英文:
How to reach the logs of Log Analytics agent extension for VMSS?
问题
I've followed the manual remediation for the following recommendation from Microsoft Defender For Cloud regarding Virtual Machine Scale Set:
Log Analytics agent should be installed on virtual machine scale sets
Defender for Cloud collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats. Data is collected using the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. You'll also need to follow that procedure if your VMs are used by an Azure managed service such as Azure Kubernetes Service or Azure Service Fabric. You cannot configure auto-provisioning of the agent for Azure virtual machine scale sets. To deploy the agent on virtual machine scale sets (including those used by Azure managed services such as Azure Kubernetes Service and Azure Service Fabric), follow the procedure in the remediation steps.
which was to install the Log Analytics agent extension (in my case for Linux). The extension was installed properly and I can see it in the portal in the VMSS resource.
My understanding is that this should result in the agent collecting some logs. Is there a place where I can find them? The page linked above refers to Performance Counters of Service Fabric, which I don't believe applies to my case.
Are the logs visible in the Log Analytics workspace? If so, what should be the query? Do I have to install Insights as well to see any actual logs/metrics?
英文:
I've followed the manual remediation for the following recommendation from Microsoft Defender For Cloud regarding Virtual Machine Scale Set:
> Log Analytics agent should be installed on virtual machine scale sets
> Defender for Cloud collects data from your Azure virtual machines
> (VMs) to monitor for security vulnerabilities and threats. Data is
> collected using the Log Analytics agent, formerly known as the
> Microsoft Monitoring Agent (MMA), which reads various security-related
> configurations and event logs from the machine and copies the data to
> your workspace for analysis. You'll also need to follow that procedure
> if your VMs are used by an Azure managed service such as Azure
> Kubernetes Service or Azure Service Fabric. You cannot configure
> auto-provisioning of the agent for Azure virtual machine scale sets.
> To deploy the agent on virtual machine scale sets (including those
> used by Azure managed services such as Azure Kubernetes Service and
> Azure Service Fabric), follow the procedure in the remediation steps.
which was to install the Log Analytics agent extension (in my case for Linux). The extension was installed properly and I can see it in the portal in the VMSS resource.
My understanding is that this should result in the agent collecting some logs. Is there a place where I can find them? The page linked above refers to Performance Counters of Service Fabric, which I don't believe applies to my case.
Are the logs visible in the Log Analytics workspace? If so, what should be the query?
Do I have to install Insights as well to see any actual logs/metrics?
答案1
得分: 2
日志可在 Log Analytics 工作区中查看。以下是示例的心跳查询:
Heartbeat
| where OSType == 'Linux'
| where Category != 'Azure Monitor Agent'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| render table
我们已经下载了代理程序并在 Linux VMSS 上进行安装。
Log Analytics 工作区中的日志:
英文:
> Are the logs visible in Log Analytics workspace? If so, what should be
> the query? Do I have to install Insights as well to see any actual
> logs/metrics?
The logs are visible in Log Analytics workspace.
Sample Heartbeat Query
Heartbeat
| where OSType == 'Linux'
| where Category != 'Azure Monitor Agent'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| render table
We downloaded the agent and installed it on Linux VMSS.
Logs in Log Analytics Workspace
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论