azure:az-500:alt:monitoring_and_logging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
azure:az-500:alt:monitoring_and_logging [2022/07/23 14:00] – created mmuzeazure:az-500:alt:monitoring_and_logging [2023/04/16 01:03] (current) mmuze
Line 1: Line 1:
 ====== Monitoring and Logging ====== ====== Monitoring and Logging ======
 +====== Azure Monitor ======
 **Azure Monitor** is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments. **Azure Monitor** is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments.
- +  * [[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview| Platform Logs]]
-  * [[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview]]+
  
   * By default the Activity Log keeps logs for 90 days.   * By default the Activity Log keeps logs for 90 days.
Line 16: Line 16:
   * **Azure Monitoring Agent (AMA)** is an agent that runs on Windows or Linux OS that can collect logs and metrics.   * **Azure Monitoring Agent (AMA)** is an agent that runs on Windows or Linux OS that can collect logs and metrics.
   * Some logs are automatically generated by resources by default, but for more details logging it maybe necessary to enabled diagnostics logs for a resource, or, in the case of VMs, install an agent on the OS.   * Some logs are automatically generated by resources by default, but for more details logging it maybe necessary to enabled diagnostics logs for a resource, or, in the case of VMs, install an agent on the OS.
 +  * **//Azure Monitor Log Analytics//** is a tool used to produce insights from Azure Monitor logs.
  
  
-===== Diagnostic Logs vs. Activity Logs =====+===== Diagnostic Logs/Resource Logs vs. Activity Logs ===== 
 +  * Resource Logs were previously called Diagnostic Logs
   * [[https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane]]   * [[https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane]]
  
-> These logs differ from the activity log. The **activity log** provides insight into the operations, such as creating a VM or deleting a logic app, that Azure Resource Manager performed on resources in your subscription using. The activity log is a subscription-level log. Resource-level **diagnostic logs** provide insight into operations that were performed within that resource itself, such as getting a secret from a key vault.+> These logs differ from the activity log. The **activity log** (previously known as audit logs) provides insight into the operations, such as creating a VM or deleting a logic app, that Azure Resource Manager performed on resources in your subscription using. The activity log is a subscription-level log. Resource-level **diagnostic logs** provide insight into operations that were performed within that resource itself, such as getting a secret from a key vault.
  
   * activity logs represent events on the control/management plane   * activity logs represent events on the control/management plane
-  diagnostic logs represent events on the data plane +      The represent operations performed **//on//** resources 
-  * //diagnostic logs// may be referred to as //[[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs|resource logs]]//; they represent operations that were performed within a resource+      * They represent the **//creation and modification//** of resources 
 +      * Ex: creating a container in a storage account 
 +  * resource logs represent events on the data plane 
 +  * [[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs|resource logs]]// were previously called diagnostic logs; they represent operations that were performed within a resource 
 +      * They represent logs related to the **//use//** of resources. 
 +      * Ex: Reading data from a blob/file in a container
  
  
   * Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you create a [[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#diagnostic-settings|diagnostic setting]].   * Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you create a [[https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#diagnostic-settings|diagnostic setting]].
 +
 +====== Azure Monitoring Agent ======
 +  * To install AMA on a machine it needs to be registered with a //Log Analytics Workspace// and this is done by specify the //Workspace ID// and //Workspace key//.
 +
 +====== Log Analytic Workspace ======
 +> A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Each workspace has its own data repository and configuration but might combine data from multiple services.
 +
 +====== Log Analytics ======
 +> Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs and interactively analyze their results. 
 +
 +====== Alerts ======
  
  • azure/az-500/alt/monitoring_and_logging.1658584814.txt.gz
  • Last modified: 2022/07/23 14:00
  • by mmuze