使用 Azure Monitor 从混合环境中的 Windows 计算机收集数据Collect data from a Windows computer in a hybrid environment with Azure Monitor

Azure Monitor 可以直接从环境中的物理或虚拟 Windows 计算机将数据收集到 Log Analytics 工作区中,以便进行详细分析和关联。Azure Monitor can collect data directly from your your physical or virtual Windows computers in your environment into a Log Analytics workspace for detailed analysis and correlation. 安装 Log Analytics 代理可让 Azure Monitor 从数据中心或其他云环境收集数据。Installing the Log Analytics agent allows Azure Monitor to collect data from a datacenter or other cloud environment. 本快速入门介绍如何通过几个简单步骤,从 Windows 计算机中配置或收集数据。This quickstart shows you how to configure and collect data from your Windows computer with a few easy steps. 有关 Azure Windows VM 的信息,请参阅收集有关 Azure 虚拟机的数据For information about Azure Windows VMs, see Collect data about Azure virtual machines.

若要了解支持的配置,请参阅支持的 Windows 操作系统网络防火墙配置To understand the supported configuration, see Supported Windows operating systems and Network firewall configuration.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

登录到 Azure 门户Sign in to Azure portal

https://portal.azure.cn 中登录 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.

创建工作区Create a workspace

  1. 在 Azure 门户中,选择“所有服务”。In the Azure portal, select All services. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics 工作区”。Select Log Analytics workspaces.

    Azure 门户

  2. 选择“创建”,然后为以下各项选择选项:Select Create, and then select choices for the following items:

    • 为新的 Log Analytics 工作区提供名称,如 DefaultLAWorkspace。Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace.

    • 如果选择的默认值不合适,请从下拉列表中选择要链接到的订阅Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.

    • 对于“资源组”,选择包含一个或多个 Azure 虚拟机的现有资源组。For Resource Group, select an existing resource group that contains one or more Azure virtual machines.

    • 选择向其部署 VM 的“位置”。Select the Location your VMs are deployed to. 如需其他信息,请参阅提供 Log Analytics 的区域For additional information, see which regions Log Analytics is available in.

    • 如果在 2018 年 4 月 2 日后创建的新订阅中创建工作区,则它将自动使用“每 GB”定价计划,并且不提供用于选择定价层的选项。If you are creating a workspace in a new subscription created after April 2, 2018, it will automatically use the Per GB pricing plan and the option to select a pricing tier will not be available. 如果是为 4 月 2 日之前创建的现有订阅创建工作区,或者是为绑定到现有 EA 注册的订阅创建工作区,则可以选择首选定价层。If you are creating a workspace for an existing subscription created before April 2, or to subscription that was tied to an existing EA enrollment, select your preferred pricing tier. 有关特定层的其他信息,请参阅 Log Analytics 定价详细信息For additional information about the particular tiers, see Log Analytics Pricing Details.

      创建 Log Analytics 资源边栏选项卡

  3. 在“Log Analytics 工作区”窗格中提供所需的信息后,选择“确定”。After providing the required information on the Log Analytics workspace pane, select OK.

在验证信息和创建工作区时,可以在菜单中的“通知”下面跟踪操作进度。While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.

获取工作区 ID 和密钥Get the workspace ID and key

在安装适用于 Windows 的 Log Analytics 代理(也称为 Microsoft Monitoring Agent (MMA))之前,需要 Log Analytics 工作区的工作区 ID 和密钥。Before you install the Log Analytics agent for Windows (also referred to as the Microsoft Monitoring Agent (MMA)), you need the workspace ID and key for your Log Analytics workspace. 安装向导需要使用此信息来正确配置代理,并确保它能与 Azure Monitor 通信。The setup wizard needs this information to properly configure the agent and ensure it can communicate with Azure Monitor.

  1. 在 Azure 门户左上角选择“所有服务”。In the upper-left corner of the Azure portal, select All services. 在搜索框中输入 Log AnalyticsIn the search box, enter Log Analytics. 键入时,列表会根据输入的内容进行筛选。As you type, the list filters based on your input. 选择“Log Analytics 工作区”。Select Log Analytics workspaces.

  2. 在 Log Analytics 工作区列表中,选择前面创建的工作区。In your list of Log Analytics workspaces, select the workspace you created earlier. (可能已将其命名为 DefaultLAWorkspace。)(You might have named it DefaultLAWorkspace.)

  3. 选择“高级设置”:Select Advanced settings:

    Log Analytics 高级设置

  4. 选择“已连接的源”,然后选择“Windows 服务器” 。Select Connected Sources, and then select Windows Servers.

  5. 复制“工作区 ID”和“主密钥”右侧的值 。Copy the values to the right of Workspace ID and Primary Key. 将其粘贴到你偏爱的编辑器中。Paste them into your favorite editor.

安装适用于 Windows 的代理Install the agent for Windows

以下步骤将安装并配置 Azure 中国中用于 Log Analytics 的代理。The following steps install and configure the agent for Log Analytics in Azure China. 你将使用 Microsoft Monitoring Agent 安装程序在计算机上安装该代理。You'll use the Microsoft Monitoring Agent Setup program to install the agent on your computer.

  1. 延续前面的步骤,在“Windows 服务器”页上,选择要下载的 Windows 代理版本。Continuing from the previous set of steps, on the Windows Servers page, select the Download Windows Agent version that you want to download. 选择适用于你的 Windows 操作系统处理器体系结构的版本。Select the appropriate version for the processor architecture of your Windows operating system.

  2. 运行安装程序在计算机上安装该代理。Run Setup to install the agent on your computer.

  3. 在“欢迎”页上,选择“下一步”。On the Welcome page, select Next.

  4. 在“许可条款”页面上阅读许可协议,然后选择“我接受” 。On the License Terms page, read the license and then select I Agree.

  5. 在“目标文件夹”页面上更改或保留默认安装文件夹,然后选择“下一步” 。On the Destination Folder page, change or keep the default installation folder and then select Next.

  6. 在“代理安装选项”页上,将代理连接到 Azure Log Analytics,然后选择“下一步”。On the Agent Setup Options page, connect the agent to Azure Log Analytics and then select Next.

  7. 在“Azure Log Analytics”页上完成以下步骤:On the Azure Log Analytics page, complete these steps:

    1. 粘贴前面复制的“工作区 ID”和“工作区密钥(主密钥)”。在“Azure 云”列表中选择“Azure 中国”。 Paste in the Workspace ID and Workspace Key (Primary Key) that you copied earlier.Select Azure China in the Azure Cloud list.
    2. 如果计算机需要通过代理服务器来与 Log Analytics 服务通信,请选择“高级”并提供代理服务器的 URL 和端口号。If the computer needs to communicate through a proxy server to the Log Analytics service, select Advanced and provide the URL and port number of the proxy server. 如果代理服务器要求身份验证,请输入用于在代理服务器上进行身份验证的用户名和密码,然后选择“下一步”。If your proxy server requires authentication, enter the user name and password for authentication with the proxy server and then select Next.
  8. 添加配置设置后,选择“下一步”:Select Next after you've added the configuration settings:

    Microsoft Monitoring Agent 安装

  9. 在“准备安装”页上检查所做的选择,并选择“安装” 。On the Ready to Install page, review your choices and then select Install.

  10. 在“配置已成功完成”页上,选择“完成”。On the Configuration completed successfully page, select Finish.

完成安装和设置后,Microsoft Monitoring Agent 将显示在控制面板中。When the installation and setup is finished, Microsoft Monitoring Agent appears in Control Panel. 可以检查配置,并验证代理是否已连接到 Log Analytics 工作区。You can review your configuration and verify that the agent is connected to the Log Analytics workspace. 连接后,在“Azure Log Analytics”选项卡上,代理将显示以下消息:Microsoft Monitoring Agent 已成功连接到 Microsoft Log Analytics 服务。When connected, on the Azure Log Analytics tab, the agent displays this message: The Microsoft Monitoring Agent has successfully connected to the Microsoft Log Analytics service.

MMA 连接状态MMA connection status

收集的事件和性能数据Collect event and performance data

Azure Monitor 可从 Windows 事件日志以及性能计数器中收集指定的事件用于长期分析和报告。Azure Monitor can collect events that you specify from the Windows event log and performance counters for longer term analysis and reporting. 检测到特定的状况时,它还可以采取措施。It can also take action when it detects a particular condition. 首先,请按照下列步骤操作,配置 Windows 事件日志以及几个常见性能计数器中收集事件。Follow these steps to configure collection of events from the Windows event log, and several common performance counters to start with.

  1. 在 Azure 门户左下角选择“更多服务”。In the lower-left corner of the Azure portal, select More services. 在搜索框中输入 Log AnalyticsIn the search box, enter Log Analytics. 键入时,列表会根据输入的内容进行筛选。As you type, the list filters based on your input. 选择“Log Analytics 工作区”。Select Log Analytics workspaces.

  2. 选择“高级设置”:Select Advanced settings:

    Log Analytics 高级设置

  3. 选择“数据”,然后选择“Windows 事件日志”。Select Data, and then select Windows Event Logs.

  4. 可通过输入日志名称来添加事件日志。You add an event log by entering the name of the log. 输入“系统”,然后选择加号 ( + )。Enter System, and then select the plus sign (+).

  5. 在表中,选择“错误”和“警告”严重性。In the table, select the Error and Warning severities.

  6. 在页面顶部选择“保存”。Select Save at the top of the page.

  7. 选择“Windows 性能计数器”,在 Windows 计算机上启用性能计数器收集。Select Windows Performance Counters to enable collection of performance counters on a Windows computer.

  8. 首次为新的 Log Analytics 工作区配置 Windows 性能计数器时,可以选择快速创建几个通用的计数器。When you first configure Windows performance counters for a new Log Analytics workspace, you're given the option to quickly create several common counters. 每个选项将会列出,其旁边带有一个复选框:Each option is listed, with a check box next to it:

    Windows 性能计数器..

    选择“添加所选性能计数器”。Select Add the selected performance counters. 随即会添加这些计数器,并为其预设 10 秒收集采样间隔。The counters are added and preset with a ten-second collection sample interval.

  9. 在页面顶部选择“保存”。Select Save at the top of the page.

查看收集的数据View collected data

启用数据收集后,让我们开始运行一个简单的日志搜索,以查看来自目标计算机的某些数据。Now that you've enabled data collection, let's run a simple log search to see some data from the target computer.

  1. 在所选工作区中,从左侧窗格中选择“日志”。In the selected workspace, from the left-hand pane, select Logs.

  2. 在日志查询页上,在查询编辑器中键入 Perf,然后选择“运行”。On the Logs query page, type Perf in the query editor and select Run.

    Log Analytics 日志搜索

    例如,下图中的查询返回了 10,000 条性能记录。For example, the query in this image returned 10,000 Performance records. 结果会大大减少。Your results will be significantly less.

    Log Analytics 日志搜索结果

清理资源Clean up resources

如果不再需要,可从计算机中删除该代理,并删除 Log Analytics 工作区。You can remove the agent from your computer and delete the Log Analytics workspace if you no longer need them.

若要删除代理,请完成以下步骤:To remove the agent, complete these steps:

  1. 打开控制面板。Open Control Panel.

  2. 打开“程序和功能”。Open Programs and Features.

  3. 在“程序和功能”中选择“Microsoft Monitoring Agent”,然后选择“卸载”。In Programs and Features, select Microsoft Monitoring Agent and then select Uninstall.

若要删除前面创建的 Log Analytics 工作区,请将其选中,然后在资源页上选择“删除”:To delete the Log Analytics workspace you created earlier, select it, and, on the resource page, select Delete:

删除 Log Analytics 工作区

后续步骤Next steps

从 Windows 计算机收集操作和性能数据时,可以轻松地开始免费浏览、分析和处理收集的数据。Now that you're collecting operational and performance data from your Windows computer, you can easily begin exploring, analyzing, and acting on the data you collect, for free.

若要了解如何查看和分析数据,请继续学习以下教程:To learn how to view and analyze the data, continue to the tutorial: