WilleChristianIOBOPS2-7547 avatar image
0 Votes"
WilleChristianIOBOPS2-7547 asked WilleChristianIOBOPS2-7547 commented

Azure monitoring linux agent provisioning not triggered by az cli deployed data collection rule

We're deploying data collection rules to gather Performance counters and syslog messages from linux VMs. When we configure these rules via portal the Azure Monitor Linux agent extension is automatically provisioned on the VM and data is collected immediately, which is great. When we configure the exact same data collection rule and associate it to the VM via AZ cli, this automatic provisioning doesn't seem to be triggered. Here are the AZ cli commands:

 az monitor data-collection rule create --resource-group $RG_NAME --location $LOCATION --name $DCR_SYSLOG_NAME --data-flows destinations=$LOG_WORKSPACE_NAME streams="Microsoft-Syslog" --log-analytics name=$LOG_WORKSPACE_NAME resource-id="/subscriptions/$SUBSCRIPTION/resourceGroups/$RG_NAME/providers/Microsoft.OperationalInsights/workspaces/$LOG_WORKSPACE_NAME" --syslog name="SyslogDataSource" facility-names="local3" log-levels="*" streams="Microsoft-Syslog"   
 az monitor data-collection rule create --resource-group $RG_NAME --location $LOCATION --name $DCR_METRICS_NAME --data-flows destinations=$INSIGHTS_WORKSPACE_NAME streams="Microsoft-Perf" --log-analytics name=$INSIGHTS_WORKSPACE_NAME resource-id="/subscriptions/$SUBSCRIPTION/resourceGroups/$RG_NAME/providers/Microsoft.OperationalInsights/workspaces/$INSIGHTS_WORKSPACE_NAME" --performance-counters name="MetricsDataSource" counter-specifiers="\\Logical Disk(*)\\% Used Space" counter-specifiers="\\Memory(*)\\% Used Memory" counter-specifiers="\\Network(*)\\Total Collisions"  sampling-frequency="60" streams="Microsoft-Perf"   
 az monitor data-collection rule association create --name "DefaultSyslog" --rule-id $SYSLOGRULEID --resource $VMID   
 az monitor data-collection rule association create --name "DefaultMetrics" --rule-id $METRICSRULEID --resource $VMID   

In portal everything looks exactly the same as it does when we configure it manually, but with the only difference that the agent is not deployed to the VM. Is this convinient auto-provisioning exclusive to the UI configuration? If so, what's an elegant way to deploy the agent to the VM in an automated manner?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered WilleChristianIOBOPS2-7547 commented

@WilleChristianIOBOPS2-7547 Welcome to Microsoft Q & A Community Forum. I understand that you are trying to enable monitoring agent using az cli. I have tested the same on Ubuntu 20.04 os from my end using similar commands and I was able to provision without any issues. Here are the commands I have used.

 az monitor data-collection rule create --resource-group "rg" --location "eastus" --name "myCollectionRule2" --data-flows destinations="workspace-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-eus2" streams="Microsoft-Perf" streams="Microsoft-Syslog" streams="Microsoft-WindowsEvent" --log-analytics name="workspace-f66926b3-210c-4b3d-b5f2-fc789f2308b1-eus2" resource-id="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/workspace-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-eus2" --performance-counters name="cloudTeamCoreCounters" counter-specifiers="\\Processor(_Total)\\% Processor Time" counter-specifiers="\\Memory\\Committed Bytes" counter-specifiers="\\LogicalDisk(_Total)\\Free Megabytes" counter-specifiers="\\PhysicalDisk(_Total)\\Avg. Disk Queue Length" sampling-frequency=15 transfer-period="PT1M" streams="Microsoft-Perf" --performance-counters name="appTeamExtraCounters" counter-specifiers="\\Process(_Total)\\Thread Count" sampling-frequency=30 transfer-period="PT5M" streams="Microsoft-Perf" --syslog name="cronSyslog" facility-names="cron" log-levels="Debug" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --syslog name="syslogBase" facility-names="syslog" log-levels="Alert" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --windows-event-logs name="cloudSecurityTeamEvents" transfer-period="PT1M" streams="Microsoft-WindowsEvent" x-path-queries="Security!" --windows-event-logs name="appTeam1AppEvents" transfer-period="PT5M" streams="Microsoft-WindowsEvent" x-path-queries="System!*[System[(Level = 1 or Level = 2 or Level = 3)]]" x-path-queries="Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"

 az monitor data-collection rule association create --name "DefaultMetrics" --rule-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg/providers/Microsoft.Insights/dataCollectionRules/myCollectionRule2 --resource /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/rg/providers/Microsoft.Compute/virtualMachines/swnu  

May I know what operating system you are using and also were you prompted with any error when executing commands?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SwathiDhanwada-MSFT Thanks for your reply! The creation of the resources via az cli is working perfectly fine. The data collection rule as well as the association of the the corresponding VM are created properly using the above mentioned code. My problem is regarding the enrolment of the monitor linux agent that is required on the VM to actually send the data that is defined in the collection rule.

As described in the documentation ( this enrolment is triggered automatically when I configure the data collection rule via the portal, which is a very convenient way to install the agent (and also the recommended one according to the documentation):

To install the Azure Monitor agent using the Azure portal, follow the process to create a data collection rule in the Azure portal. This not only creates the rule, but it also associates it to the selected resources and installs the Azure Monitor agent on them if not already installed.

I would like to have a similar auto deployment mechanism to install the agent, while creating the data collection not via portal but azure cli.

0 Votes 0 ·