与 Azure Monitor 日志集成Integrate with Azure Monitor logs

Azure Automation State Configuration 将节点状态数据保留 30 天。Azure Automation State Configuration retains node status data for 30 days. 如果希望将此数据保留更长一段时间,可以将节点状态数据发送到 Log Analytics 工作区。You can send node status data to your Log Analytics workspace if you prefer to retain this data for a longer period. 节点和节点配置中的单个 DSC 资源的符合性状态可以通过 Azure 门户或 PowerShell 查看。Compliance status is visible in the Azure portal or with PowerShell, for nodes and for individual DSC resources in node configurations.

Azure Monitor 日志可以更直观地显示 Automation State Configuration 数据的运行情况,并且有助于更快地解决事件。Azure Monitor logs provides greater operational visibility to your Automation State Configuration data and can help address incidents more quickly. 使用 Azure Monitor 日志,可以执行以下操作:With Azure Monitor logs you can:

  • 获取托管节点和单个资源的符合性信息。Get compliance information for managed nodes and individual resources.
  • 基于符合性状态触发电子邮件或警报。Trigger an email or alert based on compliance status.
  • 跨托管节点编写高级查询。Write advanced queries across your managed nodes.
  • 跨自动化帐户关联符合性状态。Correlate compliance status across Automation accounts.
  • 使用自定义视图和搜索查询直观地显示 Runbook 结果、Runbook 作业状态以及其他相关的关键指标。Use custom views and search queries to visualize your runbook results, runbook job status, and other related key indicators or metrics.

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

先决条件Prerequisites

若要开始将 Automation State Configuration 报告发送到 Azure Monitor 日志,需要准备:To start sending your Automation State Configuration reports to Azure Monitor logs, you need:

设置与 Azure Monitor 日志的集成Set up integration with Azure Monitor logs

若要开始将数据从 Azure Automation State Configuration 导入到 Azure Monitor 日志,请完成以下步骤:To begin importing data from Azure Automation State Configuration into Azure Monitor logs, complete the following steps:

  1. 通过 PowerShell 登录 Azure 帐户。Log in to your Azure account in PowerShell. 请参阅使用 Azure PowerShell 进行登录See Sign in with Azure PowerShell.

  2. 通过运行以下 PowerShell cmdlet 获取自动化帐户的资源 ID。Get the resource ID of your Automation account by running the following PowerShell cmdlet. 如果有多个自动化帐户,请选择要配置的帐户的资源 ID。If you have more than one automation account, choose the resource ID for the account that you want to configure.

    # Find the ResourceId for the Automation account
    Get-AzResource -ResourceType 'Microsoft.Automation/automationAccounts'
    
  3. 通过运行以下 PowerShell cmdlet 获取 Log Analytics 工作区的资源 ID。Get the resource ID of your Log Analytics workspace by running the following PowerShell cmdlet. 如果有多个工作区,请选择要配置的工作区的资源 ID。If you have more than one workspace, choose the resource ID for the workspace that you want to configure.

    # Find the ResourceId for the Log Analytics workspace
    Get-AzResource -ResourceType 'Microsoft.OperationalInsights/workspaces'
    
  4. 运行以下 PowerShell cmdlet,将 <AutomationResourceId><WorkspaceResourceId> 替换为前面每个步骤中的 ResourceId 值。Run the following PowerShell cmdlet, replacing <AutomationResourceId> and <WorkspaceResourceId> with the ResourceId values from each of the previous steps.

    Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $true -Category 'DscNodeStatus'
    
  5. 若要停止将数据从 Azure Automation State Configuration 导入到 Azure Monitor 日志,请运行以下 PowerShell cmdlet。If you want to stop importing data from Azure Automation State Configuration into Azure Monitor logs, run the following PowerShell cmdlet.

    Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Category 'DscNodeStatus'
    

查看 Automation State Configuration 日志View the State Configuration logs

为 Automation State Configuration 数据设置了与 Azure Monitor 日志的集成后,可以在“状态配置 (DSC)”页左窗格的“监视”部分中选择“日志”以便查看这些数据。After you set up integration with Azure Monitor logs for your Automation State Configuration data, you can view them by selecting Logs in the Monitoring section in the left pane of the State configuration (DSC) page.

日志

此时将打开“日志搜索”窗格,其中包含一个作用域为自动化帐户资源的查询区域。The Log Search pane opens with a query region scoped to your Automation account resource. 可以通过在 Azure Monitor 日志中进行搜索,以便搜索 DSC 操作的 State Configuration 日志。You can search the State Configuration logs for DSC operations by searching in Azure Monitor logs. DSC 操作的记录存储在 AzureDiagnostics 表中。The records for DSC operations are stored in the AzureDiagnostics table. 例如,若要查找不符合的节点,请键入以下查询。For example, to find nodes that are not compliant, type the following query.

| where Category == 'DscNodeStatus' 
| where OperationName contains 'DSCNodeStatusData'
| where ResultType != 'Compliant'

筛选详细信息:Filtering details:

  • 筛选 DscNodeStatusData 可返回每个 State Configuration 节点的操作。Filter on DscNodeStatusData to return operations for each State Configuration node.
  • 筛选 DscResourceStatusData 可返回在应用于该资源的节点配置中调用的每个 DSC 资源的操作。Filter on DscResourceStatusData to return operations for each DSC resource called in the node configuration applied to that resource.
  • 筛选 DscResourceStatusData 可返回任何失败的 DSC 资源的错误信息。Filter on DscResourceStatusData to return error information for any DSC resources that fail.

若要详细了解如何构建日志查询以查找数据,请参阅 Azure Monitor 中的日志查询概述To learn more about constructing log queries to find data, see Overview of log queries in Azure Monitor.

State Configuration 符合性检查失败时发送一封电子邮件Send an email when a State Configuration compliance check fails

我们的一家重要客户提出的请求是,当 DSC 配置出现问题时能够发送电子邮件或短信。One of our top customer requests is for the ability to send an email or a text when something goes wrong with a DSC configuration.

若要创建警报规则,首先针对应调用警报的 State Configuration 报告记录创建日志搜索。To create an alert rule, start by creating a log search for the State Configuration report records that should invoke the alert. 单击“新建警报规则”按钮以创建并配置警报规则。Click the New Alert Rule button to create and configure the alert rule.

  1. 在 Log Analytics 工作区的“概述”页面中,单击“日志”。From the Log Analytics workspace Overview page, click Logs.

  2. 在查询字段中键入以下搜索,针对警报创建日志搜索查询:AzureDiagnostics | where Category=='DscNodeStatus' and NodeName_s=='DSCTEST1' and OperationName=='DscNodeStatusData' and ResultType=='Failed'Create a log search query for your alert by typing the following search in the query field: AzureDiagnostics | where Category=='DscNodeStatus' and NodeName_s=='DSCTEST1' and OperationName=='DscNodeStatusData' and ResultType=='Failed'

    如果已设置在工作区中收集来自多个自动化帐户或订阅的日志,则可以按照订阅或自动化帐户来为警报分组。If you have set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account. DscNodeStatusData 记录搜索中的 Resource 字段派生自动化帐户名称。Derive the Automation account name from the Resource field in the search of the DscNodeStatusData records.

  3. 若要打开“创建规则”屏幕,请单击页面顶部的“新建警报规则”。To open the Create rule screen, click New Alert Rule at the top of the page.

若要详细了解用于配置警报的选项,请参阅创建警报规则For more information on the options to configure the alert, see Create an alert rule.

在所有节点中查找失败的 DSC 资源Find failed DSC resources across all nodes

使用 Azure Monitor 日志的一个优点是,可以在节点中搜索失败的检查。One advantage of using Azure Monitor logs is that you can search for failed checks across nodes. 若要查找失败的 DSC 资源的所有实例,请执行以下操作:To find all instances of DSC resources that have failed:

  1. 在 Log Analytics 工作区的“概述”页面中,单击“日志”。On the Log Analytics workspace Overview page, click Logs.
  2. 在查询字段中键入以下搜索,针对警报创建日志搜索查询:AzureDiagnostics | where Category=='DscNodeStatus' and OperationName=='DscResourceStatusData' and ResultType=='Failed'Create a log search query for your alert by typing the following search into the query field: AzureDiagnostics | where Category=='DscNodeStatus' and OperationName=='DscResourceStatusData' and ResultType=='Failed'

查看历史 DSC 节点状态View historical DSC node status

若要显示不同时间段的 DSC 节点状态历史记录,可以使用以下查询:To visualize your DSC node status history over time, you can use this query:

AzureDiagnostics | where ResourceProvider=="MICROSOFT.AUTOMATION" and Category=="DscNodeStatus" and ResultType!="started" | summarize count() by ResultType, bin(TimeGenerated, 1h)

此查询将显示不同时间段的节点状态图。This query displays a chart of the node status over time.

Azure Monitor 日志记录Azure Monitor logs records

Azure 自动化诊断将在 Azure Monitor 日志中创建以下两种类别的记录:Azure Automation diagnostics create two categories of records in Azure Monitor logs:

  • 节点状态数据 (DscNodeStatusData)Node status data (DscNodeStatusData)
  • 资源状态数据 (DscResourceStatusData)Resource status data (DscResourceStatusData)

DscNodeStatusDataDscNodeStatusData

propertiesProperty 说明Description
TimeGeneratedTimeGenerated 符合性检查运行的日期和时间。Date and time when the compliance check ran.
OperationNameOperationName DscNodeStatusData 列中的一个值匹配。DscNodeStatusData.
ResultTypeResultType 指示节点是否符合要求的值。Value that indicates if the node is compliant.
NodeName_sNodeName_s 托管节点的名称。The name of the managed node.
NodeComplianceStatus_sNodeComplianceStatus_s 指定节点是否符合要求的状态值。Status value that specifies if the node is compliant.
DscReportStatusDscReportStatus 指示符合性检查是否成功运行的状态值。Status value indicating if the compliance check ran successfully.
ConfigurationModeConfigurationMode 用于将配置应用到节点的模式。The mode used to apply the configuration to the node. 可能的值包括:Possible values are:
  • ApplyOnly:DSC 将应用配置,且不执行进一步操作,除非有新配置被推送到目标节点或从服务器请求新配置。ApplyOnly: DSC applies the configuration and does nothing further unless a new configuration is pushed to the target node or when a new configuration is pulled from a server. 首次应用新配置后,DSC 将不检查以前配置状态的偏离。After initial application of a new configuration, DSC does not check for drift from a previously configured state. ApplyOnly 值生效之前,DSC 将尝试应用配置,直至成功。DSC attempts to apply the configuration until it is successful before the ApplyOnly value takes effect.
  • ApplyAndMonitor:这是默认值。ApplyAndMonitor: This is the default value. LCM 将应用任意新配置。The LCM applies any new configurations. 首次应用新配置后,如果目标节点偏离所需状态,DSC 将在日志中报告差异。After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs. ApplyAndMonitor 值生效之前,DSC 将尝试应用配置,直至成功。DSC attempts to apply the configuration until it is successful before the ApplyAndMonitor value takes effect.
  • ApplyAndAutoCorrect:DSC 将应用任何新配置。ApplyAndAutoCorrect: DSC applies any new configurations. 首次应用新配置后,如果目标节点偏离所需状态,DSC 将在日志中报告差异,然后重新应用当前配置。After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs, and then reapplies the current configuration.
HostName_sHostName_s 托管节点的名称。The name of the managed node.
IPAddressIPAddress 托管节点的 IPv4 地址。The IPv4 address of the managed node.
类别Category DscNodeStatus 列中的一个值匹配。DscNodeStatus.
资源Resource Azure 自动化帐户的名称。The name of the Azure Automation account.
Tenant_gTenant_g 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller.
NodeId_gNodeId_g 标识托管节点的 GUID。GUID that identifies the managed node.
DscReportId_gDscReportId_g 标识报表的 GUID。GUID that identifies the report.
LastSeenTime_tLastSeenTime_t 上一次查看报表的日期和时间。Date and time when the report was last viewed.
ReportStartTime_tReportStartTime_t 报表开始的日期和时间。Date and time when the report was started.
ReportEndTime_tReportEndTime_t 报表完成的日期和时间。Date and time when the report completed.
NumberOfResources_dNumberOfResources_d 在应用于节点的配置中调用的 DSC 资源数。The number of DSC resources called in the configuration applied to the node.
SourceSystemSourceSystem 用于标识 Azure Monitor 日志如何收集数据的源系统。The source system identifying how Azure Monitor logs has collected the data. 对于 Azure 诊断,始终为 AzureAlways Azure for Azure diagnostics.
ResourceIdResourceId Azure 自动化帐户的资源标识符。The resource identifier of the Azure Automation account.
ResultDescriptionResultDescription 此操作的资源说明。The resource description for this operation.
SubscriptionIdSubscriptionId 自动化帐户的 Azure 订阅 ID (GUID)。The Azure subscription ID (GUID) for the Automation account.
ResourceGroupResourceGroup 自动化帐户的资源组的名称。The name of the resource group for the Automation account.
ResourceProviderResourceProvider MICROSOFT.AUTOMATION。MICROSOFT.AUTOMATION.
ResourceTypeResourceType AUTOMATIONACCOUNTS。AUTOMATIONACCOUNTS.
CorrelationIdCorrelationId 用作符合性报告相关性标识符的 GUID。A GUID that is the correlation identifier of the compliance report.

DscResourceStatusDataDscResourceStatusData

propertiesProperty 说明Description
TimeGeneratedTimeGenerated 符合性检查运行的日期和时间。Date and time when the compliance check ran.
OperationNameOperationName DscResourceStatusData 列中的一个值匹配。DscResourceStatusData.
ResultTypeResultType 资源是否符合。Whether the resource is compliant.
NodeName_sNodeName_s 托管节点的名称。The name of the managed node.
类别Category DscNodeStatus。DscNodeStatus.
资源Resource Azure 自动化帐户的名称。The name of the Azure Automation account.
Tenant_gTenant_g 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller.
NodeId_gNodeId_g 标识托管节点的 GUID。GUID that identifies the managed node.
DscReportId_gDscReportId_g 标识报表的 GUID。GUID that identifies the report.
DscResourceId_sDscResourceId_s DSC 资源实例的名称。The name of the DSC resource instance.
DscResourceName_sDscResourceName_s DSC 资源的名称。The name of the DSC resource.
DscResourceStatus_sDscResourceStatus_s DSC 资源是否具有符合性。Whether the DSC resource is in compliance.
DscModuleName_sDscModuleName_s 包含 DSC 资源的 PowerShell 模块的名称。The name of the PowerShell module that contains the DSC resource.
DscModuleVersion_sDscModuleVersion_s 包含 DSC 资源的 PowerShell 模块的版本。The version of the PowerShell module that contains the DSC resource.
DscConfigurationName_sDscConfigurationName_s 应用于节点的配置的名称。The name of the configuration applied to the node.
ErrorCode_sErrorCode_s 资源失败时的错误代码。The error code if the resource failed.
ErrorMessage_sErrorMessage_s 资源失败时的错误消息。The error message if the resource failed.
DscResourceDuration_dDscResourceDuration_d DSC 资源运行的时间(以秒为单位)。The time, in seconds, that the DSC resource ran.
SourceSystemSourceSystem Azure Monitor 日志收集数据的方式。How Azure Monitor logs collected the data. 对于 Azure 诊断,始终为 AzureAlways Azure for Azure diagnostics.
ResourceIdResourceId Azure 自动化帐户的标识符。The identifier of the Azure Automation account.
ResultDescriptionResultDescription 此操作的说明。The description for this operation.
SubscriptionIdSubscriptionId 自动化帐户的 Azure 订阅 ID (GUID)。The Azure subscription ID (GUID) for the Automation account.
ResourceGroupResourceGroup 自动化帐户的资源组的名称。The name of the resource group for the Automation account.
ResourceProviderResourceProvider MICROSOFT.AUTOMATION。MICROSOFT.AUTOMATION.
ResourceTypeResourceType AUTOMATIONACCOUNTS。AUTOMATIONACCOUNTS.
CorrelationIdCorrelationId 用作符合性报告相关性 ID 的 GUID。GUID that is the correlation ID of the compliance report.

后续步骤Next steps