Windows diagnostics extension schema
Azure Diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system and workloads of Azure compute resources. This article details the schema used for configuration of the diagnostics extension on Windows virtual machines and other compute resources.
Note
The schema in this article is valid for versions 1.3 and newer (Azure SDK 2.4 and newer). Newer configuration sections are commented to show in what version they were added. Version 1.0 and 1.2 of the schema have been archived and no longer available.
Public configuration file schema
Download the public configuration file schema definition by executing the following PowerShell command:
(Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNamespace 'Microsoft.Azure.Diagnostics').PublicConfigurationSchema | Out-File –Encoding utf8 -FilePath 'C:\temp\WadConfig.xsd'
Common Attribute Types
scheduledTransferPeriod attribute appears in several elements. It is the interval between scheduled transfers to storage rounded up to the nearest minute. The value is an XML “Duration Data Type.”
DiagnosticsConfiguration Element
Tree: Root - DiagnosticsConfiguration
Added in version 1.3.
The top-level element of the diagnostics configuration file.
Attribute xmlns - The XML namespace for the diagnostics configuration file is:
http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration
Child Elements | Description |
---|---|
PublicConfig | Required. See description elsewhere on this page. |
PrivateConfig | Optional. See description elsewhere on this page. |
IsEnabled | Boolean. See description elsewhere on this page. |
PublicConfig Element
Tree: Root - DiagnosticsConfiguration - PublicConfig
Describes the public diagnostics configuration.
Child Elements | Description |
---|---|
WadCfg | Required. See description elsewhere on this page. |
StorageAccount | The name of the Azure Storage account to store the data in. May also be specified as a parameter when executing the Set-AzureServiceDiagnosticsExtension cmdlet. |
StorageType | Can be Table, Blob, or TableAndBlob. Table is default. When TableAndBlob is chosen, diagnostic data is written twice -- once to each type. |
LocalResourceDirectory | The directory on the virtual machine where the Monitoring Agent stores event data. If not, set, the default directory is used: For a Worker/web role: C:\Resources\<guid>\directory\<guid>.<RoleName.DiagnosticStore\ For a Virtual Machine: C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\<WADVersion>\WAD<WADVersion> Required attributes are: - path - The directory on the system to be used by Azure Diagnostics. - expandEnvironment - Controls whether environment variables are expanded in the path name. |
WadCFG Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG
Identifies and configures the telemetry data to be collected.
DiagnosticMonitorConfiguration Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration
Required
Attributes | Description |
---|---|
overallQuotaInMB | The maximum amount of local disk space that may be consumed by the various types of diagnostic data collected by Azure Diagnostics. The default setting is 4096 MB. |
useProxyServer | Configure Azure Diagnostics to use the proxy server settings as set in Internet Explorer settings. |
sinks | Added in 1.5. Optional. Points to a sink location to also send diagnostic data for all child elements that support sinks. Sink example is Application Insights or Event Hubs. Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID. |
Child Elements | Description |
---|---|
CrashDumps | See description elsewhere on this page. |
DiagnosticInfrastructureLogs | Enable collection of logs generated by Azure Diagnostics. The diagnostic infrastructure logs are useful for troubleshooting the diagnostics system itself. Optional attributes are: - scheduledTransferLogLevelFilter - Configures the minimum severity level of the logs collected. - scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. The value is an XML “Duration Data Type.” |
Directories | See description elsewhere on this page. |
EtwProviders | See description elsewhere on this page. |
Metrics | See description elsewhere on this page. |
PerformanceCounters | See description elsewhere on this page. |
WindowsEventLog | See description elsewhere on this page. |
DockerSources | See description elsewhere on this page. |
CrashDumps Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - CrashDumps
Enable the collection of crash dumps.
Attributes | Description |
---|---|
containerName | Optional. The name of the blob container in your Azure Storage account to be used to store crash dumps. |
crashDumpType | Optional. Configures Azure Diagnostics to collect mini or full crash dumps. |
directoryQuotaPercentage | Optional. Configures the percentage of overallQuotaInMB to be reserved for crash dumps on the VM. |
Child Elements | Description |
---|---|
CrashDumpConfiguration | Required. Defines configuration values for each process. The following attribute is also required: processName - The name of the process you want Azure Diagnostics to collect a crash dump for. |
Directories Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories
Enables the collection of the contents of a directory, IIS failed access request logs and/or IIS logs.
Optional scheduledTransferPeriod attribute. See explanation earlier.
Child Elements | Description |
---|---|
IISLogs | Including this element in the configuration enables the collection of IIS logs: containerName - The name of the blob container in your Azure Storage account to be used to store the IIS logs. |
FailedRequestLogs | Including this element in the configuration enables collection of logs about failed requests to an IIS site or application. You must also enable tracing options under system.WebServer in Web.config. |
DataSources | A list of directories to monitor. |
DataSources Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSources
A list of directories to monitor.
Child Elements | Description |
---|---|
DirectoryConfiguration | Required. Required attribute: containerName - The name of the blob container in your Azure Storage account that to be used to store the log files. |
DirectoryConfiguration Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSources - DirectoryConfiguration
May include either the Absolute or LocalResource element but not both.
Child Elements | Description |
---|---|
Absolute | The absolute path to the directory to monitor. The following attributes are required: - Path - The absolute path to the directory to monitor. - expandEnvironment - Configures whether environment variables in Path are expanded. |
LocalResource | The path relative to a local resource to monitor. Required attributes are: - Name - The local resource that contains the directory to monitor - relativePath - The path relative to Name that contains the directory to monitor |
EtwProviders Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders
Configures collection of ETW events from EventSource and/or ETW Manifest based providers.
Child Elements | Description |
---|---|
EtwEventSourceProviderConfiguration | Configures collection of events generated from EventSource Class. Required attribute: provider - The class name of the EventSource event. Optional attributes are: - scheduledTransferLogLevelFilter - The minimum severity level to transfer to your storage account. - scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. The value is an XML “Duration Data Type.” |
EtwManifestProviderConfiguration | Required attribute: provider - The GUID of the event provider Optional attributes are: - scheduledTransferLogLevelFilter - The minimum severity level to transfer to your storage account. - scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. The value is an XML “Duration Data Type.” |
EtwEventSourceProviderConfiguration Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders- EtwEventSourceProviderConfiguration
Configures collection of events generated from EventSource Class.
Child Elements | Description |
---|---|
DefaultEvents | Optional attribute: eventDestination - The name of the table to store the events in |
Event | Required attribute: id - The id of the event. Optional attribute: eventDestination - The name of the table to store the events in |
EtwManifestProviderConfiguration Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders - EtwManifestProviderConfiguration
Child Elements | Description |
---|---|
DefaultEvents | Optional attribute: eventDestination - The name of the table to store the events in |
Event | Required attribute: id - The id of the event. Optional attribute: eventDestination - The name of the table to store the events in |
Metrics Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Metrics
Enables you to generate a performance counter table that is optimized for fast queries. Each performance counter that is defined in the PerformanceCounters element is stored in the Metrics table in addition to the Performance Counter table.
The resourceId attribute is required. The resource ID of the Virtual Machine or Virtual Machine Scale Set you are deploying Azure Diagnostics to. Get the resourceID from the Azure portal. Select Browse -> Resource Groups -> <Name>. Click the Properties tile and copy the value from the ID field. This resourceID property is used for both sending custom metrics and for adding a resourceID property to data sent to Event Hubs. Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID.
Child Elements | Description |
---|---|
MetricAggregation | Required attribute: scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. The value is an XML “Duration Data Type.” |
PerformanceCounters Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - PerformanceCounters
Enables the collection of performance counters.
Optional attribute:
Optional scheduledTransferPeriod attribute. See explanation earlier.
Child Element | Description |
---|---|
PerformanceCounterConfiguration | The following attributes are required: - counterSpecifier - The name of the performance counter. For example, \Processor(_Total)\% Processor Time . To get a list of performance counters on your host, run the command typeperf .- sampleRate - How often the counter should be sampled. Optional attribute: unit - The unit of measure of the counter. Values are available at UnitType Class |
sinks | Added in 1.5. Optional. Points to a sink location to also send diagnostic data. For example, Azure Monitor or Event Hubs. Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID. |
WindowsEventLog Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - WindowsEventLog
Enables the collection of Windows Event Logs.
Optional scheduledTransferPeriod attribute. See explanation earlier.
Child Element | Description |
---|---|
DataSource | The Windows Event logs to collect. Required attribute: name - The XPath query describing the Windows events to be collected. For example: Application!*[System[(Level <=3)]], System!*[System[(Level <=3)]], System!*[System[Provider[@Name='Microsoft Antimalware']]], Security!*[System[(Level <= 3)] To collect all events, specify "*" |
sinks | Added in 1.5. Optional. Points to a sink location to also send diagnostic data for all child elements that support sinks. Sink example is Application Insights or Event Hubs. |
Logs Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Logs
Present in version 1.0 and 1.1. Missing in 1.2. Added back in 1.3.
Defines the buffer configuration for basic Azure logs.
Attribute | Type | Description |
---|---|---|
bufferQuotaInMB | unsignedInt | Optional. Specifies the maximum amount of file system storage that is available for the specified data. The default is 0. |
scheduledTransferLogLevelFilter | string | Optional. Specifies the minimum severity level for log entries that are transferred. The default value is Undefined, which transfers all logs. Other possible values (in order of most to least information) are Verbose, Information, Warning, Error, and Critical. |
scheduledTransferPeriod | duration | Optional. Specifies the interval between scheduled transfers of data, rounded up to the nearest minute. The default is PT0S. |
sinks | string | Added in 1.5. Optional. Points to a sink location to also send diagnostic data. For example, Application Insights or Event Hubs. Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID. |
DockerSources
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - DockerSources
Added in 1.9.
Element Name | Description |
---|---|
Stats | Tells the system to collect stats for Docker containers |
SinksConfig Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig
A list of locations to send diagnostics data to and the configuration associated with those locations.
Element Name | Description |
---|---|
Sink | See description elsewhere on this page. |
Sink Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink
Added in version 1.5.
Defines locations to send diagnostic data to. For example, the Application Insights service.
Attribute | Type | Description |
---|---|---|
name | string | A string identifying the sinkname. |
Element | Type | Description |
---|---|---|
Application Insights | string | Used only when sending data to Application Insights. Contain the Instrumentation Key for an active Application Insights account that you have access to. |
Channels | string | One for each additional filtering that stream that you |
Channels Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - Channels
Added in version 1.5.
Defines filters for streams of log data passing through a sink.
Element | Type | Description |
---|---|---|
Channel | string | See description elsewhere on this page. |
Channel Element
Tree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - Channels - Channel
Added in version 1.5.
Defines locations to send diagnostic data to. For example, the Application Insights service.
Attributes | Type | Description |
---|---|---|
logLevel | string | Specifies the minimum severity level for log entries that are transferred. The default value is Undefined, which transfers all logs. Other possible values (in order of most to least information) are Verbose, Information, Warning, Error, and Critical. |
name | string | A unique name of the channel to refer to |
PrivateConfig Element
Tree: Root - DiagnosticsConfiguration - PrivateConfig
Added in version 1.3.
Optional
Stores the private details of the storage account (name, key, and endpoint). This information is sent to the virtual machine, but cannot be retrieved from it.
Child Elements | Description |
---|---|
StorageAccount | The storage account to use. The following attributes are required - name - The name of the storage account. - key - The key to the storage account. - endpoint - The endpoint to access the storage account. -sasToken (added 1.8.1)- You can specify an SAS token instead of a storage account key in the private config. If provided, the storage account key is ignored. Requirements for the SAS Token: - Supports account SAS token only - b, t service types are required. - a, c, u, w permissions are required. - c, o resource types are required. - Supports the HTTPS protocol only - Start and expiry time must be valid. |
IsEnabled Element
Tree: Root - DiagnosticsConfiguration - IsEnabled
Boolean. Use true
to enable the diagnostics or false
to disable the diagnostics.
Example configuration
Following is a complete sample configuration for Windows diagnostics extension shown in both JSON and XML.
JSON
The PublicConfig and PrivateConfig are separated because in most JSON usage cases, they are passed as different variables. These cases include Resource Manager templates, PowerShell, and Visual Studio.
Note
The public config Azure Monitor sink definition has two properties, resourceId and region. These are only required for Classic VMs and Classic Cloud services. The region property should not be used for other resources, the resourceId property is used on ARM VMs to populate the resourceID field in logs uploaded to Event Hubs.
"PublicConfig" {
"WadCfg": {
"DiagnosticMonitorConfiguration": {
"overallQuotaInMB": 10000,
"DiagnosticInfrastructureLogs": {
"scheduledTransferLogLevelFilter": "Error"
},
"PerformanceCounters": {
"scheduledTransferPeriod": "PT1M",
"sinks": "AzureMonitorSink",
"PerformanceCounterConfiguration": [
{
"counterSpecifier": "\\Processor(_Total)\\% Processor Time",
"sampleRate": "PT1M",
"unit": "percent"
}
]
},
"Directories": {
"scheduledTransferPeriod": "PT5M",
"IISLogs": {
"containerName": "iislogs"
},
"FailedRequestLogs": {
"containerName": "iisfailed"
},
"DataSources": [
{
"containerName": "mynewprocess",
"Absolute": {
"path": "C:\\MyNewProcess",
"expandEnvironment": false
}
},
{
"containerName": "badapp",
"Absolute": {
"path": "%SYSTEMDRIVE%\\BadApp",
"expandEnvironment": true
}
},
{
"containerName": "goodapp",
"LocalResource": {
"relativePath": "..\\PeanutButter",
"name": "Skippy"
}
}
]
},
"EtwProviders": {
"sinks": "",
"EtwEventSourceProviderConfiguration": [
{
"scheduledTransferPeriod": "PT5M",
"provider": "MyProviderClass",
"Event": [
{
"id": 0
},
{
"id": 1,
"eventDestination": "errorTable"
}
],
"DefaultEvents": {
}
}
],
"EtwManifestProviderConfiguration": [
{
"scheduledTransferPeriod": "PT2M",
"scheduledTransferLogLevelFilter": "Information",
"provider": "5974b00b-84c2-44bc-9e58-3a2451b4e3ad",
"Event": [
{
"id": 0
}
],
"DefaultEvents": {
}
}
]
},
"WindowsEventLog": {
"scheduledTransferPeriod": "PT5M",
"DataSource": [
{
"name": "System!*[System[Provider[@Name='Microsoft Antimalware']]]"
},
{
"name": "System!*[System[Provider[@Name='NTFS'] and (EventID=55)]]"
},
{
"name": "System!*[System[Provider[@Name='disk'] and (EventID=7 or EventID=52 or EventID=55)]]"
}
]
},
"Logs": {
"scheduledTransferPeriod": "PT1M",
"scheduledTransferLogLevelFilter": "Verbose",
"sinks": "ApplicationInsights.AppLogs"
},
"CrashDumps": {
"directoryQuotaPercentage": 30,
"dumpType": "Mini",
"containerName": "wad-crashdumps",
"CrashDumpConfiguration": [
{
"processName": "mynewprocess.exe"
},
{
"processName": "badapp.exe"
}
]
}
},
"SinksConfig": {
"Sink": [
{
"name": "AzureMonitorSink",
"AzureMonitor":
{
"ResourceId": "{insert resourceId if a classic VM or cloud service, else property not needed}",
"Region": "{insert Azure region of resource if a classic VM or cloud service, else property not needed}"
}
},
{
"name": "ApplicationInsights",
"ApplicationInsights": "{Insert InstrumentationKey}",
"Channels": {
"Channel": [
{
"logLevel": "Error",
"name": "Errors"
},
{
"logLevel": "Verbose",
"name": "AppLogs"
}
]
}
},
{
"name": "EventHub",
"EventHub": {
"Url": "https://myeventhub-ns.servicebus.windows.net/diageventhub",
"SharedAccessKeyName": "SendRule",
"usePublisherId": false
}
},
{
"name": "secondaryEventHub",
"EventHub": {
"Url": "https://myeventhub-ns.servicebus.windows.net/secondarydiageventhub",
"SharedAccessKeyName": "SendRule",
"usePublisherId": false
}
},
{
"name": "secondaryStorageAccount",
"StorageAccount": {
"name": "secondarydiagstorageaccount",
"endpoint": "https://core.windows.net"
}
}
]
}
},
"StorageAccount": "diagstorageaccount",
"StorageType": "TableAndBlob"
}
Note
The private config Azure Monitor sink definition has two properties, PrincipalId and Secret. These are only required for Classic VMs and Classic Cloud services. These properties should not be used for other resources.
"PrivateConfig" {
"storageAccountName": "diagstorageaccount",
"storageAccountKey": "{base64 encoded key}",
"storageAccountEndPoint": "https://core.windows.net",
"storageAccountSasToken": "{sas token}",
"EventHub": {
"Url": "https://myeventhub-ns.servicebus.windows.net/diageventhub",
"SharedAccessKeyName": "SendRule",
"SharedAccessKey": "{base64 encoded key}"
},
"AzureMonitorAccount": {
"ServicePrincipalMeta": {
"PrincipalId": "{Insert service principal client Id}",
"Secret": "{Insert service principal client secret}"
}
},
"SecondaryStorageAccounts": {
"StorageAccount": [
{
"name": "secondarydiagstorageaccount",
"key": "{base64 encoded key}",
"endpoint": "https://core.windows.net",
"sasToken": "{sas token}"
}
]
},
"SecondaryEventHubs": {
"EventHub": [
{
"Url": "https://myeventhub-ns.servicebus.windows.net/secondarydiageventhub",
"SharedAccessKeyName": "SendRule",
"SharedAccessKey": "{base64 encoded key}"
}
]
}
}
XML
<?xml version="1.0" encoding="utf-8"?>
<DiagnosticsConfiguration xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">
<PublicConfig>
<WadCfg>
<DiagnosticMonitorConfiguration overallQuotaInMB="10000">
<PerformanceCounters scheduledTransferPeriod="PT1M" sinks="AzureMonitorSink">
<PerformanceCounterConfiguration counterSpecifier="\Processor(_Total)\% Processor Time" sampleRate="PT1M" unit="percent" />
</PerformanceCounters>
<Directories scheduledTransferPeriod="PT5M">
<IISLogs containerName="iislogs" />
<FailedRequestLogs containerName="iisfailed" />
<DataSources>
<DirectoryConfiguration containerName="mynewprocess">
<Absolute path="C:\MyNewProcess" expandEnvironment="false" />
</DirectoryConfiguration>
<DirectoryConfiguration containerName="badapp">
<Absolute path="%SYSTEMDRIVE%\BadApp" expandEnvironment="true" />
</DirectoryConfiguration>
<DirectoryConfiguration containerName="goodapp">
<LocalResource name="Skippy" relativePath="..\PeanutButter"/>
</DirectoryConfiguration>
</DataSources>
</Directories>
<EtwProviders>
<EtwEventSourceProviderConfiguration
provider="MyProviderClass"
scheduledTransferPeriod="PT5M">
<Event id="0"/>
<Event id="1" eventDestination="errorTable"/>
<DefaultEvents />
</EtwEventSourceProviderConfiguration>
<EtwManifestProviderConfiguration provider="5974b00b-84c2-44bc-9e58-3a2451b4e3ad" scheduledTransferLogLevelFilter="Information" scheduledTransferPeriod="PT2M">
<Event id="0"/>
<DefaultEvents eventDestination="defaultTable"/>
</EtwManifestProviderConfiguration>
</EtwProviders>
<WindowsEventLog scheduledTransferPeriod="PT5M">
<DataSource name="System!*[System[Provider[@Name='Microsoft Antimalware']]]"/>
<DataSource name="System!*[System[Provider[@Name='NTFS'] and (EventID=55)]]" />
<DataSource name="System!*[System[Provider[@Name='disk'] and (EventID=7 or EventID=52 or EventID=55)]]" />
</WindowsEventLog>
<Logs bufferQuotaInMB="1024"
scheduledTransferPeriod="PT1M"
scheduledTransferLogLevelFilter="Verbose"
sinks="ApplicationInsights.AppLogs"/> <!-- sinks attribute added in 1.5 -->
<CrashDumps containerName="wad-crashdumps" directoryQuotaPercentage="30" dumpType="Mini">
<CrashDumpConfiguration processName="mynewprocess.exe" />
<CrashDumpConfiguration processName="badapp.exe"/>
</CrashDumps>
<DockerSources> <!-- Added in 1.9 -->
<Stats enabled="true" sampleRate="PT1M" scheduledTransferPeriod="PT1M" />
</DockerSources>
</DiagnosticMonitorConfiguration>
<SinksConfig> <!-- Added in 1.5 -->
<Sink name="AzureMonitorSink">
<AzureMonitor> <!-- Added in 1.11 -->
<resourceId>{insert resourceId}</ResourceId> <!-- Parameter only needed for classic VMs and Classic Cloud Services, exclude VMSS and Resource Manager VMs-->
<Region>{insert Azure region of resource}</Region> <!-- Parameter only needed for classic VMs and Classic Cloud Services, exclude VMSS and Resource Manager VMs -->
</AzureMonitor>
</Sink>
<Sink name="ApplicationInsights">
<ApplicationInsights>{Insert InstrumentationKey}</ApplicationInsights>
<Channels>
<Channel logLevel="Error" name="Errors" />
<Channel logLevel="Verbose" name="AppLogs" />
</Channels>
</Sink>
<Sink name="EventHub"> <!-- Added in 1.7 -->
<EventHub Url="https://myeventhub-ns.servicebus.windows.net/diageventhub" SharedAccessKeyName="SendRule" usePublisherId="false" />
</Sink>
<Sink name="secondaryEventHub"> <!-- Added in 1.7 -->
<EventHub Url="https://myeventhub-ns.servicebus.windows.net/secondarydiageventhub" SharedAccessKeyName="SendRule" usePublisherId="false" />
</Sink>
<Sink name="secondaryStorageAccount"> <!-- Added in 1.7 -->
<StorageAccount name="secondarydiagstorageaccount" endpoint="https://core.windows.net" />
</Sink>
</SinksConfig>
</WadCfg>
<StorageAccount>diagstorageaccount</StorageAccount>
<StorageType>TableAndBlob</StorageType> <!-- Added in 1.8 -->
</PublicConfig>
<PrivateConfig> <!-- Added in 1.3 -->
<StorageAccount name="" key="" endpoint="" sasToken="{sas token}" /> <!-- sasToken in Private config added in 1.8.1 -->
<EventHub Url="https://myeventhub-ns.servicebus.windows.net/diageventhub" SharedAccessKeyName="SendRule" SharedAccessKey="{base64 encoded key}" />
<AzureMonitorAccount>
<ServicePrincipalMeta> <!-- Added in 1.11; only needed for classic VMs and Classic cloud services -->
<PrincipalId>{Insert service principal clientId}</PrincipalId>
<Secret>{Insert service principal client secret}</Secret>
</ServicePrincipalMeta>
</AzureMonitorAccount>
<SecondaryStorageAccounts>
<StorageAccount name="secondarydiagstorageaccount" key="{base64 encoded key}" endpoint="https://core.windows.net" sasToken="{sas token}" />
</SecondaryStorageAccounts>
<SecondaryEventHubs>
<EventHub Url="https://myeventhub-ns.servicebus.windows.net/secondarydiageventhub" SharedAccessKeyName="SendRule" SharedAccessKey="{base64 encoded key}" />
</SecondaryEventHubs>
</PrivateConfig>
<IsEnabled>true</IsEnabled>
</DiagnosticsConfiguration>
Note
The public config Azure Monitor sink definition has two properties, resourceId and region. These are only required for Classic VMs and Classic Cloud services. These properties should not be used for Resource Manager Virtual Machines or Virtual Machine Scale sets. There is also an additional Private Config element for the Azure Monitor sink, that passes in a Principal Id and Secret. This is only required for Classic VMs and Classic Cloud Services. For Resource Manager VMs and VMSS the Azure Monitor definition in the private config element can be excluded.