Hi @Garry Robertson ,
Answering your questions:
- Log Files: You need to use a Log Analytics to store you log files in a Log Analytics workspaces
- Diagnostics: You need to install a guest agent (Azure Diagnostic Extension).
- The security event log is automatically added when adding the monitoring agent on the vm, see the follow image:
To have a full monitor in yours Azure VM Microsoft recomend that you use all features available in Azure Monitor, for this you can find more information on this link: https://learn.microsoft.com/en-us/azure/azure-monitor/vm/monitor-vm-azure
In summary
By default just metrics by the virtualization host are available to see more metrics and collect more informations you need to install agents, like:
- Log Analytics agent: collect logs and send data to a Log Analytics Workspaces
- Dependency agent: collect data about the processes running on the virtual machine and their dependencies.
- Azure Diagnostic Extension: collect guest performance data, like memory metrics.
- Telegraf agent: collect performance data from Linux VMs.