Azure Monitor Agent extension versions


This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the CentOS End Of Life guidance.

This article describes the version details for the Azure Monitor Agent virtual machine extension. This extension deploys the agent on virtual machines, scale sets, and Arc-enabled servers (on-premises servers with Azure Arc agent installed).

We strongly recommended to always update to the latest version, or opt in to the Automatic Extension Update feature.

Version details

Release Date Release notes Windows Linux
February 2024 Known Issues
  • Occasional crash during startup in arm64 VMs. This is fixed in 1.30.3
  • Fix memory leak in Internet Information Service (IIS) log collection
  • Fix JSON parsing with Unicode characters for some ingestion endpoints
  • Allow Client installer to run on Azure Virtual Desktop (AVD) DevBox partner
  • Enable Transport Layer Security (TLS) 1.3 on supported Windows versions
  • Update MetricsExtension package to 2.2024.202.2043
  • Features
    • Add EventTime to syslog for parity with OMS agent
    • Add more Common Event Format (CEF) format support
    • Add CPU quotas for Azure Monitor Agent (AMA)
  • Fixes
    • Handle truncation of large messages in syslog due to Transmission Control Protocol (TCP) framing issue
    • Set NO_PROXY for Instance Metadata Service (IMDS) endpoint in AMA Python wrapper
    • Fix a crash in syslog parsing
    • Add reasonable limits for metadata retries from IMDS
    • No longer reset /var/log/azure folder permissions
1.24.0 1.30.3
January 2024 Known Issues
  • 1.29.5 doesn't install on Arc-enabled servers because the agent extension code size is beyond the deployment limit set by Arc. This issue was fixed in 1.29.6
  • Added support for Transport Layer Security (TLS) 1.3
  • Reverted a change to enable multiple IIS subscriptions to use same filter. Feature is redeployed once memory leak is fixed
  • Improved Event Trace for Windows (ETW) event throughput rate
  • Fix error messages logged, intended for mdsd.err, that instead went to mdsd.warn in 1.29.4 only. Likely error messages: "Exception while uploading to Gig-LA: ...", "Exception while uploading to ODS: ...", "Failed to upload to ODS: ..."
  • Reduced noise generated by AMAs' use of semanage when SELinux is enabled
  • Handle time parsing in syslog to handle Daylight Savings Time (DST) and leap day
1.23.0 1.29.5, 1.29.6
December 2023 Known Issues
  • 1.29.4 doesn't install on Arc-enabled servers because the agent extension code size is beyond the deployment limit set by Arc. Fix is coming in 1.29.6
  • Multiple IIS subscriptions cause a memory leak. feature reverted in 1.23.0
  • Prevent CPU spikes by not using bookmark when resetting an Event Log subscription
  • Added missing Fluent Bit executable to AMA client setup for Custom Log support
  • Updated to latest AzureCredentialsManagementService and DsmsCredentialsManagement package
  • Update ME to v2.2023.1027.1417
  • Support for TLS v1.3
  • Support for nopri in Syslog
  • Ability to set disk quota from Data Collection Rule (DCR) Agent Settings
  • Add ARM64 Ubuntu 22 support
  • Fixes
    • SysLog
      • Parse syslog Palo Alto CEF with multiple space characters following the hostname
      • Fix an issue with incorrectly parsing messages containing two '\n' chars in a row
      • Improved support for non-RFC compliant devices
      • Support Infoblox device messages containing both hostname and IP headers
    • Fix AMA crash in Read Hat Enterprise Linux (RHEL) 7.2
    • Remove dependency on "which" command
    • Fix port conflicts due to AMA using 13000
    • Reliability and Performance improvements
1.22.0 1.29.4
October 2023 Windows
  • Minimize CPU spikes when resetting an Event Log subscription
  • Enable multiple IIS subscriptions to use same filter
  • Clean up files and folders for inactive tenants in multitenant mode
  • AMA installer doesn't install unnecessary certs
  • AMA emits Telemetry table locally
  • Update Metric Extension to v2.2023.721.1630
  • Update AzureSecurityPack to v4.29.0.4
  • Update AzureWatson to v1.0.99
  • Add support for Process metrics counters for Log Analytics upload and Azure Monitor Metrics
  • Use rsyslog omfwd TCP for improved syslog reliability
  • Support Palo Alto CEF logs where hostname is followed by two spaces
  • Bug and reliability improvements
1.21.0 1.28.11
September 2023 Windows
  • Fix issue with high CPU usage due to excessive Windows Event Logs subscription reset
  • Reduce Fluent Bit resource usage by limiting tracked files older than three days and limiting logging to errors only
  • Fix race condition where resource_id is unavailable when agent is restarted
  • Fix race-condition when vm-extension provision agent (also known as GuestAgent) is issuing a disable-vm-extension command to AMA
  • Update MetricExtension version to 2.2023.721.1630
  • Update Troubleshooter to v1.5.14
1.20.0 None
August 2023 Windows
  • AMA: Allow prefixes in the tag names to handle regression
  • Updating package version for AzSecPack 4.28 release
1.19.0 None
July 2023 Windows
  • Fix crash when Event Log subscription callback throws errors.
  • MetricExtension updated to 2.2023.609.2051
1.18.0 None
June 2023 Windows
  • Add new FilePath column to custom logs table. You must manually add the column to your custom table
  • Config setting to disable custom IMDS endpoint in Tenant.json file
  • Fluent Bit binaries signed with Microsoft customer Code Sign cert
  • Minimize number of retries on calls to refresh tokens
  • Don't overwrite resource ID with empty string
  • AzSecPack updated to version 4.27
  • AzureProfiler and AzurePerfCollector updated to version
  • MetricsExtension updated to version 2.2023.513.10
  • Troubleshooter updated to version 1.5.0
  • To identify forwarder/collector machine, add new column CollectorHostName to syslog table
  • Link OpenSSL dynamically
  • Fixes
    • Allow uploads soon after AMA startup
    • To avoid thread pool scheduling issues, run LocalSink Garbage Collector on a dedicated thread
    • Fix upgrade restart of disabled services
    • Handle Linux Hardening where sudo on root is blocked
    • CEF processing fixes for noncompliant Request For Comment (RFC) 5424 logs
    • Adaptive Security Appliance (ASA) tenant can fail to start up due to config-cache directory permissions
    • Fix auth proxy in AMA
    • Fix to remove null characters in agentlauncher.log after log rotation
    • Fix for authenticated proxy(1.27.3)
    • Fix regression in Virtual Machine (VM) Insights(1.27.4)
1.17.0 1.27.4
May 2023 Windows
  • Enable Large Event support for all regions
  • Update to TroubleShooter 1.4.0
  • Fixed issue when Event Log subscription became invalid and wouldn't resubscribe
  • AMA: Fixed issue with Large Event sending too large data. Also affecting Custom Log
  • Support for CIS and SELinux hardening
  • Include Ubuntu 22.04 (Jammy Jellyfish) in azure-mdsd package publishing
  • Move storage SDK patch to build container
  • Add system Telegraf counters to AMA
  • Drop msgpack and syslog data if not configured in active configuration
  • Limit the events sent to Public ingestion pipeline
  • Fixes
    • Fix mdsd crash in init when in persistent mode
    • To avoid a race condition, remove FdClosers from ProtocolListeners
    • Fix sed regex special character escaping issue in rpm macro for CentOS 7.3 (Maipo)
    • Fix latency and future timestamp issue
    • Install AMA syslog configs only if customer is opted in for syslog in DCR
    • Fix heartbeat time check
    • Skip unnecessary cleanup in fatal signal handler
    • Fix case where fast-forwarding may cause intervals to be skipped
    • Fix comma separated custom log paths with fluent
    • Fix to prevent events folder growing too large and filling the disk
    • Hotfix (1.26.3) for Syslog 1.26.2-1.26.5Hotfix
    Apr 2023 Windows
    • AMA: Enable Large Event support based on Region
    • AMA: Upgrade to Fluent Bit version 2.0.9
    • Update Troubleshooter to 1.3.1
    • Update ME version to 2.2023.331.1521
    • Updating package version for AzSecPack 4.26 release
    1.15.0 None
    Mar 2023 Windows
    • Text file collection improvements to handle high rate logging and continuous tailing of longer lines
    • VM Insights fixes for collecting metrics from non-English OS None
    Feb 2023
    • Linux (hotfix) Resolved potential data loss due to "Bad file descriptor" errors seen in the mdsd error log with previous version. Upgrade to hotfix version
    • Windows Reliability improvements in Fluent Bit buffering to handle larger text files
    1.13.1 1.25.2Hotfix
    Jan 2023 Linux
    • RHEL 9 and Amazon Linux 2 support
    • Update to OpenSSL 1.1.1s and require TLS 1.2 or higher
    • Performance improvements
    • Improvements in Garbage Collection for persisted disk cache and handling corrupted cache files better
    • Fixes
      • Set agent service memory limit for CentOS/RedHat 7 distros. Resolved MemoryMax parsing error
      • Fixed modifying rsyslog system-wide log format caused by installer on RedHat/CentOS 7.3
      • Fixed permissions to config directory
      • Installation reliability improvements
      • Fixed permissions on default file so rpm verification doesn't fail
      • Added traceFlags setting to enable trace logs for agent
    • Fixed issue related to incorrect EventLevel and Task values for Log Analytics Event table, to match Windows Event Viewer values
    • Added missing columns for IIS logs - TimeGenerated, Time, Date, Computer, SourceSystem, AMA, W3SVC, SiteName
    • Reliability improvements for metrics collection
    • Fixed machine restart issues on for Arc-enabled servers related to repeated calls to HIMDS service
    1.12.0 1.25.1
    Nov-Dec 2022 1.11.0 None
    Oct 2022 Windows
    • Increased reliability of data uploads
    • Data quality improvements
    • Support for http_proxy and https_proxy environment variables for network proxy configurations for the agent
    • Text logs
      • Network proxy support enabled
      • Fixed missing _ResourceId
      • Increased maximum line size support to 1 MB
    • Support ingestion of syslog events whose timestamp is in the future
    • Performance improvements
    • Fixed diskio metrics instance name dimension to use the disk mount paths instead of the device names
    • Fixed world writable file issue to lock down write access to certain agent logs and configuration files stored locally on the machine 1.24.2
    Sep 2022 Reliability improvements 1.9.0 None
    August 2022 Common updates
    • Improved resiliency: Default lookback (retry) time updated to last three days (72 hours) up from 60 minutes, for agent to collect data post interruption. Look back time is subject to default offline cache size of 10 Gb
    • Fixes the preview custom text log feature that was incorrectly removing the TimeGenerated field from the raw data of each event. All events are now additionally stamped with agent (local) upload time
    • Reliability and supportability improvements
    • Fixed datetime format to UTC
    • Fix to use default location for firewall log collection, if not provided
    • Reliability and supportability improvements
    • Support for OpenSuse 15, Debian 11 ARM64
    • Support for coexistence of Azure Monitor agent with legacy Azure Diagnostic extension for Linux (LAD)
    • Increased max-size of User Datagram Protocol (UDP) payload for Telegraf output to prevent dimension truncation
    • Prevent unconfigured upload to Azure Monitor Metrics destination
    • Fix for disk metrics wherein instance name dimension uses the disk mount paths instead of the device names, to provide parity with legacy agent
    • Fixed disk free MB metric to report megabytes instead of bytes
    1.8.0 1.22.2
    July 2022 Fix for mismatch event timestamps for Sentinel Windows Event Forwarding 1.7.0 None
    June 2022 Bug fixes with user assigned identity support, and reliability improvements 1.6.0 None
    May 2022
    • Fixed issue where agent stops functioning due to faulty XPath query. With this version, only query related Windows events fail, other data types continue to be collected
    • Collection of Windows network troubleshooting logs added to 'CollectAMAlogs.ps1' tool
    • Linux support for Debian 11 distro
    • Fixed issue to list mount paths instead of device names for Linux disk metrics 1.21.0
    April 2022
    • Private IP information added in Log Analytics Heartbeat table for Windows and Linux
    • Fixed bugs in Windows IIS log collection (preview)
      • Updated IIS site column name to match backend Kusto Query Language (KQL) transform
      • Added delay to IIS upload task to account for IIS buffering
    • Fixed Linux CEF syslog forwarding for Sentinel
    • Removed 'error' message for Azure MSI token retrieval failure on Arc to show as 'Info' instead
    • Support added for Ubuntu 22.04, RHEL 8.5, 8.6, AlmaLinux and RockyLinux distros
    1.4.1Hotfix 1.19.3
    March 2022
    • Fixed timestamp and XML format bugs in Windows Event logs
    • Full Windows OS information in Log Analytics Heartbeat table
    • Fixed Linux performance counters to collect instance values instead of 'total' only
    February 2022
    • Bug fixes for the AMA Client installer
    • Versioning fix to reflect appropriate Windows major/minor/hotfix versions
    • Internal test improvement on Linux
    1.2.0 1.15.3
    January 2022
    • Syslog RFC compliance for Linux
    • Fixed issue for Linux perf counters not flowing on restart
    • Fixed installation failure on Windows Server 2008 R2 SP1
    December 2021
    • Fixed issues impacting Linux Arc-enabled servers
    • 'Heartbeat' table > 'Category' column reports "Azure Monitor Agent" in Log Analytics for Windows
    September 2021
    • Fixed issue causing data loss on restarting the agent
    • Fixed issue for Arc Windows servers 1
    August 2021 Fixed issue allowing Azure Monitor Metrics as the only destination
    July 2021
    • Support for direct proxies
    • Support for Log Analytics gateway
    Learn more
    June 2021 General availability announced.
    • All features except metrics destination now generally available
    • Production quality, security, and compliance
    • Availability in all public regions
    • Performance and scale improvements for higher EPS
    Learn more

    Hotfix Don't use AMA Linux versions v1.10.7, v1.15.1, v1.25.2 and AMA Windows v1.1.3.1, v1.1.5.0. Use the hotfix versions.
    1 Known issue: No data collected from Linux Arc-enabled servers.
    2 Known issue: Linux performance counters data stops flowing on restarting or rebooting the machines.

    Next steps