Azure Log Analytics
Azure Log Analytics
The Azure Log Analytics agent collects telemetry from Azure resources, on-premises machines, and machines monitored by System Center Operations Manager and sends the collected data to your Log Analytics Workspace in Azure Monitor. The Log Analytics agent also supports insights and other services in Azure Monitor such as VM insights and Azure Security Center.
Azure Log Analytics Workspaces
Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor Logs and interactively analyze their results. You can use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide a variety of insights into your data.
Azure Log Analytics Cluster
Azure Monitor Logs Dedicated Clusters are a deployment option that enables advanced capabilities for Azure Monitor Logs customers. Customers can select which of their Log Analytics workspaces should be hosted on dedicated clusters. Capabilities that require dedicated clusters currently include: Customer-managed Keys, Double encryption, Availability Zones, Lockbox and Multi-workspace.
NOTE: Dedicated clusters require customers to commit for at least 500 GB of data ingestion per day.
Linking Log Analytics Workspaces to a Log Analytics Cluster in your current subscription
- To link an existing Log Analytics Cluster to a
COVID 19 EU Digital Green Certificate Project’s Log Analytics Workspaces, finstly enableenable_log_analytics_workspacetotrueand add the resource id of the cluster inlog_analytics_cluster_idinterraform.tfvars
...
enable_log_analytics_workspace = true
log_analytics_cluster_id = "<id>"
...
Azure Log Analytics Solution
Monitoring solutions in Azure Monitor provide analysis of the operation of an Azure application or service.
Azure Log Analytics Solutions table
| Log Analytics Solution | Publisher | Product | Description |
|---|---|---|---|
| ContainerInsights | Microsoft | OMSGallery/ContainerInsights | Container insights is a feature designed to monitor the performance of container workloads. |
| KeyVaultAnalytics | Microsoft | OMSGallery/KeyVaultAnalytics | Key Vault insights provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. |
| SecurityInsights | Microsoft | OMSGallery/SecurityInsights | Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.The Azure Sentinel PowerShell module (Az.SecurityInsights) allows you to interact with the following components: Incidents Analytics Rules (Alert Rules) |
| NetworkMonitoring | Microsoft | OMSGallery/NetworkMonitoring | Network Monitoring insights is a feature designed to monitor the performance of Network Monitoring traffic. |
| ServiceMap | Microsoft | OMSGallery/ServiceMap | Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent. |
| AzureActivity | Microsoft | OMSGallery/AzureActivity | The Activity log is a platform log in Azure that provides insight into subscription-level events. This includes such information as when a resource is modified or when a virtual machine is started. You can view the Activity log in the Azure portal or retrieve entries with PowerShell and CLI. This article provides details on viewing the Activity log and sending it to different destinations. |
| Updates | Microsoft | OMSGallery/Updates | Enable Update Management using Azure Resource Manager template |
| SQLAssessmentPlus | Microsoft | OMSGallery/SQLAssessmentPlus | SQL Health Check solution to assess the risk and health of your server environments on a regular interval, provides a prioritized list of recommendations specific to your deployed server infrastructure. The recommendations are categorized across six focus areas which help you quickly understand the risk and take corrective action |
Azure Log Analytics Diagnostic Setting
Manages a Diagnostic Setting for an existing Resource
Azure Log Analytics Diagnostic Setting table
| Resource | Log | Metric |
|---|---|---|
| KeyVault | AuditEvent | AllMetrics |
| ACR | ContainerRegistryRepositoryEvents | ContainerRegistryLoginEvents |
| MySQL Server | MySqlAuditLogs, MySqlSlowLogs | AllMetrics |
| AKS | oms_agent | oms_agent |
Calls to Action
Learn more about Azure Log Analytics and get the most up-to-date information at the Microsoft Docs.
Read about Terraform in the next section.