Last week we discussed the way to populate OMS with servers by installing the agent directly to a machine. That allows you do deploy the agent on physical and in VMs on-premises and in any cloud where your workloads are running.
The whole OMS thing really makes sense for all ITPros. It makes all the learning's that Microsoft has accumulated running our cloud environment available to you by letting the power of log analytics to insights in your environment.
On top of collecting data directly from servers and VMs, OMS can also analyze data written to Azure storage by Azure diagnostics. To achieve that there are 3 main steps that we will perform in this Lab:
- Configure a storage account that will be used to store the logs from VMs in Azure
- Configure the collection of diagnostic data to Azure storage in the VM settings
- Configure OMS to analyze data in the storage account
Azure Diagnostics is an Azure extensions that enables you to collect diagnostic data from a worker role, web role, or virtual machine running in Azure. The data is stored in an Azure storage account and can then be used by OMS
Azure Diagnostics can collect the following info:
|IIS Logs||Information about IIS web sites|
|Azure Diagnostic infrastructure logs||Information about Diagnostics itself.|
|IIS Failed Request logs||Information about failed requests to an IIS site or application.|
|Windows Event logs||Information sent to the Windows event logging system.|
|Performance counters||Operating System and custom performance counters.|
|Crash dumps||Information about the state of the process in the event of an application crash.|
|Custom error logs||Logs created by your application or service.|
|NET EventSource||Events generated by your code using the .NET EventSource class|
|Manifest based ETW||ETW events generated by any process.|
Currently, OMS can analyze:
- IIS logs from Web roles and virtual machines
- Windows Event logs from Web roles, Worker roles and Azure virtual machines running a Windows operating system
- Syslog from Azure virtual machines running a Linux operating system
The logs must be in the following locations:
- WADWindowsEventLogsTable (Table Storage) – Contains information from Windows Event logs.
- wad-iis-logfiles (Blob Storage) – Contains information about IIS logs.
- LinuxsyslogVer1v0 (Table Storage) – Contains Linux syslog events.
so let’s set that up in our Azure environment.
Configure a storage account that will be used to store the logs from VMs in Azure
I’m performing the next few tasks in the Azure Preview Portal.
1- in the Azure Preview Portal click the “Plus sign” and select Data & Storage in the list.
2- in the Data & Storage section select “Storage Account”
3- Provide a name for your Storage Account, click the Diagnostic Menu, set the Status to On and clock ok to save your settings.
4- Complete the Storage Account Creation by Clicking Create.
Your Storage Account is now ready to receive the logs from your environment.
Configure the collection of diagnostic data to Azure storage in the VM settings
Next we will setup our virtual machines to store the logs in the Storage Account we just created. please remember that if you have Web roles, you can also configure them to store the logs to be analyzed.
1- In the Azure Preview Portal, select Browse and Virtual Machines in the listing provided.
2- Select the VMs you want to configure (remember that you will have to perform this step on all the VMs and Web Role you want to monitor.
3- On the blade for the VM configuration click “All Settings”
4- and click the Diagnostics menu.
5- In the Diagnostics blade, set the Status to ON, and configure witch logs and how verbose you want them and click Save to commit your changes.
Complete this for all the VMs and Web Role you want to monitor.
Configure OMS to analyze data in the storage account
This functionality is still configured in the Operational Insights interface.
1- In the default Azure portal, navigate to your Operational Insights workspace, in my case, CANITPRO-OMS and select the Storage tab.
2- Click Add a Storage Account to open the Add Storage Account dialogue box or the PLUS Add in the action bar.
3- in the Add Storage Account dialogue select the storage account that you want to use. The type of data you want to analyze (either Events or IIS Logs) and the Blob container where the logs are located.
** you can add the same Storage account twice to collect both the IIS logs and the Event Logs.**
that’s it!! after I log on to https://canitpro-oms.portal.mms.microsoft.com (my portal) , I notice that OMS is now collecting and analyzing the info in those logs to report on the health of these workloads.
I’ll let this environment run for a few days so I can collect some data. Next week we’ll take a look at some of the other wonderful capabilities of OMS. Things like Automation and Backup among others.