Azure monitoring linux agent provisioning not triggered by az cli deployed data collection rule

Wille Christian (IOB/OPS2) 1 Reputation point
2022-05-11T14:30:44.403+00:00

We're deploying data collection rules to gather Performance counters and syslog messages from linux VMs. When we configure these rules via portal the Azure Monitor Linux agent extension is automatically provisioned on the VM and data is collected immediately, which is great. When we configure the exact same data collection rule and associate it to the VM via AZ cli, this automatic provisioning doesn't seem to be triggered. Here are the AZ cli commands: 

az monitor data-collection rule create --resource-group $RG_NAME --location $LOCATION --name $DCR_SYSLOG_NAME --data-flows destinations=$LOG_WORKSPACE_NAME streams="Microsoft-Syslog" --log-analytics name=$LOG_WORKSPACE_NAME resource-id="/subscriptions/$SUBSCRIPTION/resourceGroups/$RG_NAME/providers/Microsoft.OperationalInsights/workspaces/$LOG_WORKSPACE_NAME" --syslog name="SyslogDataSource" facility-names="local3" log-levels="*" streams="Microsoft-Syslog"   
az monitor data-collection rule create --resource-group $RG_NAME --location $LOCATION --name $DCR_METRICS_NAME --data-flows destinations=$INSIGHTS_WORKSPACE_NAME streams="Microsoft-Perf" --log-analytics name=$INSIGHTS_WORKSPACE_NAME resource-id="/subscriptions/$SUBSCRIPTION/resourceGroups/$RG_NAME/providers/Microsoft.OperationalInsights/workspaces/$INSIGHTS_WORKSPACE_NAME" --performance-counters name="MetricsDataSource" counter-specifiers="\\Logical Disk(*)\\% Used Space" counter-specifiers="\\Memory(*)\\% Used Memory" counter-specifiers="\\Network(*)\\Total Collisions"  sampling-frequency="60" streams="Microsoft-Perf"   
az monitor data-collection rule association create --name "DefaultSyslog" --rule-id $SYSLOGRULEID --resource $VMID   
az monitor data-collection rule association create --name "DefaultMetrics" --rule-id $METRICSRULEID --resource $VMID

In portal everything looks exactly the same as it does when we configure it manually, but with the only difference that the agent is not deployed to the VM. Is this convinient auto-provisioning exclusive to the UI configuration? If so, what's an elegant way to deploy the agent to the VM in an automated manner?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,799 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SwathiDhanwada-MSFT 17,401 Reputation points
    2022-05-17T10:27:53.07+00:00

    @Wille Christian (IOB/OPS2) Welcome to Microsoft Q & A Community Forum. I understand that you are trying to enable monitoring agent using az cli. I have tested the same on Ubuntu 20.04 os from my end using similar commands and I was able to provision without any issues. Here are the commands I have used. 

    az monitor data-collection rule create --resource-group "rg" --location "eastus" --name "myCollectionRule2" --data-flows destinations="workspace-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-eus2" streams="Microsoft-Perf" streams="Microsoft-Syslog" streams="Microsoft-WindowsEvent" --log-analytics name="workspace-f66926b3-210c-4b3d-b5f2-fc789f2308b1-eus2" resource-id="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/workspace-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-eus2" --performance-counters name="cloudTeamCoreCounters" counter-specifiers="\\Processor(_Total)\\% Processor Time" counter-specifiers="\\Memory\\Committed Bytes" counter-specifiers="\\LogicalDisk(_Total)\\Free Megabytes" counter-specifiers="\\PhysicalDisk(_Total)\\Avg. Disk Queue Length" sampling-frequency=15 transfer-period="PT1M" streams="Microsoft-Perf" --performance-counters name="appTeamExtraCounters" counter-specifiers="\\Process(_Total)\\Thread Count" sampling-frequency=30 transfer-period="PT5M" streams="Microsoft-Perf" --syslog name="cronSyslog" facility-names="cron" log-levels="Debug" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --syslog name="syslogBase" facility-names="syslog" log-levels="Alert" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --windows-event-logs name="cloudSecurityTeamEvents" transfer-period="PT1M" streams="Microsoft-WindowsEvent" x-path-queries="Security!" --windows-event-logs name="appTeam1AppEvents" transfer-period="PT5M" streams="Microsoft-WindowsEvent" x-path-queries="System!*[System[(Level = 1 or Level = 2 or Level = 3)]]" x-path-queries="Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"  

az monitor data-collection rule association create --name "DefaultMetrics" --rule-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg/providers/Microsoft.Insights/dataCollectionRules/myCollectionRule2 --resource /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/rg/providers/Microsoft.Compute/virtualMachines/swnu

    May I know what operating system you are using and also were you prompted with any error when executing commands?