I've setup a 150plus performance counters via diagnostics.wascfg file. The counters are appearing in wadperformance table.
When I logged on to azure VM and used Permon tool I could not see any of these counters setup. Please help me understand, how does it work?
One way to view this data is through 3rd party tools like Cerebrata's Azure Management Studio or Azure Diagnostics Manager (http://www.cerebrata.com). These tools essentially fetches the data from WADPerformanceCountersTable table and displays them in a Perfmon like UI.
If you want to view the data locally on your computer through Perfmon, do take a look at this blog post: http://blogs.msdn.com/b/developertofu/archive/2010/08/17/announcing-the-perfmon-friendly-azure-log-viewer-plug-in.aspx which talks about an extension to Microsoft's Windows Azure MMC (not sure if this tool is still supported). This tool again fetches the data from diagnostics table, converts them into a format Perfmon understands.
UPDATE
When I logged on to azure VM and used Permon tool I could not see any
of these counters setup. Please help me understand, how does it work?
Coming to your question, if I understand correctly your expectation is that when you launch perfmon you should see the counters which you have set already in the list. I don't think it's possible. When you configure Windows Azure Diagnostics (WAD) for capturing performance counters, basically you're telling WAD process to read values for the specified performance counters every "x" seconds/minutes and transfer this data into Windows Azure Storage every "y" minutes/hours. Perfmon is a client utility which has no idea about WAD. One possibility (though I have not tried it) is to launch Perfmon and configure the counters it needs to capture when your VM starts. That way when you RDP into your VM, you'll see Perfmon running and collecting the data for you.
Related
I am new to GCP and come from an Azure background. Is there an equivalent of "Azure Application Insights" on the GCP side for Monitoring Applications?
Let me explain my use case more clearly with an example: If I have a .NET based web application running on a Windows VM on GCP can Google Cloud Monitoring help detect Exceptions raised by the running application and send out alerts.
Any pointers/links to further explore this type of monitoring capability would be helpful.
Cloud Monitoring will provide you with many statisctics - most probably with what you need. And if there aren't any metrics to suit you need you may create ones based on the logs collected from the VM.
By default there is a number of logs being ingested but if you want to have full range and experiment with various ones you may want to install a monitoring agent. Go through the documentation and have a look.
You can then use the metrics to create charts and have a live view on a number of things such as cpu utilisation, disk IO/s, dropped/sent/received packets etc. Here's the Cloud Monitoring documentation.
And finally - you can create alerts based on the metrics (set thresholds, time periods etc). They can be simple e-mail alerts for example but they can be sent via pub-sub and trigger some functions or apps too.
Since you're new to GCP it's a lot of reading ahead of you but you will easily find documentation for most of GCP's services.
If you provide more details I can update my answer and give you more precise answer.
I have several virtual machines and virtual machine scale sets in Azure for which I want to collect Windows Security event logs. I attempted to add these events to the Log Analytics workspace used by Sentinel through the portal.
This produces the following error message.
'Security' event log cannot be collected by this intelligence pack
because Audit Success and Audit Failure event types are not currently
supported.
It's a hard requirement for me that Sentinel has access these Security logs. I've been trying to figure out what my options are, and I haven't found a good one yet.
The prescribed approach appears to be setting up a Data Connector in Sentinel for the Security Events. I hit a couple of interesting things attempting this.
Virtual machine scale sets support is limited. No actions are
available at this moment.
It looks like I can't connect virtual machine scale sets, which is a big problem. Additionally, I can't even select the tier of the security events (see below) from this context.
So it looks like I have to use Azure Security Center. From within Azure Security Center the only way I can add these Security Events is to turn on Auto-Provisioning and install the Microsoft Monitoring agent (MMA) on every VM, something I don't want to do. I'm also concerned about costs using ASC.
Are there any other options? Am I going about this the wrong way?
The Security event log is automatically added behind the scenes when adding the monitoring agent on the VM.
In regards to the VMSS, I am not sure what your options are there.
I have enabled sql server as part of performance counters. but when I a check log analytics or under metrics or Monitor. I see nothing. does it take time for data to come through? or some more setting is required.
AFAIK yes it does take some time of ~15 minutes. Before you verify SQL Perf related logs from Log Analytics, I would suggest you to double check whether SQLServer related performance counters are already added under YourLogAnalyticsWorkspaceName -> AdvancedSettings tile -> Data -> WindowsPerformanceCounters or not.
You may already be aware of this but as you are referring to VM level monitoring stuff so I would recommend you to read through this and this tutorials to understand about a new feature 'Virtual Machines (preview)' which is basically seen as a new tile under Azure Monitor.
Hope this helps!! Cheers!!
Is Azure diagnostics only implemented through code? Windows has the Event Viewer where various types of information can be accessed. ASP.Net websites have a Trace.axd file at the root that can viewed for trace information.
I was thinking that something similar might exist in Azure. However, based on the following url, Azure Diagnostics appears to require a custom code implementation:
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics/#overview
Is there an easier, more built-in way to access Azure diagnostics like I described for other systems above? Or does a custom Worker role need to be created to capture and process this information?
Azure Worker Roles have extensive diagnostics that you can configure up.
You get to them via the Role configuration:
Then, through the various tabs, you can configure up specific types of diagnostics and have them periodically transferred to a Table Storage account for later analysis.
You can also enable a transfer of application specific logs, which is handy and something that I use to avoid having to remote into the service to view logs:
(here, I transfer all files under the AppRoot\logs folder to a blob container named wad-processor-logs, and do so every minute.)
If you go through the tabs, you will find that you have the ability to extensively monitor quite a bit of detail, including custom Performance Counters.
Finally, you can also connect to your cloud service via the Server Explorer, and dig into the same information:
Right-click on the instance, and select View Diagnostics Data.
(a recent deployment, so not much to see)
So, yes, you can get access to Event Logs, IIS Logs and custom application logs without writing custom code. Additionally, you can implement custom code to capture additional Performance Counters and other trace logging if you wish.
"Azure diagnostics" is a bit vague since there are a variety of services in Azure, each with potentially different diagnostic experiences. The article you linked to talks about Cloud Services, but are you restricted to using Cloud Services?
Another popular option is Azure App Service, which allows you many more options for capturing logs, including streaming them, etc. Here is an article which goes into more details: https://azure.microsoft.com/en-us/documentation/articles/web-sites-enable-diagnostic-log/
We need to enable 25+ performance counters in windows azure web roles. I'm thinking of RDP'ing and enable them one by one. But this could take long time and also not guranteed for if we scale up.
Could someone please help me whether it's possible to automate this process? Preferably Powershell but other solutions are ok as well.
There is no way to enable performance counters by RDP'ing into Windows Azure machines, because performance counters are published by Windows regardless.
However, what I think you're asking for is to capture the 25+ performance counters into Azure Diagnostics store?
If that is the case, you will need to:
1) Enable Azure Diagnostics on your Web Roles. This must be done before deployment. It is a best practice and mostly everyone does it (I sure wish Microsoft would have just done it for every Role w/o explicit configuration setting, but
2) There are multiple ways to instrument capture of performance counters into diagnostics store:
a) using diagnostics.wadcfg file http://msdn.microsoft.com/en-us/library/gg604918.aspx (you will need to redeploy your app with that file)
b) using powershell (although I've never done it myself) http://michaelwasham.com/2011/09/19/windows-azure-diagnostics-and-powershell-performance-counters/ or http://www.davidaiken.com/2011/10/18/how-to-easily-enable-windows-azure-diagnostics-remotely/
c) using in-code instrumentation (you'll need to re-upload your app everytime you change which counters you want enabled) http://www.codeproject.com/Articles/303686/Windows-Azure-Diagnostics-Performance-Counters-In (I dont recommend in-code configuration, because it is too brittle)
d) using 3rd party tools like Cerebrata Diagnostics Manager or AzureWatch
e) using Azure Service Management API in conjunction with Azure Diagnostics API to get at the individual instance configuration and update it (this is how the third party tools & powershell do it)
In cases of using powershell, management API directly, or a tool like Cerebrata, you configuration will "stick" for the life of the deployment. Once you re-upload a new version of the app, the configuration will be lost.
Using diagnostics.wadcfg, in-code instrumentation, or AzureWatch, your configuration will persist throughout the re-uploads of the app
HTH