I am exploring to monitor VPN Tunnel status using Azure Monitor via Azure Monitor metrics Exporter(https://github.com/webdevops/azure-metrics-exporter). Monitoring Stack is Victoria Metrics + Grafana. Currently We are using Diagnostic logs to fetch the S2S Tunnel Status using below query and sending the alerts over mail+webhook to the Dispatcher team.
AzureDiagnostics
| where TimeGenerated > ago(5m)
| where Category == "TunnelDiagnosticLog" and OperationName == "TunnelDisconnected"
| project
TimeGenerated,
Resource,
status_s,
remoteIP_s,
stateChangeReason_s,
OperationName
How can we onboard this alert for S2S Tunnel status on my existing solution to make it automated and more efficient?
While going through the metrics offered by Azure Monitor(https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-setup-alerts-virtual-network-gateway-metric) I couldn't find any metric related to my problem. Any kind of help is much appreciated
How can we onboard this alert for S2S Tunnel status on my existing solution to make it automated and more efficient? I couldn’t find any metric related to my problem. Any kind of help is much appreciated
I created one S2S VPN connection in my Azure Environment
S2S connection connected successfully :-
I enabled the logging for Virtual Network Gateway and created diagnostics settings:-
Sent logs to Log analytics workspace:-
If you cannot find the required metrics or want to create an alert based on the query in the question, You can select Custom logs in the Alert and then provide your query to create an alert based on the query result.
Go to your Log analytics workspace that contains your VPN logs.
Select Log Analytics Workspace > Alerts > Create Alert > Condition > Custom log search > Type your Log query > Create an Alert
You can select Webhook below :-
Provide your Webhook URL and create an Alert.
AFAIK for now, Prometheus integration in azure is still in Preview and only supported for Azure AKS and Kubernetes managed clusters, Refer here
I might recommend investigating which metrics are exported by https://github.com/webdevops/azure-metrics-exporter and check if the right metrics are present in the Azure Monitor managed service, as the documentation may be out of date. If metrics are present - then just configure https://docs.victoriametrics.com/vmalert.html and it should works.
Related
can anyone suggest how to create the logic app for failed connections in azure to send mail automatically, diagnostics setting in logs log analytics enabled, for failed connection need how many failed connections with username and ip address.
AzureDiagnostics
| where event_class_s == "connection_log"
and event_subclass_s == "DISCONNECT"
also need to automate through logic app for slow running queries any suggestions.
need to run from Azure log analytics and send mail through logic app.
Yes , You can enable Log Analytics when you create your logic app or install the Logic Apps Management solution in your Log Analytics workspace for existing logic apps to enable logging for your logic app. This solution gathers data for your logic app runs and offers particular details like status, execution time, resubmission status, and correlation IDs. Then, to enable logging and query creation for this data.
for complete setup please refer this Microsoft Documentation|Set up Azure Monitor logs and collect diagnostics data for Azure Logic Apps
To get the all failure status of logic app you can use the below query as well
AzureMetrics | where Resource contains "MY RESOURCE GROUPNAME" and MetricName contains "RunsFailed" and Total >= 1 and ResourceProvider contains "MICROSOFT.LOGIC"
Source|SO THREAD
I need to monitor an external IP. This is for the Virtual Network Gateway, I cant use AzureDiagnostics because we are using Policy based tunnel.
Anyone with an idéa for monitoring this external IP? And get it in Log analytics for monitoring?
Azure supports metric Microsoft.Network/publicIPAddresses type in Azure Monitor. You could use metrics explorer to analyze collected metrics on a chart and compare metrics from different resources. You can also retrieve metrics by using the Azure monitoring REST API. Moreover, for non-VM resources, you need to configure diagnostic settings to send logs for log analytics.
Trying to set up alerts to inform us when a server is offline using azure log analytics. I have the monitor agent installed on all machines within the business but how would I configure this. Any help would be appreciated
To answer your question, refer this document to learn regarding seting up and configuring alerts using alerts interface in Azure portal. And the query in the alert to track when server is offline can be written by leveraging tables like 'Heartbeat' or 'Perf' with 'Uptime' counter name or 'Event', etc. Hope this helps!
I know that I can go to "Azure Resources" to view the resources that are connected, but it doesn't list everything that I have set to point to the workspace. For instance, CDN endpoints don't have a setting that you can configure in the portal, but you can do it in powershell. They're not listed on the Azure Resources blade in the workspace, either. I have tried using the query
AzureDiagnostics
| where TimeGenerated > ago(1d)
| summarize count() by Category
This only showed three categories. For nsgs and a key vault. I have a lot more resources connected to this workspace.
we can enable CDN diagnostics logging with Azure PowerShell / Portal as well. For detailed instructions, please refer this tutorial.
As mentioned in this tutorial, CDN falls under the list of services that support AzureDiagnostics table logs (with the supported log category of 'CoreAnalytics' which helps to get the CDN endpoint metrics bandwidth, egress, etc.)
AFAIK the reason for not getting CDN related logs under your AzureDiagnostics table would be because the configuration of CDN to send diagnostic logs to Log Analytics was not done properly or else the CDN service hasn't generated any new log for some reason.
I would suggest you to (double check or) enable CDN diagnostics logging with Azure PowerShell / Portal as instructed here and see if it resolves the issue.
Hope this helps!!
It is possible to connect Azure VM to Log Analytics via Microsoft Monitoring Agent virtual machine extension (https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-azure-vm-extension). But the data received in Log Analytics has nothing to say about the subscription or the resource group the VM belongs to. This means that if I have two VMs with the same names in two different resource groups then in Log Analytics there is no way to differentiate between them. So, is there a workaround for this? Is it possible to enrich the data collected by Microsoft Monitoring Agent?
It is not possible to enrich the data collected by Microsoft Monitoring Agent at the moment.
Someone alredy created a request:
https://feedback.azure.com/forums/267889-log-analytics/suggestions/17005000-multi-tenancy-collect-azure-health-logs-from-diff