Monitoring VPN Gateway
When you have critical applications and business processes relying on Azure resources, you want to monitor those resources for their availability, performance, and operation.
This article describes the monitoring data generated by Azure VPN Gateway. VPN Gateway uses Azure Monitor. If you're unfamiliar with the features of Azure Monitor common to all Azure services that use it, read Monitoring Azure resources with Azure Monitor.
VPN Gateway collects the same kinds of monitoring data as other Azure resources that are described in Monitoring data from Azure resources.
See Monitoring VPN Gateway data reference for detailed information on the metrics and logs metrics created by VPN Gateway.
Collection and routing
Platform metrics and the Activity log are collected and stored automatically, but can be routed to other locations by using a diagnostic setting.
Resource Logs aren't collected and stored until you create a diagnostic setting and route them to one or more locations.
See Create diagnostic setting to collect platform logs and metrics in Azure for the detailed process for creating a diagnostic setting using the Azure portal, CLI, or PowerShell. When you create a diagnostic setting, you specify which categories of logs to collect. The categories for VPN Gateway are listed in VPN Gateway monitoring data reference.
Enabling these settings requires additional Azure services (storage account, event hub, or Log Analytics), which may increase your cost. To calculate an estimated cost, visit the Azure pricing calculator.
The metrics and logs you can collect are discussed in the following sections.
You can analyze metrics for VPN Gateway with metrics from other Azure services using metrics explorer by opening Metrics from the Azure Monitor menu. See Getting started with Azure Metrics Explorer for details on using this tool.
For a list of the platform metrics collected for VPN Gateway, see Monitoring VPN Gateway data reference metrics.
For reference, you can see a list of all resource metrics supported in Azure Monitor.
Data in Azure Monitor Logs is stored in tables where each table has its own set of unique properties.
All resource logs in Azure Monitor have the same fields followed by service-specific fields. The common schema is outlined in Azure Monitor resource log schema.
The Activity log is a type of platform log in Azure that provides insight into subscription-level events. You can view it independently or route it to Azure Monitor Logs, where you can do much more complex queries using Log Analytics.
For a list of the tables used by Azure Monitor Logs and queryable by Log Analytics, see Monitoring VPN Gateway data reference.
To analyze logs, go to your virtual network gateway. In the Essentials section of the page, select Logs -> View in Azure Monitor.
Azure Monitor alerts proactively notify you when important conditions are found in your monitoring data. They allow you to identify and address issues in your system before your customers notice them. You can set alerts on metrics, logs, and the activity log. Different types of alerts have benefits and drawbacks. You can set up alerts for virtual network gateways of the "VPN" type.
To create a metric alert, see Tutorial: Create a metric alert for an Azure resource. To create a log query alert, see Tutorial: Create a log query alert for an Azure resource.