It is possible to connect Azure VM to Log Analytics via Microsoft Monitoring Agent virtual machine extension (https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-azure-vm-extension). But the data received in Log Analytics has nothing to say about the subscription or the resource group the VM belongs to. This means that if I have two VMs with the same names in two different resource groups then in Log Analytics there is no way to differentiate between them. So, is there a workaround for this? Is it possible to enrich the data collected by Microsoft Monitoring Agent?
It is not possible to enrich the data collected by Microsoft Monitoring Agent at the moment.
Someone alredy created a request:
https://feedback.azure.com/forums/267889-log-analytics/suggestions/17005000-multi-tenancy-collect-azure-health-logs-from-diff
Related
Azure availability report is based on the number of heartbeat alert generated in log analytics workspace. Therefore, low availability in the report doesn't really mean that a VM was unavailable due to issues in a given month. It could be different reasons eg. was switched off/deallocated or only created in the last few days in a given month etc.
any logic to improve this any KQL or new azure solution.
Have you gone through looking for VM insights, does that provide you the information you required?
VM insights can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues and can also help you understand whether an issue is related to other dependencies.
You can create a dashboard with different possible options of kusto queries that depend on what you are looking for.
Here are the few other examples of Kusto Query
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/examples
https://learn.microsoft.com/en-us/azure/azure-monitor/insights/solution-agenthealth#sample-log-searches
You can even have these additional readings of all possible ways of the information you required.
Visualizing data from Azure Monitor
Monitoring Azure virtual machines with Azure Monitor
Create and share dashboards of Log Analytics data
Quickstart: Monitor an Azure virtual machine with Azure Monitor
Collect data from an Azure virtual machine with Azure Monitor
Overview of VM insights
Can Azure Sentinel aggregates data from devices running on-premises?
Yes, check out the microsoft documentation: https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources
Default connectors can already ingest data from Windows Event logs and firewalls
External API's for Okta, Barracuda WAF, etc are there as well
Syslog data collected by an agent
Most/all of this can be done with the Log Analytics Agent
I need to monitor an external IP. This is for the Virtual Network Gateway, I cant use AzureDiagnostics because we are using Policy based tunnel.
Anyone with an idéa for monitoring this external IP? And get it in Log analytics for monitoring?
Azure supports metric Microsoft.Network/publicIPAddresses type in Azure Monitor. You could use metrics explorer to analyze collected metrics on a chart and compare metrics from different resources. You can also retrieve metrics by using the Azure monitoring REST API. Moreover, for non-VM resources, you need to configure diagnostic settings to send logs for log analytics.
Can the windows diagnostic do the same as the OMS extension in terms of getting performance counter information and event details? Is there a reason to use the OMS extension over WAD for event/performance information?
Can the windows diagnostic do the same as the OMS extension in terms
of getting performance counter information and event details?
WAD: This uses Azure Diagnostics agent for single VM.
OMS: When you use OMS to monitor your VM or multiple Vs, The OMS collect data from Microsoft Monitoring Agent by default. However, OMS can collect data from managed resources into a central repository. This data could include events, performance data, or custom data provided through the API. So, OMS can also use the WAD's data through the storage account which contains the agent's data.
So, OMS has more features than WAD. Also as #4c74356b41 said, if you want to monitor one VM, WAD is enough to achieve that.
Is there a reason to use the OMS extension over WAD for
event/performance information?
OMS focus on collecting data from different place and Log Analytics.
It can collect data from Windows/Linux VMs, Azure services and Data Collector API.
Reporting and analyzing data is the most important feature of OMS. Alerting can also be configured in OMS.
Azure Automation provides process automation and configuration management to OMS.
Over all, if you want to do Analytics from multiple service, OMS is the best choice. If you only want to monitor a single VM rather doing other things, WAD is enough.
if you are looking at performance from one vm - no.
but there is a chance you have more than one vm oms extension suddenly gets more interesting, as you can look at all of the vms at the same time, setup alerts, actions etc.
In my company we have one Azure subscription and there are two or three users which are added on the same subscription and have right to create any resource on Azure.
Now since three users are working on same subscription and they are independently creating resources, I want to keep track or see which user created what resource on the same subscription.
Please let me know is there any way to see this tracking/activity details corresponding to the user.
Currently all users have administrator role/permission.
You are looking for the Activity Log:
The Azure Activity Log is a log that provides insight into the
operations that were performed on resources in your subscription
The Activity Logs provides customers a Portal and REST API experience to see who performed what management operations (PUT/DELET/POST) through Azure Resource Manager (ARM) for the past 90 days.
For anything older than 90 days, you have the option to archive the data to storage account or stream the data to Event Hub if you would like to ingest this data into your own system.
The Activity Log data is also available through the Operations Management Suite.
http://www.deployazure.com/management/operations-management-suite/azure-activity-log-analytics-alerts-with-operations-management-suite/