Should I be using Log Analytics Workspace or Diagnostics into a storage account?

Garry Robertson 1 Reputation point
2021-02-17T15:56:15.307+00:00

What is the best method for bringing back log files/diagnostic data from Azure virtual machines?
Should I use a log analytics workspace?
From here i can get iis logs/perf counters/Windows event logs.....but no security event logs!

Does the diagnostics extension give me the same data?

Garry

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,992 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,523 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lucas Camargo Reis 86 Reputation points
    2021-02-19T14:32:51.39+00:00

    Hi @Garry Robertson ,

    Answering your questions:

    1. Log Files: You need to use a Log Analytics to store you log files in a Log Analytics workspaces
    2. Diagnostics: You need to install a guest agent (Azure Diagnostic Extension).
    3. The security event log is automatically added when adding the monitoring agent on the vm, see the follow image: 70141-sem-titulo.png

    To have a full monitor in yours Azure VM Microsoft recomend that you use all features available in Azure Monitor, for this you can find more information on this link: https://learn.microsoft.com/en-us/azure/azure-monitor/vm/monitor-vm-azure

    In summary

    By default just metrics by the virtualization host are available to see more metrics and collect more informations you need to install agents, like:

    • Log Analytics agent: collect logs and send data to a Log Analytics Workspaces
    • Dependency agent: collect data about the processes running on the virtual machine and their dependencies.
    • Azure Diagnostic Extension: collect guest performance data, like memory metrics.
    • Telegraf agent: collect performance data from Linux VMs.
    0 comments No comments