Monitoring Flashcards
Azure Monitor
Is a monitoring solution elps organizations gain insights into the performance, health, and availability of their applications and resources across Azure and hybrid environments. Azure Monitor provides a unified platform for monitoring, diagnosing, and troubleshooting Azure services, infrastructure, applications, and workloads.
Key Products and Features
-Centralized
-Cloud and Hybrid
-Apps to Tenants
-Fully Managed
Monitoring Data
-Metrics Explorer: That’s metrics information that we can go and explore and graph and take a look at.
-Log Routing: We can go and gather and analyze detailed logging information about what’s happening within our environment
Monitor Alerts
-Alerts: If something goes wrong in your environment
-Actions: You can have automated responses
Azure Monitor Logs (Log Analytics)
-Analytics: Helps us to analyze the data that we capture
-Kusto Query Language (KQL): Provides powerful capabilities to analyze your environment
Allows you to look at everything in one single place
Insights - Monitoring that is tailored for a specific workload
-Apps, VMs, Containers, Networks and more..
Monitoring Data Overview
-Data Sources: Apps, OS, Resources, Subscriptions and Tenant
–Application Insights: If you want to get really valuable application specific information (Page load time, Usage analytics) (Apps)
–VM Agent: If you want information specifically from an O.S
–If you are working with resources, subscriptions, or tenants, that’s all provided by the platform
–Subscriptions > Activity Log
–Tenant > AAD Reports
-Data Types
–Metrics: Small numerical information that’s typically looking at something overtime. (CPU Utilization, Storage Requests, Page Load Time)
–Logs: Detailed textual based information. (Repo Events, Storage Reads, DB Errors)
-Data Usage
–Analyze, Visualize, Respond, Integrate
Diagnostic Settings
Routing Platform Logs & Metrics - Resources, Subscriptions and Tenant
- Platform Data: Metrics and Logs emitted by the platform can be routed
- Diagnostic Settings: Select the Metrics and Log data that needs to be routed
-What set of information do we want to capture and from that resource - Destionation: Send to Log Analytics, Azure Storage, Event Hubs, or Partner Solutions
Data Collection Rules
Routing OS Metrics and Logs
- Azure Monitor Agent: Supports Windows/Linux both in Azure and on-premises (Arc-enabled)
- Data Collection Rule: Define the data source and (optional) Data Collection Endpoint
- Azure Monitor Logs: An Azure Monitor Logs Workspace is required for the data destination
Activity Log
Is a service that records all operations performed on resources within an Azure subscription. It provides a comprehensive audit trail of actions taken by users, applications, or Azure services, enabling organizations to track changes, monitor activities, and troubleshoot issues across their Azure environment.
Functionality
-All of the tools that you use, whether it’s the portal or an SDK are going to go through a REST API (ARM)
-When we use that ARM API, since it’s a REST API, that means that all of our commands are going over the HTTP protocol and they’ll be doing so using post, get, patch, update, different types of rest commands
-Since everything goes through this ARM REST API, that’s a really good place to perform some logging
Key Features
-Logs subscription-lvel operations performed via the ARM REST API
-Covers REST write operations (PUT,POST,DELETE) for each subscription
-Provides up to 90 days worth of data, without any futther configuration (by default)
-Supports Diagnostic Settings routing to Storage, Monitor Logs, and Event Hubs. (If you want a longer time retention)
Azure Monitor Logs (Logs Analytics)
Is a powerful data analytics and query language service. It enables organizations to collect, analyze, and visualize log and telemetry data from various Azure services, applications, and infrastructure components.
-Built on top of the Azure Data Explorer (ADX) platform, offering scalable and flexible data ingestion, storage, and analysis capabilities.
Why should we store all of the information/logs in a Monitor Logs Workspace?
Because we get some very powerful querying and analytics capabilites to be able to better analyze and work with data that truly holistically represents our actual environment
Implementation Tasks
1. Workspace: The Log Analytics Workspace is the storage repository and perimeter for analytics
2. Data Sources: Connect OS with agents, route with Diagnostic Settings, or integrate with other services
3. Analyze: Kusto Query Language (KQL) underpins analytics capabilities within Azure Monitor Logs
Azure Monitor Alerts
Allows users to set up and manage alerts based on metrics, logs, and other monitoring data collected from Azure resources. With Azure Monitor Alerts, users can define thresholds, conditions, and actions to trigger notifications or automated responses when specified conditions are met.
-We can send SMS messages and phone calls.
-We can perform automated tasks
Alert Rules
- Condition: Evaluate a resource for a signal for the specified scope.
-We can get information from the activity log ro even resource health
-Depending on the scope you pick, that’s going to determine what signals you can use to define what should trigger your given alert - Action Group: Notification and/or Action to be triggered if the Condition is true
-You can get a phone call or email
-We create them so that they can be used by multiple different alert rules
-We can create an action in the action group, and we can associate that to our alert rule - Alert: Alert is created/logged when an Alert Rule is triggered
-Average CPU greater than 80%, this might be a severity one issue.
-We can check the status of the alert, set to assigned or completed
-We can get a audit trail
Considerations
-Alerts are throttled (1 SMS/call every 5 minutes; 100 emails per hour)
-Some basic alert management capabilities are included (open/close/comments/etc)
-Queries from Azure Monitor Logs can be saved and used for Azure Monitor Alerts
Network Watcher
Is a network performance monitoring and diagnostic service. It offers a set of tools and capabilities to monitor, diagnose, and troubleshoot network connectivity, performance, and security issues within Azure virtual networks (VNets) and across hybrid and multi-cloud environments.
-Automatically, you’ll get one “network watcher” resources, and they help to configure the type of monitoring and logging capabilities that we require to troubleshoot our networks within Azure. (Regional instances)
Monitoring
-Topology: Network map automatically generated to illustrate network relationships
-Connection Monitor: Allows you to perform regular tests of the connectivity and latency between endpoints (inside/outside of Azure). (If i want to check, if one VM can talk to another VM using an ICMP Test)
–You’ll have to create a Connection Monitor, say whats test you want to perform. (This can even deploy the network watcher extension if you don’t have it)
–You’ll also need a Azure Monitor Logs Workspace
–If you want support of VMs outside of Azure, you’ll need to deploy an agent to those VMs and configure something called “Network Performance Monitor”
Diagnostic
-IP Flow Verify (NSG): Determine whether packets for a VM are blocked or allowed by an NSG
-Effective Security Ruless (NSG): View the collection of NSG security rules that are applied to a VM/NIC
–If you are using more than 2 NSGs
-Next Hop: Determine the path a packet will take from source to destination (routing)
-Packet Capture: Capture all network packet data sent to our from a VM (capture to VM or Azure Storage)
–All traffic arriving at the NIC
–You’ll need a storage account or store the information on the instance itself
–You’ll need a another tool (outside of Network Watcher) to go and analyze that capture file
-Connection Troubleshooting: Perform direct TCP/ICMP checks from a VM, Bastion, or App GW to a VM/FQDN/IP
-VPN Troubleshoot: Capure detauled diagnostic, like connection stats. CPU/memory info, IKE errors, etc
Logging
-NSG Flow Logs: Detailed logging of all IP flows going in and out of an NSG (captured every 1min to JSON)
–You’ll need a storage account and the data will be stored on a per NSG basis
-Traffic Analysis: Aggreegates data to provide insights around security, hot-spots, connectivity, etc
–You’ll need to have NSG Flow Logs enabled (takes the info from here) and Microsoft will agregate that all into a Azure Monitor Logs Workspace, and turn it into more valuable information for you