Log Analytics 代理概述Log Analytics agent overview

Azure Log Analytics 代理从任何云、本地计算机中的 Windows 和 Linux 虚拟机收集遥测数据,并将其收集的数据发送到 Azure Monitor 中的 Log Analytics 工作区。The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and sends it collected data to your Log Analytics workspace in Azure Monitor. Log Analytics 代理还支持 Azure Monitor 中的见解和其他服务,例如 Azure 安全中心Azure 自动化The Log Analytics agent also supports insights and other services in Azure Monitor such as Azure Security Center, and Azure Automation. 本文提供了该代理的详细概述、系统和网络要求以及部署方法。This article provides a detailed overview of the agent, system and network requirements, and deployment methods.

备注

你可能还会看到称为 Microsoft Monitoring Agent (MMA) 的 Log Analytics 代理。You may also see the Log Analytics agent referred to as the Microsoft Monitoring Agent (MMA).

与 Azure 诊断扩展的比较Comparison to Azure diagnostics extension

Azure Monitor 中的 Azure 诊断扩展也可用于从 Azure 虚拟机的来宾操作系统收集监视数据。The Azure diagnostics extension in Azure Monitor can also be used to collect monitoring data from the guest operating system of Azure virtual machines. 根据自己的需求,你可以选择使用任一代理或两者。You may choose to use either or both depending on your requirements. 如需详细了解 Azure Monitor 代理的比较,请参阅 Azure Monitor 代理概述See Overview of the Azure Monitor agents for a detailed comparison of the Azure Monitor agents.

需要考虑的主要区别是:The key differences to consider are:

  • Azure 诊断扩展只能在 Azure 中的虚拟机中使用。Azure Diagnostics Extension can be used only with Azure virtual machines. Log Analytics 代理可在 Azure、其他云和本地中的虚拟机中使用。The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
  • Azure 诊断扩展将数据发送到 Azure 存储、Azure Monitor 指标(仅限 Windows)和事件中心。Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Event Hubs. Log Analytics 代理将数据发送到 Azure Monitor 日志The Log Analytics agent sends data to Azure Monitor Logs.
  • 解决方案和其他服务(如 Azure 安全中心)需要 Log Analytics 代理。The Log Analytics agent is required for solutions,and other services such as Azure Security Center.

成本Costs

Log Analytics 代理不收取任何费用,但引入的数据可能产生费用。There is no cost for Log Analytics agent, but you may incur charges for the data ingested. 请查看使用 Azure Monitor 日志管理使用情况和成本,获取有关 Log Analytics 工作区中收集的数据定价的详细信息。Check Manage usage and costs with Azure Monitor Logs for detailed information on the pricing for data collected in a Log Analytics workspace.

支持的操作系统Supported operating systems

有关 Log Analytics 代理支持的 Windows 和 Linux 操作系统版本的列表,请参阅支持的操作系统See Supported operating systems for a list of the Windows and Linux operating system versions that are supported by the Log Analytics agent.

收集的数据Data collected

下表列出了在配置 Log Analytics 工作区后即可从所有连接的代理收集的数据的类型。The following table lists the types of data you can configure a Log Analytics workspace to collect from all connected agents. 请参阅 Azure Monitor 监视的内容是什么?,获取使用 Log Analytics 代理收集其他类型的数据的见解、解决方案和其他解决方案的列表。See What is monitored by Azure Monitor? for a list of insights, solutions, and other solutions that use the Log Analytics agent to collect other kinds of data.

数据源Data Source 说明Description
Windows 事件日志Windows Event logs 发送到 Windows 事件日志记录系统的信息。Information sent to the Windows event logging system.
SyslogSyslog 发送到 Linux 事件日志记录系统的信息。Information sent to the Linux event logging system.
“性能”Performance 测量操作系统和工作负载不同方面性能的数值。Numerical values measuring performance of different aspects of operating system and workloads.
IIS 日志IIS logs 在来宾操作系统上运行的 IIS 网站的使用情况信息。Usage information for IIS web sites running on the guest operating system.
自定义日志Custom logs Windows 和 Linux 计算机上的文本文件中的事件。Events from text files on both Windows and Linux computers.

数据目标Data destinations

Log Analytics 代理将数据发送到 Azure Monitor 中的 Log Analytics 工作区。The Log Analytics agent sends data to a Log Analytics workspace in Azure Monitor. Windows 代理可以是多宿主代理,这样便可以将数据发送到多个工作区。The Windows agent can be multihomed to send data to multiple workspaces. Linux 代理只能发送到一个目标(一个工作区或一个管理组)。The Linux agent can send to only a single destination, either a workspace or management group.

其他服务Other services

Linux 和 Windows 的代理不只是用于连接到 Azure Monitor。The agent for Linux and Windows isn't only for connecting to Azure Monitor. 其他服务(如 Azure 安全中心)依赖于该代理及其连接的 Log Analytics 工作区。Other services such as Azure Security Center rely on the agent and its connected Log Analytics workspace. 该代理还支持使用 Azure 自动化来托管混合 Runbook 辅助角色和其他服务(如更新管理Azure 安全中心)。The agent also supports Azure Automation to host the Hybrid Runbook worker role and other services such as Update Management, and Azure Security Center. 有关混合 Runbook 辅助角色的详细信息,请参阅 Azure 自动化混合 Runbook 辅助角色For more information about the Hybrid Runbook Worker role, see Azure Automation Hybrid Runbook Worker.

工作区和管理组的限制Workspace and management group limitations

  • Windows 代理最多可以连接到四个工作区。Windows agents can connect to up to four workspaces.
  • Linux 代理不支持多宿主,并且只能连接到一个工作区或管理组。The Linux agent does not support multi-homing and can only connect to a single workspace or management group.

安全性限制Security limitations

安装选项Installation options

可通过多种方法安装 Log Analytics 代理并将计算机连接到 Azure Monitor,具体取决于你的要求。There are multiple methods to install the Log Analytics agent and connect your machine to Azure Monitor depending on your requirements. 以下部分列出了可对不同类型的虚拟机采用的方法。The following sections list the possible methods for different types of virtual machine.

备注

不支持对已经配置了 Log Analytics 代理的计算机进行克隆。It is not supported to clone a machine with the Log Analytics Agent already configured. 如果该代理已与某个工作区关联,此克隆操作对“黄金映像”将不起作用。If the agent has already been associated with a workspace this will not work for 'golden images'.

Azure 虚拟机Azure virtual machine

本地或其他云中的 Windows 虚拟机Windows virtual machine on-premises or in another cloud

本地或其他云中的 Linux 虚拟机Linux virtual machine on-premises or in another cloud

  • 通过调用 GitHub 上托管的包装器脚本来手动安装该代理。Manually install the agent calling a wrapper-script hosted on GitHub.

工作区 ID 和密钥Workspace ID and key

无论使用何种安装方法,都需要有该代理将要连接到的 Log Analytics 工作区的工作区 ID 和密钥。Regardless of the installation method used, you will require the workspace ID and key for the Log Analytics workspace that the agent will connect to. 请从 Azure 门户中的“Log Analytics 工作区”菜单中选择该工作区。Select the workspace from the Log Analytics workspaces menu in the Azure portal. 然后在“设置”部分中选择“代理管理” 。Then select Agents management in the Settings section.

工作区详细信息Workspace details

TLS 1.2 协议TLS 1.2 protocol

为了确保传输到 Azure Monitor 日志的数据的安全性,我们强烈建议你将代理配置为至少使用传输层安全性 (TLS) 1.2。To ensure the security of data in transit to Azure Monitor logs, we strongly encourage you to configure the agent to use at least Transport Layer Security (TLS) 1.2. 我们发现旧版 TLS/安全套接字层 (SSL) 容易受到攻击,尽管目前出于向后兼容,这些协议仍可正常工作,但我们 不建议使用Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable and while they still currently work to allow backwards compatibility, they are not recommended. 有关其他信息,请查看使用 TLS 1.2 安全地发送数据For additional information, review Sending data securely using TLS 1.2.

网络要求Network requirements

用于 Linux 和 Windows 的代理通过 TCP 端口 443 与 Azure Monitor 服务进行出站通信。The agent for Linux and Windows communicates outbound to the Azure Monitor service over TCP port 443. 如果计算机通过防火墙或代理服务器建立连接,以便通过 Internet 进行通信,请查看下文以了解网络配置要求。If the machine connects through a firewall or proxy server to communicate over the Internet, review requirements below to understand the network configuration required. 如果 IT 安全策略不允许网络上的计算机连接到 Internet,则可以设置 Log Analytics 网关并将代理配置为通过该网关连接到 Azure Monitor。If your IT security policies do not allow computers on the network to connect to the Internet, you can set up a Log Analytics gateway and then configure the agent to connect through the gateway to Azure Monitor. 然后,代理可以接收配置信息并发送收集的数据。The agent can then receive configuration information and send data collected.

Log Analytics 代理通信示意图

下表列出了 Linux 和 Windows 代理与 Azure Monitor 日志通信所需的代理和防火墙配置信息。The following table lists the proxy and firewall configuration information required for the Linux and Windows agents to communicate with Azure Monitor logs.

防火墙要求Firewall requirements

代理资源Agent Resource 端口Ports 方向Direction 绕过 HTTPS 检查Bypass HTTPS inspection
*.ods.opinsights.azure.cn*.ods.opinsights.azure.cn 端口 443Port 443 出站Outbound Yes
*.oms.opinsights.azure.cn*.oms.opinsights.azure.cn 端口 443Port 443 出站Outbound Yes
*.blob.core.chinacloudapi.cn*.blob.core.chinacloudapi.cn 端口 443Port 443 出站Outbound Yes
*.azure-automation.cn*.azure-automation.cn 端口 443Port 443 出站Outbound Yes

如果计划使用 Azure 自动化混合 Runbook 辅助角色连接到自动化服务并在该服务中注册以在环境中使用 Runbook 或管理功能,则它必须可以访问针对混合 Runbook 辅助角色配置网络中所述的端口号和 URL。If you plan to use the Azure Automation Hybrid Runbook Worker to connect to and register with the Automation service to use runbooks or management features in your environment, it must have access to the port number and the URLs described in Configure your network for the Hybrid Runbook Worker.

代理配置Proxy configuration

Windows 和 Linux 代理支持使用 HTTPS 协议通过代理服务器或 Log Analytics 网关与 Azure Monitor 服务进行通信。The Windows and Linux agent supports communicating either through a proxy server or Log Analytics gateway to Azure Monitor using the HTTPS protocol. 并同时支持匿名身份验证和基本身份验证(用户名/密码)。Both anonymous and basic authentication (username/password) are supported. 对于直接连接到服务的 Windows 代理,代理配置在安装过程中指定,或在部署后从控制面板或使用 PowerShell 指定。For the Windows agent connected directly to the service, the proxy configuration is specified during installation or after deployment from Control Panel or with PowerShell.

对于 Linux 代理,代理服务器在安装过程中指定,或者在安装后通过修改 proxy.conf 配置文件来指定。For the Linux agent, the proxy server is specified during installation or after installation by modifying the proxy.conf configuration file. Linux 代理的代理配置值具有以下语法:The Linux agent proxy configuration value has the following syntax:

[protocol://][user:password@]proxyhost[:port]

属性Property 说明Description
协议Protocol httpshttps
useruser 用于代理身份验证的可选用户名Optional username for proxy authentication
passwordpassword 用于代理身份验证的可选密码Optional password for proxy authentication
proxyhostproxyhost 代理服务器/Log Analytics 网关的地址或 FQDNAddress or FQDN of the proxy server/Log Analytics gateway
portport 代理服务器/Log Analytics 网关的可选端口号Optional port number for the proxy server/Log Analytics gateway

例如: https://user01:password@proxy01.contoso.com:30443For example: https://user01:password@proxy01.contoso.com:30443

备注

如果密码中使用了特殊字符(如“@”),则会收到代理连接错误,因为值解析不正确。If you use special characters such as "@" in your password, you receive a proxy connection error because value is parsed incorrectly. 若要解决此问题,请使用 URLDecode 等工具在 URL 中对密码进行编码。To work around this issue, encode the password in the URL using a tool such as URLDecode.

后续步骤Next steps

  • 查看数据源,了解可用于从 Windows 或 Linux 系统收集数据的数据源。Review data sources to understand the data sources available to collect data from your Windows or Linux system.
  • 了解日志查询以便分析从数据源和解决方案中收集的数据。Learn about log queries to analyze the data collected from data sources and solutions.
  • 了解监视解决方案如何将功能添加到 Azure Monitor,以及如何将数据收集到 Log Analytics 工作区中。Learn about monitoring solutions that add functionality to Azure Monitor and also collect data into the Log Analytics workspace.