Managing Azure Subscriptions and Resources
What are some of the data sources available?
- Windows event logs - Windows performance counters - Linux performance counters - IIS Logs - Custom fields - Custom logs - Syslog
What are some of the connected sources available?
- Windows servers - Linux servers - Azure storage - System center
What is the strategy for storing activity logs across ADs?
- Activity logs send logs to event hub in AD 1 - Logic app in AD2 picks up logs - Logic app sends to other Log Analytics workspace in AD2 or other (Log Analytics Data Collector for Logic Apps) This is low latency and low overhead/coding https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs-subscriptions
What are the activity log event categories?
- Administrative - Service Health - Alert - Autoscale - Recommendation - Security - Policy and resource health - for later use
What are the types of service health alerts?
- All - Action required - Assisted recovery - Incident - Maintenance - Information - Security
What are the potential targets for diagnostic settings?
- Archive to a storage account (stored in hour increments) - Stream to an event hub - Send to Log Analytics
What type of things can you monitor with metrics alerts?
- As frequently as every minute (logs are longer due to log ingestion time) - Multi dimensional metrics - Max, min, average, and total - Combine two metrics into a single rule - Preview of feature where metric data can be extracted from logs
What can go in a monitor dashboard?
- Infrastructure information - Application telemetry - Operational insights - Security health and recommendations
What is Azure Advisor?
- Personalized cloud consultant that helps you follow best practices for your cloud deployment - Analyzes resource config and usage telemetry and recommends solutions to improve cost effectiveness, performance, high availability, and security - Recommends for VMs, Availability Sets, App Gateways, App Services, SQL servers, Redis cache
What can you do with Activity Log queries?
- Save them - Pin to dashboard
What are some of the ARM resources associated with Activity Log alerts?
- The alert itself - Action groups
What are the steps in creating an alert?
1. Define alert condition - Target selection (i.e. resource) - Alert criteria (metric, etc.) - Alert logic (what causes it to fire) 2. Define alert details - Rule name - Description - Severity (0-4) 3. Define action group - Notifications/actions
What is the strategy for storing activity logs across subs?
1. Go into Log Analytics workspace 2. Azure Activity Log under Data Sources 3. Click the subs and connect the ones you want shown in this workspace
How fast is the metrics pipeline?
5 minutes down to 1 minute
What is activity log retention?
90 days but can be archived, streamed to EH, Log Analytics, etc. Use "Export to Event Hub" and can select Storage as well
What is activity log?
A subscription log that provides insight into subscription level events that have happened in Azure from ARM operational data to updates on Service Health events
What are the advantages of monitoring?
An effective monitoring strategy helps you: - Understand detailed operation of your components - Increase uptime by proactively notifying of issues
How do you visualize activity logs externally?
Azure, Custom systems, PowerBI - add Audit (soon Activity) Log Content Pack
What is the major benefit of log analytics?
Compile data from a number of services with one central access point
What can you do with activity logs?
Determine the who, what, and when for any write operation on resources in your subscription as well as understand service status - Send to Log Analytics - Query or manage events through Portal, PS< CLI, API - Stream to Event Hub - Archive to storage - Analyze with PowerBI
How can alerts be delivered?
Email (Can also email an RBAC role) SMS Push (only for Service Health) Voice Functions (Select a function) Logic App (Select an app) Webhook (Webhook URL) IT Service Management (Need ITSM Connector installed Runbook (Choose a runbook)
What is Log Analytics?
Helps you collect, correlate, search, and act on log and performance data
What is the difference between VM host logs and guest logs?
Host logs are from the Hyper-V host Guest logs are from the agent running on the VM
Where do you create alerts?
In Azure Monitor for Monitor, Log Analytics, and App Insights. Alert rules and fired alerts are differentiated so operational and configuration views are kept seperate
What does Azure Monitor collect?
Metrics Activity Logs Diagnostic Logs Service Health/Events
What are alert action groups?
Named groups of notifications and actions that can be reused with multiple alerts. Can also automate actions using webhooks and runbooks.
What is Metrics?
Performance and health of resources Alerts can be set on Metrics
How can you take a deeper look at the logs?
Send them to Azure Log Analytics Can also be displayed in OMS Solution packs
Hows does Kusto query language work?
Top level is the table and then gets piped into the next level bit by bit
Can you send telemetry into your own solutions?
Yes - via the REST APIs