Azure networking monitoring solutions in Azure Monitor

Note

We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

Azure Monitor offers the following solutions for monitoring your networks:

  • Network Performance Monitor (NPM) to
    • Monitor the health of your network
  • Azure Application Gateway analytics to review
    • Azure Application Gateway logs
    • Azure Application Gateway metrics
  • Solutions to monitor and audit network activity on your cloud network

Network Performance Monitor (NPM)

The Network Performance Monitor management solution is a network monitoring solution that monitors the health, availability and reachability of networks. It is used to monitor connectivity between:

  • Public cloud and on-premises
  • Data centers and user locations (branch offices)
  • Subnets hosting various tiers of a multi-tiered application.

For more information, see Network Performance Monitor.

Azure Application Gateway analytics

  1. Enable diagnostics to direct the diagnostics to a Log Analytics workspace in Azure Monitor.
  2. Consume the detailed summary for your resource using the workbook template for Application Gateway.

If diagnostic logs are not enabled for Application Gateway, only the default metric data would be populated within the workbook.

Review Azure networking data collection details

The Azure Application Gateway analytics and the Network Security Group analytics management solutions collect diagnostics logs directly from Azure Application Gateways and Network Security Groups. It is not necessary to write the logs to Azure Blob storage and no agent is required for data collection.

The following table shows data collection methods and other details about how data is collected for Azure Application Gateway analytics and the Network Security Group analytics.

Platform Direct agent Systems Center Operations Manager agent Azure Operations Manager required? Operations Manager agent data sent via management group Collection frequency
Azure when logged

Enable Azure Application Gateway diagnostics in the portal

  1. In the Azure portal, navigate to the Application Gateway resource to monitor.

  2. Select Diagnostics Settings to open the following page.

    Screenshot of the Diagnostics Settings config for Application Gateway resource.

    Screenshot of the page for configuring Diagnostics settings.

  3. Click the checkbox for Send to Log Analytics.

  4. Select an existing Log Analytics workspace, or create a workspace.

  5. Click the checkbox under Log for each of the log types to collect.

  6. Click Save to enable the logging of diagnostics to Azure Monitor.

Enable Azure network diagnostics using PowerShell

The following PowerShell script provides an example of how to enable resource logging for application gateways.

$workspaceId = "/subscriptions/d2e37fee-1234-40b2-5678-0b2199de3b50/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/rollingbaskets"

$gateway = Get-AzApplicationGateway -Name 'ContosoGateway'

Set-AzDiagnosticSetting -ResourceId $gateway.ResourceId  -WorkspaceId $workspaceId -Enabled $true

Accessing Azure Application Gateway analytics via Azure Monitor Network insights

Application insights can be accessed via the insights tab within your Application Gateway resource.

Screenshot of Application Gateway insights

The "view detailed metrics" tab will open up the pre-populated workbook summarizing the data from your Application Gateway.

Screenshot of Application Gateway workbook

New capabilities with Azure Monitor Network Insights workbook

Note

There are no additional costs associated with Azure Monitor Insights workbook. Log Analytics workspace will continue to be billed as per usage.

The Network Insights workbook allows you to take advantage of the latest capabilities of Azure Monitor and Log Analytics including:

  • Centralized console for monitoring and troubleshooting with both metric and log data.

  • Flexible canvas to support creation of custom rich visualizations.

  • Ability to consume and share workbook templates with wider community.

To find more information about the capabilities of the new workbook solution check out Workbooks-overview

Migrating from Azure Gateway analytics solution to Azure Monitor workbooks

Note

Azure Monitor Network Insights workbook is the recommended solution for accessing metric and log analytics for your Application Gateway resources.

  1. Ensure diagnostics settings are enabled to store logs into a Log Analytics workspace. If it is already configured, Azure Monitor Network Insights workbook will be able to consume data from the same location and no more changes are required.

Note

All past data is already available within the workbook from the point diagnostic settings were originally enabled. There is no data transfer required.

  1. Access the default insights workbook for your Application Gateway resource. All existing insights supported by the Application Gateway analytics solution will be already present in the workbook. You can extend this by adding custom visualizations based on metric and log data.

  2. After you are able to see all your metric and log insights, to clean up the Azure Gateway analytics solution from your workspace, you can delete the solution from the solution resource page.

Screenshot of the delete option for Azure Application Gateway analytics solution.

Troubleshooting

Troubleshoot Azure Diagnostics

If you receive the following error message, the Microsoft.insights resource provider is not registered:

Failed to update diagnostics for 'resource'. {"code":"Forbidden","message":"Please register the subscription 'subscription id' with Microsoft.Insights."}

To register the resource provider, perform the following steps in the Azure portal:

  1. In the navigation pane on the left, click Subscriptions
  2. Select the subscription identified in the error message
  3. Click Resource Providers
  4. Find the Microsoft.insights provider
  5. Click the Register link

Register microsoft.insights resource provider

Once the Microsoft.insights resource provider is registered, retry configuring diagnostics.

In PowerShell, if you receive the following error message, you need to update your version of PowerShell:

Set-AzDiagnosticSetting : A parameter cannot be found that matches parameter name 'WorkspaceId'.

Update your version of Azure PowerShell, follow the instructions in the Install Azure PowerShell article.

Next steps