Skip to content

epomatti/az-vm-monitor-logs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.assets
.assets
 
 
infra1
infra1
 
 
infra2
infra2
 
 
infra3
infra3
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure VM monitoring

Native monitoring with Azure VMs using the Azure Monitor Agent (AMA).

Different methods are implemented in this repository:

  • /infra1 - Data collection (direct configuration with Terraform)
  • /infra2 - Monitor VM Insights
  • /infra3 - Custom Logs / Application + Diagnosis (incoming)

Infra 1️ - Data Collection Rules

For the Azure Monitor Agent, check the requirements.

  • Permissions
  • Authentication / Identity (Managed Identity)
  • Networking / Azure Firewall

Run the from ./infra1 directory:

terraform init
terraform apply -auto-approve

The agent is configured via Data Collection Rules. Check the documentation for details.

Collection options are Linux Syslog, Performance Counters, and custom TXT or JSON.

Infra 2 - VM Insights

Another method of monitoring VMs is via Monitor VM Insights

The startup code is in the ./infra2 directory:

terraform init
terraform apply -auto-approve

Once completed, connect to the VM and check if Docker has been installed correctly.

cloud-init status

Use the Portal or other interface to enable VM Insights.

Download the stressbox tool to simulate resource usage:

sudo docker pull epomatti/stressbox:arm64
sudo docker run -d -p 8080:8080 epomatti/stressbox:arm64

Simulate CPU consumption:

for i in {1..100}; do curl 0:8080/cpu?x=42; done

Example 3

From the documentation:

  • Virtual machine host
  • Guest operating system
  • Workloads
  • Applications

Configuration steps covered here:

  1. Deploy Azure Monitor agent - Deploy the Azure Monitor agent to your Azure and hybrid virtual machines to collect data from the guest operating system and workloads.
  2. Configure data collection - Create data collection rules to instruct the Azure Monitor agent to collect telemetry from the guest operating system.

Large infrastructure landscapes should consider Log Analytics Workspace architecture designs.

Operational data is the scope for Azure Monitor. Security data is handle by Microsoft Defender for Cloud (inspector) and Microsoft Sentinel (threat intelligence).

There is a Diagnostics Extensions available that collects Metrics, Syslog, and Files, and publish them to a storage. There are several prerequisites (or limitations) and really there are other options available.

Within the same scope, there's Telegraf Agent integration available. This is not officially supported by Azure Monitor.

The OMS agent is being deprecated in favor of the Azure Monitor Agent, which is used in this example.

The Network Watcher Agent extension is required by some features of Network Watcher, such as capturing network traffic on demand, and other advanced functionality.

Sentinel:

  • Microsoft Defender for Cloud - Allows the ingestion of Microsoft Defender for Cloud.
  • Microsoft Threat Intelligence - Threat indicators can be malicious IP's, URL's, filehashes, domains, email addresses etc.

https://learn.microsoft.com/en-us/azure/sentinel/connect-services-api-based https://learn.microsoft.com/en-us/azure/sentinel/connect-services-diagnostic-setting-based https://learn.microsoft.com/en-us/azure/sentinel/connect-services-windows-based

About

Native monitoring with Azure VMs

Topics

agent azure terraform ama log-analytics azure-security azure-monitor azure-vm-insights azure-monitor-agent

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages