Azure Monitor 中的代理数据源Agent data sources in Azure Monitor

Azure Monitor 从代理收集的数据是由你配置的数据源定义的。The data that Azure Monitor collects from agents is defined by the data sources that you configure. 来自代理的数据存储为包含记录集的日志数据The data from agents is stored as log data with a set of records. 每个数据源将创建具有某种特殊类型的记录,而每个类型都具有自己的一组属性。Each data source creates records of a particular type with each type having its own set of properties.

日志数据收集

数据源概要介绍Summary of data sources

下表列出了 Azure Monitor 中当前可用的代理数据源。The following table lists the agent data sources that are currently available in Azure Monitor. 每个数据源都链接到一篇单独的文章,提供该数据源的详细信息。Each has a link to a separate article providing detail for that data source. 它还提供了有关收集方法和收集频率的信息。It also provides information on their method and frequency of collection.

数据源Data source 平台Platform Azure Monitoring AgentAzure monitoring agent Operations Manager 代理Operations Manager agent Azure 存储Azure storage 需要 Operations Manager?Operations Manager required? Operations Manager 代理数据通过管理组发送Operations Manager agent data sent via management group 收集频率Collection frequency
自定义日志Custom logs WindowsWindows 到达时on arrival
自定义日志Custom logs LinuxLinux 到达时on arrival
IIS 日志IIS logs WindowsWindows 依赖于日志文件滚动更新设置depends on Log File Rollover setting
性能计数器Performance counters WindowsWindows 根据计划,最小值为 10 秒as scheduled, minimum of 10 seconds
性能计数器Performance counters LinuxLinux 根据计划,最小值为 10 秒as scheduled, minimum of 10 seconds
SyslogSyslog LinuxLinux 来自 Azure 存储:10 分钟;来自代理:到达时from Azure storage: 10 minutes; from agent: on arrival
Windows 事件日志Windows Event logs WindowsWindows 到达时on arrival

配置数据源Configuring data sources

可以从工作区“高级设置”中的“数据”菜单配置数据源。You configure data sources from the Data menu in Advanced Settings for the workspace. 任何配置都将传送到工作区中所有已连接的数据源。Any configuration is delivered to all connected sources in your workspace. 当前不能从此配置中排除任何代理。You cannot currently exclude any agents from this configuration.

配置 Windows 事件

  1. 在 Azure 门户中,选择“Log Analytics 工作区”> 你的工作区 >“高级设置”。In the Azure portal, select Log Analytics workspaces > your workspace > Advanced Settings.
  2. 选择“数据”。Select Data.
  3. 单击要配置的数据源。Click on the data source you want to configure.
  4. 按照上表中每个数据源链接到的文档,了解有关其配置的详细信息。Follow the link to the documentation for each data source in the above table for details on their configuration.

数据收集Data collection

数据源配置会在几分钟内传送到与 Azure Monitor 直接连接的各个代理。Data source configurations are delivered to agents that are directly connected to Azure Monitor within a few minutes. 指定的数据从代理收集,并按特定于每个数据源的时间间隔直接传送到 Azure Monitor。The specified data is collected from the agent and delivered directly to Azure Monitor at intervals specific to each data source. 请参阅每个数据源的文档以了解详情。See the documentation for each data source for these specifics.

对于已连接管理组中的 System Center Operations Manager 代理,数据源配置默认以每 5 分钟的间隔转换成管理包并传送到管理组。For System Center Operations Manager agents in a connected management group, data source configurations are translated into management packs and delivered to the management group every 5 minutes by default. 代理会下载任何其他的管理包,并收集指定的数据。The agent downloads the management pack like any other and collects the specified data. 根据数据源的不同,数据或者被发送到管理服务器,再由管理服务器转发到 Azure Monitor;或者不通过管理服务器,由代理将数据发送到 Azure Monitor。Depending on the data source, the data will be either sent to a management server which forwards the data to the Azure Monitor, or the agent will send the data to Azure Monitor without going through the management server.

如果代理无法连接到 Azure Monitor 或 Operations Manager,将继续收集在建立连接时传送的数据。If the agent is unable to connect to Azure Monitor or Operations Manager, it will continue to collect data that it will deliver when it establishes a connection. 如果数据量达到客户端的最大缓存大小,或者如果代理无法在 24 小时内建立连接,则可能会丢失数据。Data can be lost if the amount of data reaches the maximum cache size for the client, or if the agent is not able to establish a connection within 24 hours.

日志记录Log records

Azure Monitor 收集的所有日志数据都作为记录存储在工作区中。All log data collected by Azure Monitor is stored in the workspace as records. 按不同数据源收集的记录具有其自己的属性集,并由其“类型”属性来识别。Records collected by different data sources will have their own set of properties and be identified by their Type property. 有关每种记录类型的详细信息,请参阅每个数据源和解决方案的相关文档。See the documentation for each data source and solution for details on each record type.

后续步骤Next steps

  • 了解监视解决方案如何将功能添加到 Azure Monitor,以及如何将数据收集到工作区中。Learn about monitoring solutions that add functionality to Azure Monitor and also collect data into the workspace.
  • 了解日志查询以便分析从数据源和监视解决方案中收集的数据。Learn about log queries to analyze the data collected from data sources and monitoring solutions.
  • 配置警报以便主动向你通知从数据源和监视解决方案中收集的关键数据。Configure alerts to proactively notify you of critical data collected from data sources and monitoring solutions.