Azure Diagnostics extension overview
Azure Diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system of Azure compute resources including virtual machines. This article provides an overview of Azure Diagnostics extension, the specific functionality that it supports, and options for installation and configuration.
Note
Azure Diagnostics extension is one of the agents available to collect monitoring data from the guest operating system of compute resources. For a description of the different agents and guidance on selecting the appropriate agents for your requirements, see Overview of the Azure Monitor agents.
Primary scenarios
Use Azure Diagnostics extension if you need to:
- Send data to Azure Storage for archiving or to analyze it with tools such as Azure Storage Explorer.
- Send data to Azure Monitor Metrics to analyze it with metrics explorer and to take advantage of features such as near-real-time metric alerts and autoscale (Windows only).
- Send data to third-party tools by using Azure Event Hubs.
- Collect boot diagnostics to investigate VM boot issues.
Limitations of Azure Diagnostics extension:
- It can only be used with Azure resources.
- It has limited ability to send data to Azure Monitor Logs.
Comparison to Log Analytics agent
The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You can choose to use either or both depending on your requirements. For a comparison of the Azure Monitor agents, see Overview of the Azure Monitor agents.
The key differences to consider are:
- Azure Diagnostics Extension can be used only with Azure virtual machines. The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
- Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Azure Event Hubs. The Log Analytics agent collects data to Azure Monitor Logs.
- The Log Analytics agent is required for retired solutions, VM insights, and other services such as Microsoft Defender for Cloud.
Costs
There's no cost for Azure Diagnostics extension, but you might incur charges for the data ingested. Check Azure Monitor pricing for the destination where you're collecting data.
Data collected
The following tables list the data that can be collected by the Windows and Linux diagnostics extension.
Windows diagnostics extension (WAD)
| Data source | Description |
|---|---|
| Windows event logs | Events from Windows event log. |
| Performance counters | Numerical values measuring performance of different aspects of operating system and workloads. |
| IIS logs | Usage information for IIS websites running on the guest operating system. |
| Application logs | Trace messages written by your application. |
| .NET EventSource logs | Code writing events using the .NET EventSource class. |
| Manifest-based ETW logs | Event tracing for Windows events generated by any process. |
| Crash dumps (logs) | Information about the state of the process if an application crashes. |
| File-based logs | Logs created by your application or service. |
| Agent diagnostic logs | Information about Azure Diagnostics itself. |
Linux diagnostics extension (LAD)
| Data source | Description |
|---|---|
| Syslog | Events sent to the Linux event logging system |
| Performance counters | Numerical values measuring performance of different aspects of operating system and workloads |
| Log files | Entries sent to a file-based log |
Data destinations
The Azure Diagnostics extension for both Windows and Linux always collects data into an Azure Storage account. For a list of specific tables and blobs where this data is collected, see Install and configure Azure Diagnostics extension for Windows and Use Azure Diagnostics extension for Linux to monitor metrics and logs.
Configure one or more data sinks to send data to other destinations. The following sections list the sinks available for the Windows and Linux diagnostics extension.
Windows diagnostics extension (WAD)
| Destination | Description |
|---|---|
| Azure Monitor Metrics | Collect performance data to Azure Monitor Metrics. See Send Guest OS metrics to the Azure Monitor metric database. |
| Event hubs | Use Azure Event Hubs to send data outside of Azure. See Streaming Azure Diagnostics data to Azure Event Hubs. |
| Azure Storage blobs | Write data to blobs in Azure Storage in addition to tables. |
| Application Insights | Collect data from applications running in your VM to Application Insights to integrate with other application monitoring. See Send diagnostic data to Application Insights. |
You can also collect WAD data from storage into a Log Analytics workspace to analyze it with Azure Monitor Logs, although the Log Analytics agent is typically used for this functionality. It can send data directly to a Log Analytics workspace and supports solutions and insights that provide more functionality. See Collect Azure diagnostic logs from Azure Storage.
Linux diagnostics extension (LAD)
LAD writes data to tables in Azure Storage. It supports the sinks in the following table.
| Destination | Description |
|---|---|
| Event hubs | Use Azure Event Hubs to send data outside of Azure. |
| Azure Storage blobs | Write data to blobs in Azure Storage in addition to tables. |
| Azure Monitor Metrics | Install the Telegraf agent in addition to LAD. See Collect custom metrics for a Linux VM with the InfluxData Telegraf agent. |
Installation and configuration
The diagnostics extension is implemented as a virtual machine extension in Azure, so it supports the same installation options using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on installing and maintaining virtual machine extensions, see Virtual machine extensions and features for Windows and Virtual machine extensions and features for Linux.
You can also install and configure both the Windows and Linux diagnostics extension in the Azure portal under Diagnostic settings in the Monitoring section of the virtual machine's menu.
See the following articles for information on installing and configuring the diagnostics extension for Windows and Linux:
- Install and configure Azure Diagnostics extension for Windows
- Use Linux diagnostics extension to monitor metrics and logs
Other documentation
See the following articles for more information.
Azure Cloud Services (classic) web and worker roles
- Introduction to Azure Cloud Services monitoring
- Enabling Azure Diagnostics in Azure Cloud Services
- Application Insights for Azure Cloud Services
- Trace the flow of an Azure Cloud Services application with Azure Diagnostics
Azure Service Fabric
Monitor and diagnose services in a local machine development setup
Next steps
- Learn to use performance counters in Azure Diagnostics.
- If you have trouble with diagnostics starting or finding your data in Azure Storage tables, see Troubleshooting Azure Diagnostics.
Feedback
Submit and view feedback for