On-Premises Server Monitoring with Azure Log Analytics

Leverage the power of Azure's monitoring agents to keep a vigilant eye on your servers.

Carl Mills
Carl Mills

Published Jun 2021

Share:
Azure Log Analytics Logo

When it comes to maintaining server health, metrics are everything. If you have resources in Azure, you'll no doubt be familiar with the multitude of solutions available to monitor key metrics for Azure resources. Many of our clients maintain hybrid estates, and with this in mind we knew we wanted a solution to bring cloud monitoring to their on-premises environments.


Introducing the Azure Log Analytics Agent

The Log Analytics agent was developed to collect telemetry from Windows or Linux machines in the cloud or on-premises, sending data to a Log Analytics workspace. The agent itself comes at no cost, pricing is determined by the amount of data ingested into the Log Analytics workspace it connects to.

As well as directly sending data from a given server to a Log Analytics workspace, If you are managing your machines using Systems Center Operations Manager the agent provides the option of assigning the agent to monitor a management group which in turn sends the data to the workspace defined.


How to Connect On-Premises Servers to Log Analytics

To begin, you'll need to configure a Log Analytics workspace within Azure. Search the Azure Marketplace for Microsoft's Log Analytics Workspace offering and configure the resource according to Azure's or your business's conventions. We recommend starting with the Pay-as-you-go pricing tier, so you pay per GB of data ingested.

Once the workspace has been created, head to the resource and navigate to the Agents management page. From here you'll be able to download the agent according to your OS and processer type. Keep this page open as you'll use it when configuring the agent.

Download Azure Log Analytics Agent

Once downloaded, work through the installation wizard to install as appropriate for your environment. As we are not associating this agent with SCOM, we configured ours to send directly to the Log Analytics agent.

Azure Log Analytics Agent Wizard

You'll be prompted to enter our workspace ID and key; these will be available on the Agents management page in Azure you kept open from earlier.

Azure Log Analytics Agent Wizard

Shortly after the agent has been successfully installed and associated with your workspace, you'll receive some affirmation within the Agents management page of your Log Analytics workspace.

Azure Log Analytics Computer Connected

Hitting the go to logs link runs a simple Kusto query that provides details on the servers detected.


    Heartbeat
    | where OSType == 'Windows'
    | summarize arg_max(TimeGenerated, *) by SourceComputerId
    | sort by Computer
    | render table

Configuring the Log Analytics Agent

With our agent connected, you'll now want to refine the data ingested from your server to the workspace. To do so, navigate to the Agents configuration page within the workspace, which presents you with a tab for each data source. Within each tab you have additional granularity; Event logs allow you to select different log types and severities, while performance counters grant the option to define the frequency of collection.

Azure Log Analytics Performance Counter Configuration

The range of performance counters and logs that the agent provides is expansive, and while it may be tempting to switch everything on, it's worth noting that the costs for this service are determined by the volume of data you ingest into the Log Analytics workspace.

We recommend performing an initial analysis to determine what counters and logs are important to you, and in turn these can be added to the configuration. If you're wary of the data ingestion costs, you can configure a daily cap for ingestion within the Usage and estimated costs page of the Log Analytics resource.


Power BI logo

Using Log Analytics Data for Reporting and Alerting

With an established continual flow of on-premises metrics to your Azure estate, there's now a whole host of solutions at your fingertips to put this data to use. You can begin to configure alert rules against the Log Analytics workspace to be notified of health issues, integrate into Azure Dashboards for a unified real-time overview of the server or even stream logs to Power BI for analytics and reporting.


Azure Monitoring Agent and Azure Arc

There are some promising updates on the horizon from Microsoft to further strengthen these links between Azure and on-premises environments. As of the time of writing, An Azure Monitoring agent has just left public preview to become generally available. This aims to replace the Log Analytics agent, consolidating some of the extensions available to the Log Analytics agent into a single client application.

This is certainly something to keep an eye on, however when considering this agent comparison table there's a few caveats:

  • The current scope of data sources available to the Azure Monitoring agent doesn't cover nearly as extensive a range as the Log Analytics agent.
  • For on-premises servers, the Azure Monitoring Agent is dependent on Azure Arc being setup, which adds an additional service to consider and configure.

Given these points, we're continuing use of the Log Analytics agent for on-premises without Azure Arc for now, but we're keeping an eye on this new addition as it expands it's functionality.

Carl Mills
Carl Mills

Published Jun 2021

Share: