On-Premises Server Monitoring with Azure Log Analytics
Leverage the power of Azure's monitoring agents to keep a vigilant eye on your servers.
When it comes to maintaining server health, metrics are everything. If you have resources in Azure, you'll no doubt be familiar with the multitude of solutions available to monitor key metrics for Azure resources. Many of our clients maintain hybrid estates, and with this in mind we knew we wanted a solution to bring cloud monitoring to their on-premises environments.
Introducing the Azure Log Analytics Agent
The Log Analytics agent was developed to collect telemetry from Windows or Linux machines in the cloud or on-premises, sending data to a Log Analytics workspace. The agent itself comes at no cost, pricing is determined by the amount of data ingested into the Log Analytics workspace it connects to.
As well as directly sending data from a given server to a Log Analytics workspace, If you are managing your machines using Systems Center Operations Manager the agent provides the option of assigning the agent to monitor a management group which in turn sends the data to the workspace defined.
How to Connect On-Premises Servers to Log Analytics
To begin, you'll need to configure a Log Analytics workspace within Azure. Search the Azure Marketplace for Microsoft's Log Analytics Workspace offering and configure the resource according to Azure's or your business's conventions. We recommend starting with the Pay-as-you-go pricing tier, so you pay per GB of data ingested.
Once the workspace has been created, head to the resource and navigate to the Agents management page. From here you'll be able to download the agent according to your OS and processer type. Keep this page open as you'll use it when configuring the agent.
Once downloaded, work through the installation wizard to install as appropriate for your environment. As we are not associating this agent with SCOM, we configured ours to send directly to the Log Analytics agent.
You'll be prompted to enter our workspace ID and key; these will be available on the Agents management page in Azure you kept open from earlier.
Shortly after the agent has been successfully installed and associated with your workspace, you'll receive some affirmation within the Agents management page of your Log Analytics workspace.
Hitting the go to logs link runs a simple Kusto query that provides details on the servers detected.
Heartbeat | where OSType == 'Windows' | summarize arg_max(TimeGenerated, *) by SourceComputerId | sort by Computer | render table
Configuring the Log Analytics Agent
With our agent connected, you'll now want to refine the data ingested from your server to the workspace. To do so, navigate to the Agents configuration page within the workspace, which presents you with a tab for each data source. Within each tab you have additional granularity; Event logs allow you to select different log types and severities, while performance counters grant the option to define the frequency of collection.
The range of performance counters and logs that the agent provides is expansive, and while it may be tempting to switch everything on, it's worth noting that the costs for this service are determined by the volume of data you ingest into the Log Analytics workspace.
We recommend performing an initial analysis to determine what counters and logs are important to you, and in turn these can be added to the configuration. If you're wary of the data ingestion costs, you can configure a daily cap for ingestion within the Usage and estimated costs page of the Log Analytics resource.
Using Log Analytics Data for Reporting and Alerting
With an established continual flow of on-premises metrics to your Azure estate, there's now a whole host of solutions at your fingertips to put this data to use. You can begin to configure alert rules against the Log Analytics workspace to be notified of health issues, integrate into Azure Dashboards for a unified real-time overview of the server or even stream logs to Power BI for analytics and reporting.
Azure Monitoring Agent and Azure Arc
There are some promising updates on the horizon from Microsoft to further strengthen these links between Azure and on-premises environments. As of the time of writing, An Azure Monitoring agent has just left public preview to become generally available. This aims to replace the Log Analytics agent, consolidating some of the extensions available to the Log Analytics agent into a single client application.
This is certainly something to keep an eye on, however when considering this agent comparison table there's a few caveats:
- The current scope of data sources available to the Azure Monitoring agent doesn't cover nearly as extensive a range as the Log Analytics agent.
- For on-premises servers, the Azure Monitoring Agent is dependent on Azure Arc being setup, which adds an additional service to consider and configure.
Given these points, we're continuing use of the Log Analytics agent for on-premises without Azure Arc for now, but we're keeping an eye on this new addition as it expands it's functionality.
Here’s what we've been up to recently.
xTEN is now Cyber Essentials Plus certified
At xTEN security is a priority. Recently taken over by the IASME consortium (as of 1 April 2020), the Cyber Essentials certification consists of a self-assessment of 5 basic security controls which is then verified by a qualified assessor.