risk For Microsoft Azure?
Feb 9, 2023 | Aidan Finn
How to Secure Sensitive Data in Microsoft 365
Feb 8, 2023 | Peter Rising
AWS CTO Takes on ChatGPT Over Cybersecurity
Feb 3, 2023 | Michael Otey
Most popular on petri