Home All Exam's Azure Monitor Step by Step Deployment Part 2

Azure Monitor Step by Step Deployment Part 2

0
619
Azure Monitor- Step-by-Step-Deployment-Part 2

Azure Monitor- Step-by-Step-Deployment-Part 2

 

In this post lets see the following,

  • How to enable monitoring on non azure VM
  • Create computer groups
  • Enable Performance counters and windows event logs
  • Create an alert when a DB is down from Event viewer logs.

Azure Monitor can collect data directly from physical or virtual Windows computers in your environment into a Log Analytics workspace for detailed analysis and correlation. We can collect data from a datacenter or other cloud environments.

To Download the agents ,Workspace ID & Primary Key

INSTALLING THE AGENT ON NON AZURE VM

Run the downloaded agent on the target VM

In this window choose connect the agent to OMS
Copy the workspace ID and Key from Agents management

If you have proxy setup, click on advanced and enter the details

Enter the URL and Credentials if you have proxy

Please note the below URLS should be allowed in firewall and proxy(If you have)

DestinationPort number
*.ods.opinsights.azure.com443
*.oms.opinsights.azure.com443
*.blob.core.windows.net443
*.azure-automation.net443

Validate the Agent Installation

from control panel search for Microsoft monitoring agent and click on OMS tab

Check under Agent management page to see if the agent is reporting

ENABLE DATA COLLECTION

By default the data collections will not be enabled, You need to enable the required Event logs, Performance counter, IIS logs etc. Now lets see how to enable the collections,

click on advanced settings Under Data–>Windows event logs

Type the required events logs to capture as below

In this example I have enabled the application logs.

Similarly enable the required performance counter

Modify the Sample interval as required. You can select a maximum of 1800 seconds as sample interval.

And remember to save the selected collections.

CREATE COMPUTER GROUP

Saved Groups are groups that are created from a search query. Any query in search that returns a list of computers can be saved as a Saved Group. Go to Search. Enter a query that returns a list of computers. By choosing to save the query, you can enable the toggle to save the query as a computer group. You can view and manage all your Saved Groups in this page.

Sample Query

In this query I have selected the VMS with windows as os family, Remember you need to have distinct computer in the query to be able to save it as computer group

VMComputer | where OperatingSystemFamily contains “Windows” | distinct Computer

Enter the query in logs and click on save.. Select save as function and enable the “save this query as computer group”

Now you can see the group which we have saved

ALERT RULE

As we mentioned in the part 1 post, We can configure alerts. This post lets see how to enable alerts for windows evet logs.

Create new alert rule

Configure the signal logic and you can either choose existing or create a custom log search

I

In this search query, Enter the query which needs to be filtered as signal logic

Event | where RenderedDescription has “service entered the stopped state.”

SAMPLE EVENT LOG QUERY AND OUTPUT

Alert received

Below is the sample alert received in Azure app and you can also receive as a PUSH notification

 

 

Author : Amarnath Rajendran

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here