I am trying to setup alerting for our cloud infrastructure. What I want to achieve is that using the Azure metrics, I can monitor all our virtual machines. I have setup a lot of alert rule for windows based on metrics using Azure Virtual Guest Metrics and the default Azure Platform metrics. But now I am looking for an alert rule for the virtual machines health. I don't want to use log query alert rules for a reason (ask me if you want to know the reason), so I searched the internet and came across this blog https://contoso.se/blog/?p=4532. This guy described about the heartbeat metric as shown in this screenshot.
I tried to set this up, but during the selection of the correct metric in the alert rule, I cannot find this as you can see in this screenshot.
Can someone tell me why this heartbeat metric is not showing up?
Related
Azure availability report is based on the number of heartbeat alert generated in log analytics workspace. Therefore, low availability in the report doesn't really mean that a VM was unavailable due to issues in a given month. It could be different reasons eg. was switched off/deallocated or only created in the last few days in a given month etc.
any logic to improve this any KQL or new azure solution.
Have you gone through looking for VM insights, does that provide you the information you required?
VM insights can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues and can also help you understand whether an issue is related to other dependencies.
You can create a dashboard with different possible options of kusto queries that depend on what you are looking for.
Here are the few other examples of Kusto Query
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/examples
https://learn.microsoft.com/en-us/azure/azure-monitor/insights/solution-agenthealth#sample-log-searches
You can even have these additional readings of all possible ways of the information you required.
Visualizing data from Azure Monitor
Monitoring Azure virtual machines with Azure Monitor
Create and share dashboards of Log Analytics data
Quickstart: Monitor an Azure virtual machine with Azure Monitor
Collect data from an Azure virtual machine with Azure Monitor
Overview of VM insights
I am new to GCP and come from an Azure background. Is there an equivalent of "Azure Application Insights" on the GCP side for Monitoring Applications?
Let me explain my use case more clearly with an example: If I have a .NET based web application running on a Windows VM on GCP can Google Cloud Monitoring help detect Exceptions raised by the running application and send out alerts.
Any pointers/links to further explore this type of monitoring capability would be helpful.
Cloud Monitoring will provide you with many statisctics - most probably with what you need. And if there aren't any metrics to suit you need you may create ones based on the logs collected from the VM.
By default there is a number of logs being ingested but if you want to have full range and experiment with various ones you may want to install a monitoring agent. Go through the documentation and have a look.
You can then use the metrics to create charts and have a live view on a number of things such as cpu utilisation, disk IO/s, dropped/sent/received packets etc. Here's the Cloud Monitoring documentation.
And finally - you can create alerts based on the metrics (set thresholds, time periods etc). They can be simple e-mail alerts for example but they can be sent via pub-sub and trigger some functions or apps too.
Since you're new to GCP it's a lot of reading ahead of you but you will easily find documentation for most of GCP's services.
If you provide more details I can update my answer and give you more precise answer.
I have several virtual machines and virtual machine scale sets in Azure for which I want to collect Windows Security event logs. I attempted to add these events to the Log Analytics workspace used by Sentinel through the portal.
This produces the following error message.
'Security' event log cannot be collected by this intelligence pack
because Audit Success and Audit Failure event types are not currently
supported.
It's a hard requirement for me that Sentinel has access these Security logs. I've been trying to figure out what my options are, and I haven't found a good one yet.
The prescribed approach appears to be setting up a Data Connector in Sentinel for the Security Events. I hit a couple of interesting things attempting this.
Virtual machine scale sets support is limited. No actions are
available at this moment.
It looks like I can't connect virtual machine scale sets, which is a big problem. Additionally, I can't even select the tier of the security events (see below) from this context.
So it looks like I have to use Azure Security Center. From within Azure Security Center the only way I can add these Security Events is to turn on Auto-Provisioning and install the Microsoft Monitoring agent (MMA) on every VM, something I don't want to do. I'm also concerned about costs using ASC.
Are there any other options? Am I going about this the wrong way?
The Security event log is automatically added behind the scenes when adding the monitoring agent on the VM.
In regards to the VMSS, I am not sure what your options are there.
I deployed an Azure Machine Learning model to AKS, and would like to know how to set an alert if the deployment status changes to any value other than 'Healhty'. I looked at the monitoring metrics in the workspace, but it looks like they are more related to the training process (Model and Run) and Quotas. Please let me know if you have any suggestions
Thanks!
Aazure Machine Learning does not provide a way to continuously monitor the health of your webservice and generate alerts.
You can set up this fairly easily using Application Insights(AML Workspace comes with a provisioned Application Insights).
You can monitor the webservice scoring endpoint using URL ping or web test in App Insights.
In Log analytics for network security groups, Microsoft describes how to enable "Counter logs" that keep track of how many times the security rules for NSGs are invoked.
I've followed the instructions in the article, enabling the NetworkSecurityGroupRuleCounter for my NSG, but I don't get any events. I am sure that my Inbound and Outbound rules are being invoked; I can successfully use them to block incoming and outgoing traffic for VMs in the group.
As you can see, the setting is enabled as shown in the article. Is there something else that's needed to make the Counter logs show up?
This turned out to be a software fault and not a configuration issue. I finally got an engineer at Microsoft to look at this problem. They restarted an agent on a host machine, which fixed the issue.
Have you tried choosing a different storage account to see if the logs are recorded?
How exactly are you analyzing the logs?
Is the Storage account created in Azure Resource Manager?
Check and make sure that the Storage account that you have chosen for the logs is created in Azure Resource manager.