使用 Azure Monitor 监视 Azure 资源Monitoring Azure resources with Azure Monitor

如果你有关键应用程序和业务流程依赖于 Azure 资源,则需要监视这些资源的可用性、性能和操作。When you have critical applications and business processes relying on Azure resources, you want to monitor those resources for their availability, performance, and operation. 本文描述了 Azure 资源生成的监视数据,介绍如何使用 Azure Monitor 的功能对此数据分析和发出警报。This article describes the monitoring data generated by Azure resources and how you can use the features of Azure Monitor to analyze and alert on this data.

重要

本文适用于 Azure 中使用 Azure Monitor 的所有服务。This article applies to all services in Azure that use Azure Monitor. 计算资源(包括虚拟机和应用服务)如此处所述会生成相同的监视数据,但也有可能生成日志和指标的来宾操作系统。Compute resources, including VMs and App Service, generate the same monitoring data described here but also have a guest operating system that may also generate logs and metrics. 要详细了解如何收集和分析此数据,请参阅这些服务的监视文档。See the monitoring documentation for these services for details on how to collect and analyze this data.

什么是 Azure Monitor?What is Azure Monitor?

Azure Monitor 是 Azure 中的一项完整堆栈监视服务,它提供了一组完整的功能来监视 Azure 资源以及其他云中和本地的资源。Azure Monitor is a full stack monitoring service in Azure that provides a complete set of features to monitor your Azure resources in addition to resources in other clouds and on-premises. Azure Monitor 数据平台会将数据收集到日志指标中,在这里使用一组完整的监视工具对数据进行整体分析,如以下各部分所述。The Azure Monitor data platform collects data into logs and metrics where they can be analyzed together using a complete set of monitoring tools as described in the following sections.

创建 Azure 资源后,Azure Monitor 会立即启用并开始收集指标和活动日志,你可在 Azure 门户中查看和分析这些内容。As soon as you create an Azure resource, Azure Monitor is enabled and starts collecting metrics and activity logs which you can view and analyze in the Azure portal. 通过某些配置,你可收集其他监视数据和启用其他功能。With some configuration, you can gather additional monitoring data and enable additional features. 要详细了解任何配置要求,请参阅下面的监视数据See Monitoring Data below for details on any configuration requirements.

与监视相关的成本Costs associated with monitoring

分析默认收集的监视数据不会产生任何费用。There is no cost for analyzing monitoring data that is collected by default. 其中包括:This includes the following:

  • 收集平台指标并使用指标资源管理器对其进行分析。Collecting platform metrics and analyzing them with metrics explorer.
  • 收集活动日志并在 Azure 门户中对其进行分析。Collecting Activity log and analyzing it in the Azure portal.
  • 创建活动日志警报规则。Creating an Activity log alert rule.

收集和导出日志及指标不会产生 Azure Monitor 费用,但可能存在与目标相关的成本,其中包括:There are no Azure Monitor costs for collecting and exporting logs and metrics, but there may be related costs associated with the destination:

可能存在与以下操作相关的 Azure Monitor 成本。There may be Azure Monitor costs associated with the following. 请参阅 Azure Monitor 定价See Azure Monitor pricing:

  • 运行日志查询。Running a log query.
  • 创建指标或日志查询警报规则。Creating a metric or log query alert rule.
  • 基于任何警报规则发送通知。Sending a notification from any alert rule.
  • 通过 API 访问指标。Accessing metrics through API.

监视数据Monitoring data

Azure 中的资源会生成日志指标,如下图所示。Resources in Azure generate logs and metrics shown in the following diagram. 请参阅每项 Azure 服务的相关文档,了解它们生成的特定数据以及提供的任何其他解决方案或见解。Refer to the documentation for each Azure services for the specific data they generate and any additional solutions or insights they provide.

概述

  • 平台指标 - 定期自动收集的数值,描述了资源在特定时间的某个方面。Platform metrics - Numerical values that are automatically collected at regular intervals and describe some aspect of a resource at a particular time.
  • 资源日志 - 提供在 Azure 资源内(数据平面)执行的操作的见解,例如从 Key Vault 获取机密或向数据库发出请求。Resource logs - Provide insight into operations that were performed within an Azure resource (the data plane), for example getting a secret from a Key Vault or making a request to a database. 资源日志的内容和结构因 Azure 服务和资源类型而异。The content and structure of resource logs varies by the Azure service and resource type.
  • 活动日志 - 提供从外部(管理平面)对订阅中的各项 Azure 资源执行操作的见解,例如创建新的资源或启动虚拟机。Activity log - Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane), for example creating a new resource or starting a virtual machine. 该信息显示了对订阅中的资源执行的任何写入操作(PUT、POST、DELETE)的执行内容、执行者和执行时间。This is information about the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription.

配置要求Configuration requirements

配置监视Configure monitoring

某些监视数据是自动收集的,但可能需要根据你的要求执行一些配置。Some monitoring data is collected automatically, but you may need to perform some configuration depending on your requirements. 有关每种类型的监视数据的特定信息,请参阅下面的信息。See the information below for specific information for each type of monitoring data.

  • 平台指标 - 平台指标会自动收集到 Azure Monitor 指标中,无需进行任何配置。Platform metrics - Platform metrics are collected automatically into Azure Monitor Metrics with no configuration required. 可创建诊断设置,将条目发送到 Azure Monitor 日志,或将其转发到 Azure 之外。Create a diagnostic setting to send entries to Azure Monitor Logs or to forward them outside of Azure.
  • 资源日志 - 资源日志由 Azure 资源自动生成,但如果没有诊断设置,则不会收集。Resource logs - Resource logs are automatically generated by Azure resources but not collected without a diagnostic setting. 可创建诊断设置,将条目发送到 Azure Monitor 日志,或将其转发到 Azure 之外。Create a diagnostic setting to send entries to Azure Monitor Logs or to forward them outside of Azure.
  • 活动日志 - 自动收集活动日志,无需任何配置,可在 Azure 门户中查看。Activity log - The Activity log is collected automatically with no configuration required and can be view in the Azure portal. 可创建诊断设置,将它们复制到 Azure Monitor 日志,或将其转发到 Azure 之外。Create a diagnostic setting to copy them to Azure Monitor Logs or to forward them outside of Azure.

Log Analytics 工作区Log Analytics workspace

要将数据收集到 Azure Monitor 日志中,需要使用 Log Analytics 工作区。Collecting data into Azure Monitor Logs requires a Log Analytics workspace. 可通过创建新的工作区来快速开始监视服务,但使用从其他服务收集数据的工作区可能会对你有所帮助。You can start monitoring your service quickly by creating a new workspace, but there may be value in using a workspace that's collecting data from other services. 请参阅在 Azure 门户中创建 Log Analytics 工作区,详细了解如何创建工作区和设计 Azure Monitor 日志部署,来帮助确定满足你要求的最佳工作区设计。See Create a Log Analytics workspace in the Azure portal for details on creating a workspace and Designing your Azure Monitor Logs deployment to help determine the best workspace design for your requirements. 如果你使用组织中现有的工作区,则需要具备在 Azure Monitor 中管理对日志数据和工作区的访问中所述的相应权限。If you use an existing workspace in your organization, then you will require appropriate permissions as described in Manage access to log data and workspaces in Azure Monitor.

诊断设置Diagnostic settings

诊断设置会定义特定资源的资源日志和指标应发送到的位置。Diagnostic settings define where resource logs and metrics for a particular resource should be sent. 可能的目标包括:Possible destinations are:

  • Log Analytics 工作区,通过它可使用功能强大的日志查询借助 Azure Monitor 收集的其他监视数据来分析数据,还可利用日志警报和可视化效果等其他 Azure Monitor 功能。Log Analytics workspace which allows you to analyze data with other monitoring data collected by Azure Monitor using powerful log queries and also to leverage other Azure Monitor features such as log alerts and visualizations.
  • 事件中心,用于将数据流式传输到外部系统,例如第三方 SIEM 和其他日志分析解决方案。Event hubs to stream data to external systems such as third-party SIEMs and other log analytics solutions.
  • Azure 存储帐户,适用于审核、静态分析或备份。Azure storage account which is useful for audit, static analysis, or backup.

按照创建诊断设置以收集 Azure 中的平台日志和指标中的过程,通过 Azure 门户创建和管理诊断设置。Follow the procedure in Create diagnostic setting to collect platform logs and metrics in Azure to create and manage diagnostic settings through the Azure portal. 请参阅使用资源管理器模板在 Azure 中创建诊断设置,在模板中定义这些设置,并在创建资源时对其启用全面监视。See Create diagnostic setting in Azure using a Resource Manager template to define them in a template and enable complete monitoring for a resource when it's created.

在 Azure 门户中监视Monitoring in the Azure portal

可通过 Azure 门户中的资源菜单访问大多数 Azure 资源的监视数据。You can access monitoring data for most Azure resources from the resource's menu in the Azure portal. 这样,你就可以使用标准 Azure Monitor 工具访问单个资源的数据。This will give you access to a single resource's data using standard Azure Monitor tools. 某些 Azure 服务将提供不同的选项,因此应参考相应服务的文档了解其他信息。Some Azure services will provide different options, so you should reference the documentation for that service for additional information. 使用“Azure Monitor”菜单来分析所有受监视资源中的数据。Use the Azure Monitor menu to analyze data from all monitored resources.

概述Overview

许多服务的“概述”页中会包含监视数据,以提供关于操作的快速概览。Many services will include monitoring data on their Overview page as a quick glance to their operation. 这通常会基于 Azure Monitor 指标中存储的平台指标子集。This will typically be based on a subset of platform metrics stored in Azure Monitor Metrics. 服务菜单的“监控”部分通常会提供其他监视选项。Other monitoring options will typically be available in a Monitoring section of the service's menu.

概述页

见解和解决方案Insights and Solutions

某些服务将提供超出 Azure Monitor 标准功能的工具。Some services will provide tools beyond the standard features of Azure Monitor. 见解提供基于 Azure Monitor 数据平台和标准功能构建的自定义监视体验。Insights provide a customized monitoring experience built on the Azure Monitor data platform and standard features. 解决方案提供基于 Azure Monitor 日志构建的预定义监视逻辑。Solutions provide predefined monitoring logic built on Azure Monitor Logs.

如果服务有 Azure Monitor 见解,可通过每项资源的菜单中的“监视”访问它。If a service has an Azure Monitor insight, you can access it from Monitoring in each resource's menu. 可通过“Azure Monitor”菜单访问所有见解和解决方案。Access all insights and solutions from the Azure Monitor menu.

见解

指标Metrics

在 Azure 门户中使用指标资源管理器分析指标,该管理器在大多数服务的“指标”菜单项中提供。Analyze metrics in the Azure portal using metrics explorer which is available from the Metrics menu item for most services. 借助此工具,可使用单个指标或组合使用多个指标来确定相关性和趋势。This tool allows you to work with individual metrics or combine multiple to identify correlations and trends.

指标

活动日志Activity log

在 Azure 门户中查看活动日志中的条目,并将初始筛选器设置为当前资源。View entries in the activity log in the Azure portal with the initial filter set to the current resource. 将活动日志复制到 Log Analytics 工作区进行访问,以便在日志查询和工作簿中使用它。Copy the activity log to a Log Analytics workspace to access it to use it in log queries and workbooks.

  • 请参阅查看和检索 Azure 活动日志事件,详细了解如何使用各种方法查看活动日志和检索条目。See View and retrieve Azure Activity log events for details on viewing the Activity log and retrieving entries using a variety of methods.
  • 请参阅 Azure 服务的文档,了解所记录的特定事件。See the documentation for your Azure service for the specific events that get logged.

活动日志

Azure Monitor 日志Azure Monitor Logs

Azure Monitor 日志整合了来自多项服务和其他数据源的日志和指标,以便使用强大的查询工具进行分析。Azure Monitor Logs consolidates logs and metrics from multiple services and other data sources for analysis with a powerful query tool. 如上所述,请创建诊断设置,将平台指标、活动日志和资源日志收集放入 Azure Monitor 中的 Log Analytics 工作区。As described above, create a diagnostic setting to collect platform metrics, activity log, and resource logs into a Log Analytics workspace in Azure Monitor.

可通过 Log Analytics 使用日志查询,这是 Azure Monitor 的一项强大功能,可使用功能完备的查询语言对日志数据进行高级分析。Log Analytics allows you to work with log queries, which is a powerful feature of Azure Monitor that allows you to perform advanced analysis of log data using a fully featured query language. 从 Azure 资源的“监视”菜单中的“日志”打开 Log Analytics,将资源用作查询范围来处理日志查询 。Open Log Analytics from Logs in the Monitoring menu for an Azure resource to work with log queries using the resource as the query scope. 这样可跨多个表仅分析该资源的数据。This lets you analyze data across multiple tables for just that resource. 使用 Azure Monitor 菜单中的“日志”来访问所有资源的日志。Use Logs from the Azure Monitor menu to access logs for all resources.

日志

通过命令行监视Monitoring from command line

可通过命令行访问从资源收集的监视数据,也可使用 Azure PowerShellAzure 命令行接口包含在脚本中。You can access monitoring data collected from your resource from a command line or include in a script using Azure PowerShell or Azure Command Line Interface.

通过 REST API 监视Monitoring from REST API

使用 REST API 将从资源收集到的监视数据加入到自定义应用程序中。Include monitoring data collected from your resource in a custom application using a REST API.

警报Alerts

在监视数据中发现重要情况时,警报会主动通知你并可能采取措施。Alerts proactively notify you and potentially take action when important conditions are found in your monitoring data. 请创建一个警报规则,用于定义警报的目标、确定是否创建警报的条件,以及要执行进行响应的任何操作。You create an alert rule that defines a target for the alert, the conditions for whether to create an alert, and any actions to take in response.

不同类型的警报规则使用不同类型的监视数据。Different kinds of monitoring data are used for different kinds of alert rules.

  • 活动日志警报 - 在与特定条件匹配的活动日志中创建条目时创建警报。Activity log alert - Create an alert when an entry is created in the activity log that matches specific criteria. 这样可在创建特定类型的资源或配置更改失败时收到通知。This allows you to be notified for example when a particular type of resource is created or if a configuration change fails.
  • 指标警报 - 在指标值超过特定阈值时创建警报。Metric alert - Create an alert when a metric value exceeds a particular threshold. 与其他警报相比,指标警报的响应更迅速,且可在问题得到更正时自动解决。Metric alerts are more responsive than other alerts and can be automatically resolved when the issue is corrected.
  • 日志查询警报 - 定期运行日志查询,并在找到特定条件时创建警报。Log query alert - Run a log query at regular intervals and create an alert if a particular condition is found. 通过此规则,可跨多个数据集执行复杂的分析。This allows you to perform complex analysis across multiple sets of data and .

使用资源菜单中的“警报”来查看警报并管理该资源的警报规则。Use Alerts from a resource's menu to view alerts and manage alert rules for that resource. 只有活动日志警报和指标警报使用单个 Azure 资源作为目标。Only Activity log alerts and Metric alerts use individual Azure resources as a target. 日志查询警报将 Log Analytics 工作区用作目标,并基于可访问该工作区中存储的任何日志的查询。Log query alerts use a Log Analytics workspace as a target and are based on a query that can access any logs stored in that workspace. 使用 Azure Monitor 菜单查看和管理所有资源的警报并管理日志查询警报规则。Use the Azure Monitor menu to view and manage alerts for all resources and the manage log query alert rules.

后续步骤Next steps