Edit

Share via

Monitor and alert with LoadBalancerHealthEvent logs

  • Article

In this article, you learn how to monitor and alert with Azure Load Balancer health event logs. These logs can help you identify and troubleshoot ongoing issues affecting your load balancer resource’s health. The health event logs are provided through the Azure Monitor resource log category LoadBalancerHealthEvent.

Important

LoadBalancerHealthEvent logs for Azure Load Balancer is currently in Preview and is available in all Azure public regions. While in Preview, the log structure, event types, publishing behavior, and other aspects of this feature may change in response to feedback.

This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

Prerequisites

Configuring diagnostic settings to collect LoadBalancerHealthEvent logs

In this section, you learn configure diagnostic settings to collect LoadBalancerHealthEvent logs and store the logs in a log analytics workspace.

Important

We recommend sending your logs to a Log Analytics workspace, which will enable you to control access, log data retention and archive settings, and more. To learn more about configuring Log Analytics workspaces, see Log Analytics workspace overview - Azure Monitor.

  1. In the Azure portal, navigate to your load balancer resource.

  2. From your load balancer resource's Overview page, choose Monitoring > Diagnostic settings.

    Screenshot of diagnostic settings window in Azure portal.

  3. Select + Add diagnostic setting.

  4. In the Diagnostic setting window, select or enter the following settings:

    Setting Value
    Diagnostic setting name Enter a name for the diagnostic setting.
    Logs
    Category Groups Select LoadBalancerHealthEvent or Load Balancer Health Event.
    Metrics Leave unchecked.
    Destination details Select Send to Log Analytics workspace.
    Select your subscription and your Log Analytics workspace.

    Note

    Selecting AllLogs will result in all new log categories for load balancer resources to be automatically collected as they are supported. If you don't want this option, select only the log categories you want to collect. In this case, Load Balancer Health Event logs.

    Screenshot of diagnostic settings configuration page configure for allLogs and log analytics workspace.

  5. Select Save and close the Diagnostic setting window.

Note

Once your diagnostic setting has been configured, it can take up to 90 minutes for logs to begin appearing. If there are no health events affecting your load balancer, you may not see any logs.

Configure a log query

In this section, you learn how to query LoadBalancerHealthEvent logs in a Log Analytics workspace. In this example, you query for the latest SnatPortExhaustion health events from the last day, and summarize the events by the load balancer’s resource IDs and frontend IP configurations.

  1. In the Azure portal, navigate to your load balancer resource.

  2. From your load balancer resource’s Overview page, choose Monitoring > Logs.

  3. In the Queries window, enter Latest SNAT Port in the search bar.

  4. From the results, select Load to editor under Latest SNAT Port Exhaustion per LB Frontend.

    Screenshot of Queries window performing search for built-in query.

  5. The following code is displayed in the query editor:

        // Latest Snat Port Exhaustion Per LB Frontend 
    // List the latest SNAT port exhaustion event per load balancer Frontend IP 
    ALBHealthEvent
    | where TimeGenerated > ago(1d)
    | where HealthEventType == "SnatPortExhaustion"
    | summarize arg_max(TimeGenerated, *) by LoadBalancerResourceId, FrontendIP

    Screenshot of query editor with SNAT port exhaustion kusto query.

  6. Select Run to execute the query.

  7. If you want to modify and save the query, make your query changes and select Save>Save as query.

  8. In the Save a query window, enter a name for the query, other optional information, and select Save.

    Screenshot of Save a query window.

Create alerts based on LoadBalancerHealthEvent logs

In this section, you learn how to create an alert that sends an email whenever a SnatPortExhaustion event is logged within the past 5 minutes. You can create alerts based on log queries to be notified immediately when health event logs are generated, indicating potential impact to your load balancer resource.

  1. In the Azure portal, navigate to your load balancer resource.

  2. From your load balancer resource’s Overview page, choose Monitoring > Alerts.

  3. On the Alerts page, select Create customer alert rule.

  4. On the Create an alert rule page, choose Custom log search under Signal name.

  5. In the Logs window for Log Analytics, enter the following query and select Run:

        ALBHealthEvent
    | where TimeGenerated > ago(5m)
    | where HealthEventType == "SnatPortExhaustion"
    | summarize arg_max(TimeGenerated, *) by LoadBalancerResourceId, FrontendIP

    Screenshot of Logs editor with query entered and run.

  6. Select Continue Editing Alert

  7. On the Conditions tab, set the Threshold value to 0 under Alert logic.

  8. Select Next: Actions> or the Actions tab.

  9. On the Select an action group page, select + Create action group.

  10. On the Basics tab, enter the following settings then select Next: Notifications:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select the resource group that contains your Log Analytics workspace.
    Region Select the region for the action group.
    Instance details
    Action group name Enter a name for the action group.
    Display name Enter a display name for the action group.

    Screenshot of Create action group window.

  11. On the Notifications tab, enter the following settings:

    Setting Value
    Notification type Select Email/SMS message/Push/Voice.
    Enter the email address to receive the alert.
    Select Ok.
    Name Enter a name for the notification.

    Screenshot of Notifications tab in Create action group window with email notification settings.

  12. Select Review + create then Create to create the action group.

  13. On the Create an alert rule page, select Next: Details or the Details tab.

  14. On the Details tab, enter the following settings:

  15. Setting Value
    Severity Select the severity level for the alert.
    Alert rule name Enter a name for the alert rule.
    Alert rule description Enter a description for the alert rule.
    Severity Select the severity level for the alert.
    Region Select the region for the alert rule.

    Screenshot of Details tab in Create an alert rule window.

  16. Select Review + create then Create to create the alert rule.

Next steps

In this article, you learned how to collect, analyze, and create alerts using these logs.

For more information about Azure Load Balancer health event logs and health event types, along with how to troubleshoot each health event type, see: