Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ104 - 5. Monitor and Maintain Azure Resources > Monitor resources in Azure > Flashcards

Monitor resources in Azure Flashcards

1
Q
  1. What is Azure Monitor?

https://learn.microsoft.com/en-us/azure/azure-monitor/vm/monitor-virtual-machine

A

Solution that collects , analyzes , and responds to telemetry data for both on prem and cloud environments.

Azure monitor can monitor these types of resources in azure , other clouds or on prem:

*Applications
*Virtual machines
*Guest OS
*Containers
*Databases
*security events in conjunction with Azure Sentinel
*networking events and health in conjunction with network watcher
*custom sources that use API to get data into Azure monitor
—————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————
*If you want to log metrics for a vm you have to:
- You should enable the log analytics VM extension in azure monitor -

  • You then need to install the log analytics vm extension that configures the agent to send data to the log analytics workspace.
  • This procedure supports both Linux and windows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe Azure monitor key capabilities

A
  1. Monitor and visualize metrics
    Gathers numerical metric values from azure resources
    Offers different methods for viewing metric data such as health , operation and performance
  2. Query and analyze logs
    generates activity logs , diagnostic logs and telemetry data.
  3. Set up alerts and actions
    You can configure action based on alert conditions.
    Automated steps based on triggers from your metrics or logs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe Azure monitor components

A

Azure monitor is composed of several components:

  1. Azure monitor metrics
    *Usage Enables you to visualize and analyze the performance of your resources overtime , setup alerts based on threshold conditions and create dashboards for monitoring
    *Purpose: Collects and stores performance data(Metrics) from various azure resources.
  2. Azure monitor logs
    *Usage: Uses Kusto query language ( KQL) to query and analyze log data.
    *Purpose: Collects and analyzes log data from various sources such as resources , applications and custom sources.
  3. Azure application insights
    *Usage: Monitors the availability , performance and usage of your web applications. Uses request tracking , dependency tracking and performance profiling.
    *Purpose: Focuses on application performance and usage
  4. Azure monitor workbooks
    *Usage: Allows you to combine data from various sources and build visualization to gain insights into your enviroment health and performance
    *Purpose: Enables you to create interactive , customizable reports and dashboards using data from azure monitor metrics and logs
  5. Azure monitor alerts
    *Usage: Notifies you when specific conditions or thresholds are met. You can configure alerts to trigger actions such as sending emails , invoking webhooks or starting automation runbooks.
    *Purpose: Allows you to set up manage alerts based on metric and log data
  6. Azure Monitor Autoscale
    *Usage: ensures optimal resource utilization and cost efficiency by automatically scaling resources up or down
    *Purpose: Automatically adjusts the number compute resources such as vm’s or instances in an azure Kubernetes service based on demand or defined schedule
  7. Azure monitor for containers
    *Usage: Collects container related metrics , logs and performance data to help you understand and optimize the performance of your containerized applications
    *Purpose: Monitors the performance and health of containerized applications specifically those deployed in azure Kubernetes service

Azure monitor captures data by using two types logs and metrics. Azure monitor metrics and Azure monitor logs are the two base types of data used by the service.

Azure monitor uses multiple monitoring sources to capture the metrics data and logs , which includes azure subscription , tenant , azure services instances , azure resources an applications.

Azure Insights
access the azure application insights extension to azure monitor to use the application performance monitoring(APM) features. This allows you to monitor your applications performance and gather trace logging data. It available for services such as , Azure virtual machines , azure virtual machine scale sets , azure container instances , azure cosmos DB and azure IoT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Described Azure monitor alerts

A

You can configure Azure alerts to initiate a responsive action and send notifications based on telemetry data.

Helps detect and address issues pertaining to your apps that are running and prevent service disruptions.

Things to know:
*create alerts to capture data for your azure services such as resources and apps.

*Alerts consists of alert rules which combines settings and conditions you want to monitor

*An alert rule specifies actions groups to fulfill responsive steps when an alert triggers , such as sending notifications.

  • Each Alert monitors your telemetry and captures a signal about changes to your specified resource
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Components of azure monitor alerts

A

Alert rule:
*defines the condition’s under which the alert should be triggered
*Includes criteria such as metric/time thresholds and other conditions.
* Alert rules can be created for vm’s , databases and application insights.

Alert condition:
*Specifies the criteria that must be met for an alert to be triggered. Examples are CPU usage exceeding a certain percentage or number of failed requests reaching a specified threshold.

Actions group:
collection of notification preferences and actions that are taken when an alert is triggered , notifications such as email , sms , webhook and actions such as runbook , logical app

Alert status:
composed of different states such as new , acknowledged and closed.

You can configure your alerts either as stateless or stateful:

*Stateless alerts
-evaluate the current state of the monitored resource independently of its past states.
-Each evaluation is based on the current data and conditions specified in the alert.
-if the current state of the resource meets the alert rule conditions , a new alert is triggered
- Example - Trigger an alert if CPU usage exceeds 90% in the last 5 min

*Stateful alerts
- considers the historical state or condition of the monitored resource
-Takes into account the history of the resources states and conditions based on current and past conditions.
example - trigger an alert if the average CPU is above 80% in three consecutive monitoring intervals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Create alert rules

https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-metric-alert-rule

A

A metric alert rule is used to generate an alert when a performance metric crosses a configured performance threshold value

An alert rule consists of several attributes:

*Target resource - Specifies the azure resource for which you are creating the rule for. It can be a virtual machine , database , application or any other resource

*A signal is emitted for the selected resource type. The emitted signal can be metric , activity log , application insights or log

*Criteria -

*Severity - The range of severity can be 0 to 4.

*Actions - system invokes the actions for your rule by sending notifications

*Enabled/disabled - By default the rule is set to enabled. The alert can only trigger if it is enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Create action groups

A

Multiple alerts can use the same action group

Notifications how to notify user when action group is triggered

Actions specify how to respond to the defined actions when it is trigged

Action type: Is where you can configure an automated action.

Here are some automated actions:

Automation runbook -

Action function

ITSM

Logic Apps

Webhook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is Azure log Analytics?
A

Is a tool in azure monitor which is used to edit and run log queries for the data that has been collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Things to know about log analytics

A
  1. Log analytics uses a query language called Kusto Query Language(KQL)
    - Search and sort by value , time , property state
    - Join data from multiple tables
    - Combine large sets of data
    - Minimal code needed to perform complex operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Create a log analytic workspace

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows?tabs=setup-wizard

A

*Azure log analytic workspace is a central resource monitoring platform in azure.
* The log analytic workspace is a data warehouse to which associated resources send their telemetry data

  • Has its own query language with which you can generate reports that stretch across all of your azure deployments and management solutions.

Location of where the log analytics data is stored

You cab link network watcher to log analytics but you still need to create the workspace first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Things to know about log Analytics workspace

A

To create log analytics workspace you need to configure the following parameters:

  1. Name - Must be unique
  2. subscription
  3. resource group - Must contain at least one azure vm instance
  4. Region - Must support log analytics
  5. Pricing - Default pricing tier is pay as you go. Charges only apply when the data is collected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Create Kusto queries( KQL)

A

Things to consider when using KQL queries:
1.create/save searches of your data
2. Use the saved log searches
3. configure your saved log searches to run automatically
4.configure saved searches to produce notification alerts
5. export data to power bi or excel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Things to know about KQL query Structure

A

Common dedicated tables are events , syslog , heartbeat and alerts.

  1. data is stored in dedicated tables in the log analytics workspace
  2. each data source and solution includes the name of the data that it creates and description of each of its properties
  3. Structure of a query is source table followed by a series of commands known as operators
  4. Query cab be composed of multiple operators to perform advanced functions
  5. Each operator chain begins with a pipe character

6.The queries can use various options and include data from multiple tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

KQL log query examples

A

Common operators used:

Count operator - is used to discover the number of records in an input record set.

Top - used to see the first n records of your input record set , sorted by specified columns.

Where - filter your table

summarize - create a table that aggregates the content based on specifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Azure network watcher?

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-overview

https://learn.microsoft.com/en-us/azure/network-watcher/

https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-network-configuration-diagnostics-overview

https://learn.microsoft.com/en-us/azure/network-watcher/vpn-troubleshoot-overview

A

Provides tool that help monitor , diagnose , view metric and enable/disable logs for resources in an azure virtual network.

Network watcher consists of 3 major tools and capabilities:
1. Monitoring
*Topology tool

*Connection monitor:
- Connection Monitor provides unified, end-to-end connection monitoring in Azure Network Watcher. The Connection Monitor feature supports hybrid and Azure cloud deployments. Network Watcher provides tools to monitor, diagnose, and view connectivity-related metrics for your Azure deployments

  1. Network diagnostic tools
    *IP flow verify

*NSG diagnostics
- Helps with troubleshooting data flow between NSG’s and verifying that your NSG groups are set up properly
- Shows what network traffic is allowed or denied in your azure VNets
-The NSG diagnostics tool can simulate a given flow based on the source and destination you provide. It returns whether the flow is allowed or denied with detailed information about the security rule allowing or denying the flow.

*Next hop
*Effective security rules
*Connection troubleshoot
*Packet capture
*VPN troubleshoot
- Used to diagnose and troubleshoot VNets gateway and their connections.
- This feature diagnoses the health of the gateway , or connection and returns the appropriate results

  1. Traffic
    *Flow logs
    *Traffic analytics
17
Q

Things to know about Network Watcher

A
  1. IP flow verify
    Description - Diagnose connectivity issues from or to internet and from or to your on prem environment

Scenarios
Identify if security rules blocks inbound or outbound traffic to or from a vm

  1. Next hop
    *Description - view the Next connection point in your network route and view network configuration

*Scenarios - view the next hop target , type and route table. Helps to see if network traffic reaches intended target.

  1. VPN troubleshoot
    Description - diagnose and troubleshoot the health of your network gateway or connection with gathered data , ike security errors , packet drops , and buffers and events

Scenario
View detailed diagnostics in generated log files
simultaneously troubleshoot multiple gateway

  1. NSG diagnostics
    Description - Use flow logs to map ip traffic through NSG’s , so that security compliance can be met and also for auditing.

Scenario - Define NSG rules for organization and conduct periodic compliance audits.

Compare NSG rules against the effective rules for each VM.

  1. Connection troubleshoot
    Description - Check direct TCP or IMCP connection from VM , application gateway or azure bastion host to a vm
    *Checks connections between source and destination

Scenario - Troubleshoot network performance and connectivity. Troubleshoot connection issues for vm , application gateway or azure bastion host

18
Q

Things to consider when using Network watcher

A

Remote monitoring - automates remote network monitoring with packet capture without having to login to VM

Alert notifications - Set alerts to trigger packet capture and in real time at packet level.

NSG flow log diagnostic - Helps you gather data for compliance , auditing , and monitoring you network traffic.

Log analytics -

19
Q

IP flow verify diagnostics

https://learn.microsoft.com/en-us/azure/network-watcher/ip-flow-verify-overview

A

** you can use to check if a packet is allowed or denied to or from an Azure virtual machine based on the configured security and admin rules.

**It helps you to troubleshoot virtual machine connectivity issues by checking network security group (NSG) rules and Azure Virtual Network Manager admin rules

**IP flow verify looks at the rules of all network security groups applied to a virtual machine’s network interface, whether the network security group is associated to the virtual machine’s subnet or network interface. It additionally, looks at the Azure Virtual Network Manager rules applied to the virtual network of the virtual machine

Tool that checks connectivity from or to the internet and From or to your on prem environment.

Helps with identifying is a security rule is blocking traffic to or from vm or the internet.

20
Q

Things to know about IP flow verify

A

*IP flow verify can be configured with the following properties :
1.Subscription and resource group
2.Local( Source) ip and local port number
3.Remote(Destination) ip and remote port
4.TCP and UDP
5. Inbound and outbound

*Test communication for target vm with NSG rules by running inbound and outbound packets to and from vm.

  • After test is complete , informs you whether communication with vm succeeds or fails
  • If target vm denies the packet because of an NSG rule , it will provide the name of the rule that denied the packet.
21
Q

Things to consider when using IP flow Verify

A

IP flow verify is used to troubleshoot NSG rules that might be causing communication issues with vm with other resources.

If a test run fails and ip flow verify did not indicate an issue related to NSG then other areas such as firewall restrictions needs to be investigated.

22
Q

Next Hop diagnostics

A

Is used to check if traffic is being directed to the intended destination. Allows you to view the next connection point(Hop) in your network route. This helps to verify if network is configured correctly.

23
Q

Things to know about next hop

A

*Configure the following properties for next hop:
1. subscription and resource group
2. VM or NIC
3.Source IP
4. Destination ip if you want to confirm a specified target is reachable

  • Tests the next connection point in network route configuration
  • Examples of next hop is internet , virtual network and virtual network endpoint.
  • If next hop is a user defined route(UDR) it will return the UDR route otherwise it will return system route.
  • If next hop is none , there might be a valid route to destination ip address.
24
Q

Topology tool

A

Helps with the visualization of the network infrastructure.

25
Q

Things to know about topology tool

A
  1. Generates a visual diagram of the resources in a virtual network
  2. Shows the resources in the network , their interconnections and relationship with each other
  3. subnets , vm, NICS, public ip addresses , NSG and route tables can be viewed.

*4. Network watcher instance has to be in the same region as the virtual network for the topology to be created.

26
Q

Network watcher monitoring tools

A
  1. Topology
    - Provides a visualization of the entire network.
    - Interactive interface to view resources and their relationship across multiple subscriptions , resource groups , and locations.

2.Connection monitor
- Provides end to end connection monitoring for azure and hybrid endpoints.
- Helps understand network performance between various endpoints

27
Q

Network watcher Diagnostic tools

A
  1. IP flow verify
    - Allows you to detect traffic filtering issues at VM level.
    - It does this by checking if if a packet is allowed or denied.
    - Also tells you which security rule allowed or denied the traffic.
  2. NSG diagnostic
    - Allows you to detect traffic filtering issues at VM , VM scale set or application gateway level.
    - it does this by checking if packets are allowed or denied to or from ip address , ip prefix or service tag.
    - Tells you which security rule has denied or allowed the traffic
    - Allows you to add a new security rule with a higher priority to allows or deny the traffic.
  3. Effective security rules
    - View the effective security rules applied to a network interface.
    - Show’s all the security rules applied to the network interface and the subnet the network interface is in.
  4. Connection troubleshoot
    - Enables you to test a connection between a vm . vm scale set , an application gateway or bastion host.
    - Test will return information but tests connection at a point in time.
  5. Packet capture
    - Allows you to remotely create a packet session to track traffic to and from a vm or vm scale set.
  6. VPN troubleshoot
    - enables you to troubleshoot virtual network gateways and their connections.
28
Q

Network watcher Traffic

A
  1. Flow logs
    - Allows you to log information about azure ip traffic and stores the data in azure storage.
    - You can log IP traffic flowing through a NSG or azure virtual network
  2. Traffic analytics
    - Provides visualization of flow logs data
29
Q
A

AZ104 - 5. Monitor and Maintain Azure Resources (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions