Share via

Azure Vm hour check

Anirban Sarkar 21 Reputation points
2022-08-13T14:55:33.657+00:00

How will I calculate or see the number of hours a user is using a VM in Azure?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,033 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 123.5K Reputation points MVP Volunteer Moderator
    2022-08-13T22:32:51.207+00:00

    Hi @Anirban Sarkar ,

    if this is your requirement:

    Like if a user is using a vm using rdp, how long is he/she using it until he shuts down the vm.

    Neither monitoring the network traffic nor monitoring the CPU workload helps to get the required details "which user is using the VM and how long".

    • The CPU workload doesn't provide any detail of the user or user's computer. If the user is just idling in the RDP session it's hard to detect by monitoring the CPU.
    • Monitoring the network traffic might give details about the IP of the user's computer. But even than it's not a reliable method to get the user details (start/end RDP session).

    I would suggest to get the login/logoff information from the Security Event Log of the VM.
    The EventID 4624 shows the successful logged on of a user, including the user name and the date/time details.
    EventID 4647 shows the user initiated the logoff, including the user name and the date/time details

    If you get both events it's possible to do the math how long a user was connected to the VM.

    With Azure Log Analytics it's possible to collect the Event Log information: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events
    The data can be queried in the Azure Log Analytics Workspace using Kusto:
    https://techcommunity.microsoft.com/t5/azure-observability/oms-query-for-ad-login-and-log-offs/m-p/162689

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.
  2. Mohammed Altamash Mohammed Suleman Khan 2,331 Reputation points
    2022-08-13T21:58:48.017+00:00

    Hi @Anirban Sarkar

    I have already answered this question in your last question . Kindly refer https://learn.microsoft.com/en-us/answers/questions/966324/azure-vm-rdp-issues.html

    You can use Azure VM Insights . Pretty sure when a user is using the Machine , it will have some CPU usage.

    231021-image.png

    -----------------If you find this answer helpful , Kindly accept the answer ------------

    0 comments
  3. risolis 8,741 Reputation points
    2022-08-13T22:11:12.533+00:00

    Hello @Anirban Sarkar

    Thank you for your post.

    Also, I really appreciate the great info gather from @Mohammed Altamash Mohammed Suleman Khan and @Andreas Baumgarten : )

    Now let me paste back part of the article that I was given previously so check this out below:

    It's vital to monitor, manage, and know your own network for uncompromised security, compliance, and performance. Knowing your own environment is of paramount importance to protect and optimize it. You often need to know the current state of the network, including the following information:
    Who is connecting to the network?
    Where are they connecting from?
    Which ports are open to the internet?
    What's the expected network behavior?
    Is there any irregular network behavior?
    Are there any sudden rises in traffic?

    URL is this one >>> https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

    Now on this case scenario, you might need some technology similar from what on-premises has been using which is:

    -IPFIX

    -Sampling

    -IPFLOW

    -Traffic collector

    -If you have any NVA(Network Virtual Appliance or Stateful firewall, you can use session-INIT and session-END at the end of each security rule which will be logging every time a session is started and ended up.

    -NSG using logging feature as well.

    -The last post made can be used as well as for complementing what you see on your traffic analysis.

    I hope this was useful to have a better understand of this.

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  4. Andreas Baumgarten 123.5K Reputation points MVP Volunteer Moderator
    2022-08-14T07:57:09.447+00:00

    Hi @Anirban Sarkar ,

    your requirement Like if a user is using a vm using rdp, how long is he/she using it until he shuts down the vm. -> Sounds for me you require the user information as well.

    If it's just "how many hours the VM was running per month", without user details it's easier. Please take a look here: https://techcommunity.microsoft.com/t5/azure-observability/azure-virtual-machine-runtime-calculation/m-p/191753

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.