Microsoft Cloud App Security log collector + OMS = Docker container monitoring
Need a quick method to monitor Docker containers? How about monitoring the Docker container that is utilized for automatic log upload for Microsoft Cloud App Security? If so, try out Microsoft OMS Container Monitoring Solution to monitor your docker containers including continuous log collectors using Docker in Microsoft Cloud App Security!
Did you know that Microsoft Operations Management Suite (OMS) offers many other management and monitoring solutions including update management for Windows, Surface Hub monitoring, Security and Audit information and many more. For more details please visit: /en-us/azure/log-analytics/log-analytics-add-solutions
If you’re utilizing Microsoft Cloud App Security in your environment today and would like to learn more about automatic log upload for continuous Cloud App Security reports please visit: /en-us/cloud-app-security/discovery-docker
The following walks through setting up the Container Monitoring Solution in Azure to monitor a Docker container used for Cloud App Security automatic log upload hosted on an Azure VM.
Requirements
- Microsoft Azure
- Microsoft Operations Management Suite (OMS)
- Docker running on the platforms listed here: /en-us/azure/log-analytics/log-analytics-containers
Assumptions for this post
- Docker containers are deployed for use with Cloud App Security automatic log upload: https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker
Let’s get started…
Here’s a look at the Ubuntu VM with Docker used for Cloud App Security automatic log upload:
If you have an Azure subscription log in, select “new” from the upper left, and search for “container monitoring solution”:
Select Container Monitoring Solution and Create to add it to your OMS workspace:
Once the instance of Container Monitoring Solution is added, sign-on to your host where the containers are deployed and follow the instructions to install the OMS agent used for monitoring the host: https://github.com/Microsoft/OMS-docker#supported-linux-operating-systems-and-docker
You’ll run a script that is discussed in the link above to install the OMS agent:
Once the installation in complete, navigate back to the OMS admin portal and look for a new tile called “Container Monitoring Solution”:
Select the tile and view the status of the containers on the host:
From the information provided, I can see I have a failure with my Cloud App Security Log Collector (i.e. I named the container “LogCollector”)
When we drill down into the failure I can see that the which container is failing and other details:
Monitoring Docker containers using Microsoft OMS as well as the containers used for log collection for Cloud App Security was really simple and I encourage everyone to deploy OMS today.