I want to monitor external systems using azure monitor. Is it possible?
For example, I have on-prem Linux server with mysql DB, can I monitor the server and its DB like availability, errors,...?
Firstly, you can use “Azure Monitor agent” that is explained here. Would recommend you to use Azure Monitor Log Analytics agent as instructed here. The reason for it is “Azure Monitor Agent” as informed in this section, currently only Azure VMs are supported and on-premises VMs, virtual machine scale sets, Arc for Servers, Azure Kubernetes Service, and other compute resource types are currently not supported.
Next, If you have “Azure Monitor Log Analytics agent on Windows machine” then you may have to check below things:
As explained here, Change Tracking and Inventory requires linking a Log Analytics workspace to your Automation account so I recommend you to double check it. For a definitive list of supported regions, see Azure Workspace mappings. The region mappings don't affect the ability to manage VMs in a separate region from your Automation account.
Follow this troubleshooting steps in your case (i.e., if you don't see any Change Tracking and Inventory results for Windows machines that have been enabled for the feature).
As mentioned here, note that currently Change Tracking and Inventory currently is experiencing the following issue w.r.t Windows environment: Hotfix updates aren't collected on Windows Server 2016 Core RS3 machines.
Related
Azure availability report is based on the number of heartbeat alert generated in log analytics workspace. Therefore, low availability in the report doesn't really mean that a VM was unavailable due to issues in a given month. It could be different reasons eg. was switched off/deallocated or only created in the last few days in a given month etc.
any logic to improve this any KQL or new azure solution.
Have you gone through looking for VM insights, does that provide you the information you required?
VM insights can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues and can also help you understand whether an issue is related to other dependencies.
You can create a dashboard with different possible options of kusto queries that depend on what you are looking for.
Here are the few other examples of Kusto Query
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/examples
https://learn.microsoft.com/en-us/azure/azure-monitor/insights/solution-agenthealth#sample-log-searches
You can even have these additional readings of all possible ways of the information you required.
Visualizing data from Azure Monitor
Monitoring Azure virtual machines with Azure Monitor
Create and share dashboards of Log Analytics data
Quickstart: Monitor an Azure virtual machine with Azure Monitor
Collect data from an Azure virtual machine with Azure Monitor
Overview of VM insights
Out of the box, Azure Advisor includes Cost recommendations for the resource type of Virtual Machines, based on resource utilization.
If I look at them under our subscription they have the following information:
Is there any way to get similar advisory for the Virtual Machine Scale Set resource type? Is there any included out of the box?
Or if I want to get average resource consumption, of let's say CPU percentage of all or individual Virtual Machine instances inside of a Virtual Machine Scale set, to be able to aid in the decision if the SKU of the Virtual Machine Scale Set is appropriate, I need to make a query for this inside of Monitor Logs or similar?
Could one create their own custom made advisories (inside of Azure Advisor, if not - anywhere else?), to get this functionaltiy in place (if it isn't already provided)?
Thanks!
Is there any way to get similar advisory for the Virtual Machine Scale Set resource type? Is there any included out of the box?
As per the Azure Advisor documentation, Advisor provides recommendations for the following resource types:
Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and Virtual machines.
Although Azure Advisor also includes your recommendations from Azure Security Center which may include recommendations for additional resource types, this list does not cover cost recommendations for VMSS as of today, AFAIK.
I need to make a query for this inside of Monitor Logs or similar?
To monitor your Virtual machine Scale sets, you can leverage Azure Monitor. The performance views in the VM Insights feature are powered using log analytics queries, offering “Top N”, aggregate, and list views to quickly find outliers or issues in your scale set based on guest level metrics for CPU, available memory, bytes sent and received, and logical disk space used.
You can also deploy the Azure Monitor Application Insights Agent on Azure virtual machine scale sets to enable monitoring for your .NET or Java based web applications and get all the benefits of using Application Insights without modifying your code.
Could one create their own custom made advisories (inside of Azure Advisor, if not - anywhere else?), to get this functionaltiy in place (if it isn't already provided)?
Nope, that is not doable as of today. Azure Advisor is a managed offering that analyzes your resource configuration and usage telemetry and then recommends solutions that can help you optimize your Azure resources. Feel free to share your feedback and ideas here for the Advisor team to evaluate and prioritize.
I have several virtual machines and virtual machine scale sets in Azure for which I want to collect Windows Security event logs. I attempted to add these events to the Log Analytics workspace used by Sentinel through the portal.
This produces the following error message.
'Security' event log cannot be collected by this intelligence pack
because Audit Success and Audit Failure event types are not currently
supported.
It's a hard requirement for me that Sentinel has access these Security logs. I've been trying to figure out what my options are, and I haven't found a good one yet.
The prescribed approach appears to be setting up a Data Connector in Sentinel for the Security Events. I hit a couple of interesting things attempting this.
Virtual machine scale sets support is limited. No actions are
available at this moment.
It looks like I can't connect virtual machine scale sets, which is a big problem. Additionally, I can't even select the tier of the security events (see below) from this context.
So it looks like I have to use Azure Security Center. From within Azure Security Center the only way I can add these Security Events is to turn on Auto-Provisioning and install the Microsoft Monitoring agent (MMA) on every VM, something I don't want to do. I'm also concerned about costs using ASC.
Are there any other options? Am I going about this the wrong way?
The Security event log is automatically added behind the scenes when adding the monitoring agent on the VM.
In regards to the VMSS, I am not sure what your options are there.
I have few (around 10) Windows Services on my existing environment. We are planning to migrate to Azure with the following.
Host our database on Azure SQL Database.
Install all the 10 Windows Services in a Azure Virtual Machine. Please note that these Windows Services does bulk inserts into the Azure SQL databases.
Take 2 instances of VM (specified in #2 above) and configure them in an Availability Set to avail the SLA.
I have two questions.
Do I need to install all my 10 Services to both the VMs?
Will that NOT be reduntant running the Windows Services in both the VMs? So, the Bulk Inserts will be duplicated to the Azure SQL Databases.
Please let me know if I am thinking in the right direction or are there any alternate methods (like Worker Roles) of utilizing the existing Windows Services on Azure with minimum or no changes?
It looks like, I got an answer to my question. When there are two VMs in a given Availability Set, ONLY one will be up and running. The other VM will come into picture only when the primary VM is down.
Thanks,
Prawin
If you are to take advantage of Azures SLA you will need to have at least 2 VM's (from within the same family) in an availability set. The SLA covers the VM's in the availability set NOT what you are running on the OS. For example if you have all services running on one instance and that box goes down, you lose those services till the box recycles. Microsoft is still covered on their SLA because at least one of the VM's in the availability set is available.
There is no Management API for reading azure monitoring data. Is there any way other than getting the monitoring data directly from a VM through remote desktop connection? We basically want to display a chart for "CPU usage percentage Vs. Time”. Actually, Azure site displays monitoring data for each VM-is there any way I can read that data and display it in a report? Any PowerShell cmdlets?
Suggested good related articles:
How to monitor Cloud Services
Enabling Diagnostics in Windows Azure
If you, however refer to Windows Azure Virtual Machines then you have to organize monitoring of these a similar way you would organize a monitoring over machines in private cloud (hyper-v)
You can fetch the CPU data for cloud services (Web/workers and VMs) through the Azure Metrics API, see: https://convective.wordpress.com/2014/06/22/using-azure-monitoring-service-with-azure-virtual-machines/
You can find example code in https://github.com/WadGraphEs/AzurePlot