Azure Monitor 中的 Log Analytics 代理数据源

Azure Monitor 通过 Log Analytics 代理从虚拟机中收集的数据由你在 Log Analytics 工作区上配置的数据源定义。The data that Azure Monitor collects from virtual machines with the Log Analytics agent is defined by the data sources that you configure on the Log Analytics workspace. 每个数据源将创建具有某种特殊类型的记录,而每个类型都具有自己的一组属性。Each data source creates records of a particular type with each type having its own set of properties.


本文介绍 Log Analytics 代理(Azure Monitor 使用的代理之一)的数据源。This article covers data sources for the Log Analytics agent which is one of the agents used by Azure Monitor. 其他代理收集的数据不同,且配置也不同。Other agents collect different data and are configured differently. 有关可用代理及其可收集的数据的列表,请参阅 Azure Monitor 代理概述See Overview of Azure Monitor agents for a list of the available agents and the data they can collect.



本文中所述的数据源仅适用于运行 Log Analytics 代理的虚拟机。The data sources described in this article apply only to virtual machines running the Log Analytics agent.

数据源概要介绍Summary of data sources

下表列出了 Log Analytics 代理当前提供的代理数据源。The following table lists the agent data sources that are currently available with the Log Analytics agent. 每个数据源都链接到一篇单独的文章,提供该数据源的详细信息。Each has a link to a separate article providing detail for that data source. 它还提供了有关收集方法和收集频率的信息。It also provides information on their method and frequency of collection.

数据源Data source 平台Platform Log Analytics 代理Log analytics agent Operations Manager 代理Operations Manager agent Azure 存储Azure storage 需要 Operations Manager?Operations Manager required? Operations Manager 代理数据通过管理组发送Operations Manager agent data sent via management group 收集频率Collection frequency
自定义日志Custom logs WindowsWindows 到达时on arrival
自定义日志Custom logs LinuxLinux 到达时on arrival
IIS 日志IIS logs WindowsWindows 依赖于日志文件滚动更新设置depends on Log File Rollover setting
性能计数器Performance counters WindowsWindows 根据计划,最小值为 10 秒as scheduled, minimum of 10 seconds
性能计数器Performance counters LinuxLinux 根据计划,最小值为 10 秒as scheduled, minimum of 10 seconds
SyslogSyslog LinuxLinux 来自 Azure 存储:10 分钟;来自代理:到达时from Azure storage: 10 minutes; from agent: on arrival
Windows 事件日志Windows Event logs WindowsWindows 到达时on arrival

配置数据源Configuring data sources

若要为 Log Analytics 代理配置数据源,请转到 Azure 门户中的“Log Analytics 工作区”菜单,然后选择一个工作区。To configure data sources for Log Analytics agents, go to the Log Analytics workspaces menu in the Azure portal and select a workspace. 依次单击“高级设置”、“数据”。Click on Advanced settings and then Data. 选择要配置的数据源。Select the data source you want to configure. 可以打开上表中的链接来访问每个数据源的文档及其配置的详细信息。You can follow the links in the table above to documentation for each data source and details on their configuration.

任何配置都会传递到已连接到该工作区的所有代理。Any configuration is delivered to all agents connected to that workspace. 不能从此配置中排除任何已连接的代理。You cannot exclude any connected agents from this configuration.

配置 Windows 事件

数据收集Data collection

数据源配置会在几分钟内传送到与 Azure Monitor 直接连接的各个代理。Data source configurations are delivered to agents that are directly connected to Azure Monitor within a few minutes. 指定的数据从代理收集,并按特定于每个数据源的时间间隔直接传送到 Azure Monitor。The specified data is collected from the agent and delivered directly to Azure Monitor at intervals specific to each data source. 请参阅每个数据源的文档以了解详情。See the documentation for each data source for these specifics.

如果代理无法连接到 Azure Monitor,它会继续收集在建立连接时将要传送的数据。If the agent is unable to connect to Azure Monitor , it will continue to collect data that it will deliver when it establishes a connection. 如果数据量达到客户端的最大缓存大小,或者如果代理无法在 24 小时内建立连接,则可能会丢失数据。Data can be lost if the amount of data reaches the maximum cache size for the client, or if the agent is not able to establish a connection within 24 hours.

日志记录Log records

Azure Monitor 收集的所有日志数据都作为记录存储在工作区中。All log data collected by Azure Monitor is stored in the workspace as records. 按不同数据源收集的记录具有其自己的属性集,并由其“类型”属性来识别。Records collected by different data sources will have their own set of properties and be identified by their Type property. 有关每种记录类型的详细信息,请参阅每个数据源和解决方案的相关文档。See the documentation for each data source and solution for details on each record type.

