使用 Azure Monitor 从 Azure 虚拟机收集数据Collect data from an Azure virtual machine with Azure Monitor

Azure Monitor 可以直接从 Azure 虚拟机将数据收集到 Log Analytics 工作区,以便进行详细信息和关联分析。Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for analysis of details and correlations. 安装适用于 WindowsLinux 的 Log Analytics VM 扩展允许 Azure Monitor 从 Azure VM 收集数据。Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs. 本快速入门介绍如何通过几个简单步骤,使用 VM 扩展从 Azure Linux 或 Windows VM 中配置和收集数据。This quickstart shows you how to configure and collect data from your Azure Linux or Windows VMs using the VM extension with a few easy steps.

本快速入门假定你拥有现有 Azure 虚拟机。This quickstart assumes you have an existing Azure virtual machine. 如果没有,可根据 VM 快速入门创建 Windows VM创建 Linux VMIf not you can create a Windows VM or create a Linux VM following our VM quickstarts.

登录到 Azure 门户Sign in to Azure portal

https://portal.azure.cn 中登录 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.

创建工作区Create a workspace

  1. 在 Azure 门户中,选择“所有服务”。In the Azure portal, select All services. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics 工作区”。Select Log Analytics workspaces.

    Azure 门户

  2. 选择“创建”,然后为以下各项选择选项:Select Create, and then select choices for the following items:

    • 为新的 Log Analytics 工作区提供名称,如 DefaultLAWorkspace。Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace.

    • 如果选择的默认值不合适,请从下拉列表中选择要链接到的订阅Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.

    • 对于“资源组”,选择包含一个或多个 Azure 虚拟机的现有资源组。For Resource Group, select an existing resource group that contains one or more Azure virtual machines.

    • 选择向其部署 VM 的“位置”。Select the Location your VMs are deployed to. 如需其他信息,请参阅提供 Log Analytics 的区域For additional information, see which regions Log Analytics is available in.

    • 如果在 2018 年 4 月 2 日后创建的新订阅中创建工作区,则它将自动使用“每 GB”定价计划,并且不提供用于选择定价层的选项。If you are creating a workspace in a new subscription created after April 2, 2018, it will automatically use the Per GB pricing plan and the option to select a pricing tier will not be available. 如果是为 4 月 2 日之前创建的现有订阅创建工作区,或者是为绑定到现有 EA 注册的订阅创建工作区,则可以选择首选定价层。If you are creating a workspace for an existing subscription created before April 2, or to subscription that was tied to an existing EA enrollment, select your preferred pricing tier. 有关特定层的其他信息,请参阅 Log Analytics 定价详细信息For additional information about the particular tiers, see Log Analytics Pricing Details.

      创建 Log Analytics 资源边栏选项卡

  3. 在“Log Analytics 工作区”窗格中提供所需的信息后,选择“确定”。After providing the required information on the Log Analytics workspace pane, select OK.

在验证信息和创建工作区时,可以在菜单中的“通知”下面跟踪操作进度。While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.

启用 Log Analytics VM 扩展Enable the Log Analytics VM Extension

备注

从 Microsoft Operations Management Suite (OMS) 过渡到 Azure Monitor 期间,Windows 或 Linux 的 OMS 代理称为 Windows 或 Linux 的 Log Analytics 代理。As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

对于已在 Azure 中部署的 Windows 和 Linux 虚拟机,可使用 Log Analytics VM 扩展安装 Log Analytics 代理。For Windows and Linux virtual machines already deployed in Azure, you install the Log Analytics agent with the Log Analytics VM Extension. 使用扩展可简化安装流程,并可自动配置代理,以将数据发送至指定的 Log Analytics 工作区。Using the extension simplifies the installation process and automatically configures the agent to send data to the Log Analytics workspace that you specify. 在发布新版本时,代理也会自动升级,以确保你拥有最新的功能和修补程序。The agent is also upgraded automatically when a newer version is released, ensuring that you have the latest features and fixes. 在继续之前,请验证 VM 是否正在运行,否则此过程将无法成功完成。Before proceeding, verify the VM is running otherwise the process will fail to complete successfully.

备注

无法将适用于 Linux 的 Log Analytics 代理配置为向多个 Log Analytics 工作区报告。The Log Analytics agent for Linux cannot be configured to report to more than one Log Analytics workspace.

  1. 在 Azure 门户中,选择左上角的“所有服务”。In the Azure portal, select All services found in the upper left-hand corner. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics 工作区”。Select Log Analytics workspaces.

  2. 在 Log Analytics 工作区列表中,选择之前创建的 DefaultLAWorkspace。In your list of Log Analytics workspaces, select DefaultLAWorkspace created earlier.

  3. 在左侧菜单上的“工作区数据源”下,选择“虚拟机”。On the left-hand menu, under Workspace Data Sources, select Virtual machines.

  4. 在“虚拟机”列表中,选择要在其中安装代理的虚拟机。In the list of Virtual machines, select a virtual machine you want to install the agent on. 请注意,VM 的“Log Analytics 连接状态”指示其“未连接”。Notice that the Log Analytics connection status for the VM indicates that it is Not connected.

  5. 在虚拟机的详细信息中,选择“连接”。In the details for your virtual machine, select Connect. 则自动会为 Log Analytics 工作区安装并配置代理。The agent is automatically installed and configured for your Log Analytics workspace. 此过程需要几分钟的时间,在此期间,“状态”显示“正在连接” 。This process takes a few minutes, during which time the Status shows Connecting.

  6. 安装并连接代理后,会使用“此工作区”更新“Log Analytics 连接状态”。After you install and connect the agent, the Log Analytics connection status will be updated with This workspace.

收集的事件和性能数据Collect event and performance data

Azure Monitor 可以从你为长期分析和报告指定的 Windows 事件日志或 Linux 系统日志和性能计数器中收集事件,并在检测到特定条件时采取措施。Azure Monitor can collect events from the Windows event logs or Linux Syslog and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected. 首先,请按照下列步骤操作,配置从 Windows 系统日志和 Linux Syslog 以及几个常见性能计数器中收集事件。Follow these steps to configure collection of events from the Windows system log and Linux Syslog, and several common performance counters to start with.

Windows VM 中的数据收集Data collection from Windows VM

  1. 选择“高级设置”。Select Advanced settings.

    Log Analytics 高级设置

  2. 选择“数据”,然后选择“Windows 事件日志”。Select Data, and then select Windows Event Logs.

  3. 可通过键入日志名称添加事件日志。You add an event log by typing in the name of the log. 键入“System”,然后选择加号 ( + )。Type System and then select the plus sign +.

  4. 在表中,选中严重性“错误”和“警告”。In the table, check the severities Error and Warning.

  5. 选择页面顶部的“保存”来保存配置。Select Save at the top of the page to save the configuration.

  6. 选择“Windows 性能数据”,在 Windows 计算机上启用性能计数器收集。Select Windows Performance Data to enable collection of performance counters on a Windows computer.

  7. 首次为新的 Log Analytics 工作区配置 Windows 性能计数器时,可以选择快速创建几个通用的计数器。When you first configure Windows Performance counters for a new Log Analytics workspace, you are given the option to quickly create several common counters. 将这些计数器在一个复选框中依次列出。They are listed with a checkbox next to each.

    选中的默认 Windows 性能计数器

    选择“添加所选性能计数器”。Select Add the selected performance counters. 随即会添加它们,并且通过 10 秒收集示例间隔进行预设。They are added and preset with a ten second collection sample interval.

  8. 选择页面顶部的“保存”来保存配置。Select Save at the top of the page to save the configuration.

Linux VM 中的数据收集Data collection from Linux VM

  1. 选择“Syslog”。Select Syslog.

  2. 可通过键入日志名称添加事件日志。You add an event log by typing in the name of the log. 键入“Syslog”,然后选择加号 ( + )。Type Syslog and then select the plus sign +.

  3. 在表中,取消选中严重性“信息”、“通知”和“调试”。In the table, deselect the severities Info, Notice and Debug.

  4. 选择页面顶部的“保存”来保存配置。Select Save at the top of the page to save the configuration.

  5. 选择“Linux 性能数据”,在 Linux 计算机上启用性能计数器收集。Select Linux Performance Data to enable collection of performance counters on a Linux computer.

  6. 首次为新的 Log Analytics 工作区配置 Linux 性能计数器时,可以选择快速创建几个通用的计数器。When you first configure Linux Performance counters for a new Log Analytics workspace, you are given the option to quickly create several common counters. 将这些计数器在一个复选框中依次列出。They are listed with a checkbox next to each.

    选中的默认 Windows 性能计数器

    选择“将下列配置应用到我的计算机”,然后选择“添加选定的性能计数器”。Select Apply below configuration to to my machines and then select Add the selected performance counters. 随即会添加它们,并且通过 10 秒收集示例间隔进行预设。They are added and preset with a ten second collection sample interval.

  7. 选择页面顶部的“保存”来保存配置。Select Save at the top of the page to save the configuration.

查看收集的数据View data collected

现已启用数据收集,开始运行简单的日志搜索示例,查看来自目标 VM 的部分数据。Now that you have enabled data collection, lets run a simple log search example to see some data from the target VMs.

  1. 在所选工作区中,从左侧窗格中选择“日志”。In the selected workspace, from the left-hand pane, select Logs.

  2. 在日志查询页上,在查询编辑器中键入 Perf,然后选择“运行”。On the Logs query page, type Perf in the query editor and select Run.

    Log Analytics 日志搜索查询示例

    例如,下图中的查询返回了 10,000 条性能记录。For example, the query in the following image returned 10,000 performance records. 结果会大大减少。Your results will be significantly less.

    Log Analytics 日志搜索结果

清理资源Clean up resources

不再需要 Log Analytics 工作区时,将其删除。When no longer needed, delete the Log Analytics workspace. 为此,请选择之前创建的 Log Analytics 工作区,并在资源页上选择“删除”。To do so, select the Log Analytics workspace you created earlier and on the resource page select Delete.

删除 Log Analytics 资源

后续步骤Next steps

从 Windows 或 Linux 虚拟机收集操作和性能数据后,现在可轻松开始浏览、分析免费收集的数据,并对它们采取措施。Now that you are collecting operational and performance data from your Windows or Linux virtual machines, you can easily begin exploring, analyzing, and taking action on data that you collect for free.

若要了解如何查看和分析数据,请继续本教程。To learn how to view and analyze the data, continue to the tutorial.