在 Windows 计算机上安装 Log Analytics 代理Install Log Analytics agent on Windows computers

本文详细介绍如何使用以下方法在 Windows 计算机上安装 Log Analytics 代理:This article provides details on installing the Log Analytics agent on Windows computers using the following methods:


本文所述的安装方法通常用于本地或其他云中的虚拟机。The installation methods described in this article are typically used for virtual machines on-premises or in other clouds. 有关可用于 Azure 虚拟机的更高效选项,请参阅安装选项See Installation options for more efficient options you can use for Azure virtual machines.


如果需要将代理配置为向多个工作区报告,则不能在初始设置期间执行此操作,而只能在之后通过从控制面板或 PowerShell 更新设置执行,如添加或删除工作区中所述。If you need to configure the agent to report to more than one workspace, this cannot be performed during initial setup, only afterwards by updating the settings from Control Panel or PowerShell as described in Adding or removing a workspace.

支持的操作系统Supported operating systems

有关 Log Analytics 代理支持的 Windows 版本的列表,请参阅 Azure Monitor 代理概述See Overview of Azure Monitor agents for a list of Windows versions supported by the Log Analytics agent.

SHA-2 代码签名支持要求SHA-2 Code Signing Support Requirement

Windows 代理将于 2020 年 8 月 17 日开始以独占方式使用 SHA-2 签名。The Windows agent will begin to exclusively use SHA-2 signing on August 17, 2020. 此更改将影响使用旧版 OS 上的 Log Analytics 代理作为任何 Azure 服务(Azure Monitor、Azure 自动化、Azure 更新管理、Azure 更改跟踪、Azure 安全中心、Azure Sentinel、Windows Defender ATP)一部分的客户。This change will impact customers using the Log Analytics agent on a legacy OS as part of any Azure service (Azure Monitor, Azure Automation, Azure Update Management, Azure Change Tracking, Azure Security Center, Azure Sentinel, Windows Defender ATP). 除非你在旧版 OS 版本(Windows 7、Windows Server 2008 R2 和 Windows Server 2008)上运行代理,否则更改不需要任何客户操作。The change does not require any customer action unless you are running the agent on a legacy OS version (Windows 7, Windows Server 2008 R2 and Windows Server 2008). 在 2020 年 8 月 17 日之前,在旧版 OS 版本上运行的客户必须在其计算机上执行以下操作,否则其代理会停止将数据发送到其 Log Analytics 工作区:Customers running on a legacy OS version are required to take the following actions on their machines before August 17, 2020 or their agents will stop sending data to their Log Analytics workspaces:

  1. 为 OS 安装最新服务器包。Install the latest Service Pack for your OS. 必需的服务包版本包括:The required service pack versions are:

    • Windows 7 SP1Windows 7 SP1
    • Windows Server 2008 SP2Windows Server 2008 SP2
    • Windows Server 2008 R2 SP1Windows Server 2008 R2 SP1
  2. 要为 OS 安装 SHA-2 签名 Windows 更新,请参阅适用于 Windows 和 WSUS 的 2019 SHA-2 代码签名支持要求Install the SHA-2 signing Windows updates for your OS as described in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS

  3. 更新到 Windows 代理的最新版本(版本 10.20.18029)。Update to the latest version of the Windows agent (version 10.20.18029).

  4. 建议将代理配置为使用 TLS 1.2Recommended to configure the agent to use TLS 1.2.

网络要求Network requirements

有关 Windows 代理的网络要求,请参阅 Log Analytics 代理概述See Log Analytics agent overview for the network requirements for the Windows agent.

将代理配置为使用 TLS 1.2Configure Agent to use TLS 1.2

TLS 1.2 协议可确保在 Windows 代理与 Log Analytics 服务之间进行通信的传输中数据的安全性。TLS 1.2 protocol ensure the security of data in transit for communication between the Windows agent and the Log Analytics service. 如果要在默认情况下未启用 TLS 1.2 的操作系统上安装,则应使用以下步骤配置 TLS 1.2。If you're installing on an operating system without TLS 1.2 enabled by default, then you should configure TLS 1.2 using the steps below.

  1. 找到以下注册表子项:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ProtocolsLocate the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  2. 在“Protocols”下为 TLS 1.2 创建一个子项:HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2Create a subkey under Protocols for TLS 1.2 HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

  3. 在你之前创建的 TLS 1.2 协议版本子项下创建一个 Client 子项。Create a Client subkey under the TLS 1.2 protocol version subkey you created earlier. 例如,HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client。For example, HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client.

  4. 在 HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client 下创建以下 DWORD 值:Create the following DWORD values under HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client:

    • Enabled [值 = 1]Enabled [Value = 1]
    • DisabledByDefault [值 = 0]DisabledByDefault [Value = 0]

将 .NET Framework 4.6 或更高版本配置为安全加密,因为默认情况下禁用此功能。Configure .NET Framework 4.6 or later to support secure cryptography, as by default it is disabled. 强加密使用更安全的网络协议(例如 TLS 1.2)并且会阻止不安全的协议。The strong cryptography uses more secure network protocols like TLS 1.2, and blocks protocols that are not secure.

  1. 找到以下注册表子项:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319Locate the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.
  2. 在此子项下创建值为 1 的 DWORD 值 SchUseStrongCryptoCreate the DWORD value SchUseStrongCrypto under this subkey with a value of 1.
  3. 找到以下注册表子项:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319Locate the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319.
  4. 在此子项下创建值为 1 的 DWORD 值 SchUseStrongCryptoCreate the DWORD value SchUseStrongCrypto under this subkey with a value of 1.
  5. 重启系统以使设置生效。Restart the system for the settings to take effect.

使用安装向导安装代理Install agent using setup wizard

以下步骤在计算机上使用代理的安装向导在 Azure 和 Azure 中国云中安装并配置 Log Analytics 代理。The following steps install and configure the Log Analytics agent in Azure and Azure China cloud by using the setup wizard for the agent on your computer.

  1. 在 Log Analytics 工作区中,从先前导航到的“Windows 服务器”页,根据 Windows 操作系统的处理器体系结构选择相应的“下载 Windows 代理”版本。 In your Log Analytics workspace, from the Windows Servers page you navigated to earlier, select the appropriate Download Windows Agent version to download depending on the processor architecture of the Windows operating system.
  2. 运行安装程序在计算机上安装该代理。Run Setup to install the agent on your computer.
  3. 在“欢迎”页面上,单击“下一步”。 On the Welcome page, click Next.
  4. 在“许可条款”页面上阅读许可协议,然后单击“我接受” 。On the License Terms page, read the license and then click I Agree.
  5. 在“目标文件夹”页面上更改或保留默认安装文件夹,然后单击“下一步” 。On the Destination Folder page, change or keep the default installation folder and then click Next.
  6. 在“代理安装选项”页上,选择将代理连接到 Azure Log Analytics,单击“下一步”。 On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then click Next.
  7. 在“Azure Log Analytics”页上执行以下操作:On the Azure Log Analytics page, perform the following:
    1. 粘贴前面复制的“工作区 ID”和“工作区密钥(主密钥)”。 Paste the Workspace ID and Workspace Key (Primary Key) that you copied earlier. 如果计算机应向 Azure 中国云中的 Log Analytics 工作区报告,请从“Azure 云”下拉列表中选择“Azure 中国” 。If the computer should report to a Log Analytics workspace in Azure China cloud, select Azure China from the Azure Cloud drop-down list.
    2. 如果计算机需要通过代理服务器来与 Log Analytics 通信,请单击“高级”并提供代理服务器的 URL 和端口号。If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. 如果代理服务器要求身份验证,请键入用于在代理服务器上进行身份验证的用户名和密码,并单击“下一步”。If your proxy server requires authentication, type the username and password to authenticate with the proxy server and then click Next.
  8. 提供所需的配置设置后,单击“下一步”。Click Next once you have completed providing the necessary configuration settings.

    粘贴工作区 ID 和主键paste Workspace ID and Primary Key

  9. 在“准备安装”页上检查所做的选择,并单击“安装”。 On the Ready to Install page, review your choices and then click Install.
  10. 在“配置已成功完成”页上,单击“完成”。 On the Configuration completed successfully page, click Finish.

完成后,Microsoft Monitoring Agent 将显示在“控制面板”中。When complete, the Microsoft Monitoring Agent appears in Control Panel. 要确认其正在向 Log Analytics 报告,请参阅验证代理与 Log Analytics 的连接To confirm it is reporting to Log Analytics, review Verify agent connectivity to Log Analytics.

使用命令行来安装代理Install agent using command line

下载的代理文件是自包含安装包。The downloaded file for the agent is a self-contained installation package. 代理和支持文件的安装程序包含在该包中,需要提取才能使用以下示例中所示的命令行正确安装。The setup program for the agent and supporting files are contained in the package and need to be extracted in order to properly install using the command line shown in the following examples.


如果想要升级代理,需要使用 Log Analytics 脚本 API。If you want to upgrade an agent, you need to use the Log Analytics scripting API. 有关详细信息,请参阅管理并维护 Windows 和 Linux 的 Log Analytics 代理See the topic Managing and maintaining the Log Analytics agent for Windows and Linux for further information.

下表突出显示了代理的安装程序支持的特定参数,包括使用 Automation DSC 进行部署的时间。The following table highlights the specific parameters supported by setup for the agent, including when deployed using Automation DSC.

特定于 MMA 的选项MMA-specific options 说明Notes
NOAPM=1NOAPM=1 可选参数。Optional parameter. 安装不带 .NET 应用程序性能监视的代理。Installs the agent without .NET Application Performance Monitoring.
ADD_OPINSIGHTS_WORKSPACEADD_OPINSIGHTS_WORKSPACE 1 = 将代理配置为向工作区报告1 = Configure the agent to report to a workspace
OPINSIGHTS_WORKSPACE_IDOPINSIGHTS_WORKSPACE_ID 要添加的工作区的工作区 ID (GUID)Workspace ID (guid) for the workspace to add
OPINSIGHTS_WORKSPACE_KEYOPINSIGHTS_WORKSPACE_KEY 工作区密钥,用于通过工作区进行初始身份验证Workspace key used to initially authenticate with the workspace
OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPEOPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE 指定工作区所在的云环境Specify the cloud environment where the workspace is located
0 = Azure 商业云(默认值)0 = Azure commercial cloud (default)
2 = Azure 中国云2 = Azure China Cloud
OPINSIGHTS_PROXY_USERNAMEOPINSIGHTS_PROXY_USERNAME 要访问的经过身份验证的代理用户名Username to access an authenticated proxy
OPINSIGHTS_PROXY_PASSWORDOPINSIGHTS_PROXY_PASSWORD 要访问的经过身份验证的代理密码Password to access an authenticated proxy
  1. 若要提取代理安装文件,请在提升的命令提示符处运行 MMASetup-<platform>.exe /c,这会提示要将文件提取到的路径。To extract the agent installation files, from an elevated command prompt run MMASetup-<platform>.exe /c and it will prompt you for the path to extract files to. 或者,可以通过传递参数 MMASetup-<platform>.exe /c /t:<Full Path> 来指定路径。Alternatively, you can specify the path by passing the arguments MMASetup-<platform>.exe /c /t:<Full Path>.

  2. 要以无提示方式安装代理,并将其配置为向 Azure 商业版云中的工作区报告,请在提取安装文件的文件夹中键入:To silently install the agent and configure it to report to a workspace in Azure commercial cloud, from the folder you extracted the setup files to type:


    或者,要将代理配置为向 Azure 中国云报告,请键入:or to configure the agent to report to Azure China cloud, type:



    需要将参数 OPINSIGHTS_WORKSPACE_ID 和 OPINSIGHTS_WORKSPACE_KEY 的字符串值封装在双引号中,以指示 Windows Installer 将其解释为包的有效选项。The string values for the parameters OPINSIGHTS_WORKSPACE_ID and OPINSIGHTS_WORKSPACE_KEY need to be encapsulated in double-quotes to instruct Windows Installer to interprit as valid options for the package.

使用 Azure 自动化中的 DSC 来安装代理Install agent using DSC in Azure Automation

可通过以下脚本示例,使用 Azure Automation DSC 安装代理。You can use the following script example to install the agent using Azure Automation DSC. 如果没有自动化帐户,请在使用 Automation DSC 前查看 Azure 自动化入门,了解创建自动化账户的需求和步骤。If you do not have an Automation account, see Get started with Azure Automation to understand requirements and steps for creating an Automation account required before using Automation DSC. 如果不熟悉 Automation DSC,请参阅 Automation DSC 入门If you are not familiar with Automation DSC, review Getting started with Automation DSC.

下面的示例安装由 URI 值标识的 64 位代理。The following example installs the 64-bit agent, identified by the URI value. 还可通过替换 URI 值,使用 32 位版本。You can also use the 32-bit version by replacing the URI value. 这两个版本的 URI 分别是:The URIs for both versions are:


此过程和脚本示例不支持升级已部署到 Windows 计算机的代理。This procedure and script example does not support upgrading the agent already deployed to a Windows computer.

32 位和 64 位版本的代理包具有不同的产品代码,新发布的版本也具有唯一的产品代码。The 32-bit and 64-bit versions of the agent package have different product codes and new versions released also have a unique value. 产品代码是一个 GUID,它是应用程序或产品的主体标志,由 Windows Installer 的“ProductCode”属性表示。The product code is a GUID that is the principal identification of an application or product and is represented by the Windows Installer ProductCode property. MMAgent.ps1 脚本中的 ProductId 值必须与 32 位或 64 位代理安装程序包的产品代码匹配。The ProductId value in the MMAgent.ps1 script has to match the product code from the 32-bit or 64-bit agent installer package.

要直接从代理安装包检索产品代码,可使用适用于 Windows Installer 开发者的 Windows SDK 组件中的 Orca.exe,该组件是 Windows 软件开发工具包的一个组件,或按照 Microsoft 最有价值专家 (MVP) 编写的示例脚本来使用 PowerShell。To retrieve the product code from the agent install package directly, you can use Orca.exe from the Windows SDK Components for Windows Installer Developers that is a component of the Windows Software Development Kit or using PowerShell following an example script written by a Microsoft Valuable Professional (MVP). 对于上述任一种方法,都需要先从 MMASetup 安装包中提取 MOMagent.msi 文件。For either approach, you first need to extract the MOMagent.msi file from the MMASetup installation package. 在前面使用命令行安装代理部分下的第一个步骤中演示了此操作。This is shown earlier in the first step under the section Install the agent using the command line.

  1. https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration 将 xPSDesiredStateConfiguration DSC 模块导入到 Azure 自动化。Import the xPSDesiredStateConfiguration DSC Module from https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration into Azure Automation.
  2. OPSINSIGHTS_WS_IDOPSINSIGHTS_WS_KEY 创建 Azure 自动化变量资产。Create Azure Automation variable assets for OPSINSIGHTS_WS_ID and OPSINSIGHTS_WS_KEY. 将 OPSINSIGHTS_WS_ID 设置为 Log Analytics 工作区 ID,将 OPSINSIGHTS_WS_KEY 设置为工作区的主键 。Set OPSINSIGHTS_WS_ID to your Log Analytics workspace ID and set OPSINSIGHTS_WS_KEY to the primary key of your workspace.
  3. 复制脚本,并将其另存为 MMAgent.ps1。Copy the script and save it as MMAgent.ps1.
Configuration MMAgent
    $OIPackageLocalPath = "C:\Deploy\MMASetup-AMD64.exe"
    $OPSINSIGHTS_WS_ID = Get-AutomationVariable -Name "OPSINSIGHTS_WS_ID"
    $OPSINSIGHTS_WS_KEY = Get-AutomationVariable -Name "OPSINSIGHTS_WS_KEY"

    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName PSDesiredStateConfiguration

    Node OMSnode {
        Service OIService
            Name = "HealthService"
            State = "Running"
            DependsOn = "[Package]OI"

        xRemoteFile OIPackage {
            Uri = "https://go.microsoft.com/fwlink/?LinkId=828603"
            DestinationPath = $OIPackageLocalPath

        Package OI {
            Ensure = "Present"
            Path  = $OIPackageLocalPath
            Name = "Microsoft Monitoring Agent"
            ProductId = "8A7F2C51-4C7D-4BFD-9014-91D11F24AAE2"
            DependsOn = "[xRemoteFile]OIPackage"

  1. 按照先前建议的方法,使用从最新版本的代理安装包中提取的产品代码更新脚本中的 ProductId 值。Update the ProductId value in the script with the product code extracted from the latest version of the agent install package using the methods recommended earlier.
  2. 将 MMAgent.ps1 配置脚本导入到自动化帐户。Import the MMAgent.ps1 configuration script into your Automation account.
  3. 将 Windows 计算机或节点分配到配置。Assign a Windows computer or node to the configuration. 15 分钟内,该节点会检查其配置,代理会被推送到该节点。Within 15 minutes, the node checks its configuration and the agent is pushed to the node.

验证代理与 Azure Monitor 的连接Verify agent connectivity to Azure Monitor

代理安装完毕后,可通过两种方式来验证是否成功连接和完成报告。Once installation of the agent is complete, verifying it is successfully connected and reporting can be accomplished in two ways.

在计算机的“控制面板”中,找到“Microsoft Monitoring Agent”项 。From the computer in Control Panel, find the item Microsoft Monitoring Agent. 选择该项,在“Azure Log Analytics”选项卡上,代理应显示一条消息:“Microsoft Monitoring Agent 已成功连接到Microsoft Operations Management Suite 服务”。Select it and on the Azure Log Analytics tab, the agent should display a message stating: The Microsoft Monitoring Agent has successfully connected to the Microsoft Operations Management Suite service.

MMA 与 Log Analytics 的连接状态MMA connection status to Log Analytics

还可在 Azure 门户中执行简单的日志查询。You can also perform a simple log query in the Azure portal.

  1. 在 Azure 门户中,搜索并选择“监视”。In the Azure portal, search for and select Monitor.

  2. 在菜单中选择“日志”。Select Logs in the menu.

  3. 在“日志”窗格的查询字段中键入:On the Logs pane, in the query field type:

    | where Category == "Direct Agent" 
    | where TimeGenerated > ago(30m)  

在返回的搜索结果中,应可以看到计算机的检测信号记录,该记录指示计算机已连接到服务,并向其报告。In the search results returned, you should see heartbeat records for the computer indicating it is connected and reporting to the service.

缓存信息Cache information

来自 Log Analytics 代理的数据在发送到 Azure Monitor 之前会缓存在本地计算机上的“C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State”中。Data from the Log Analytics agent is cached on the local machine at C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State before it's sent to Azure Monitor. 该代理会尝试每隔 20 秒上传一次。The agent attempts to upload every 20 seconds. 如果操作失败,它会等待以指数级增加的一段时间,直到成功为止:If it fails, it will wait an exponentially increasing length of time until it succeeds. 它会在第二次尝试之前等待 30 秒,在接下来的一次尝试之前等待 60 秒,在再下一次尝试之前等待 120 秒,依此类推,直到再次成功连接为止,两次重试之间的最长间隔为 8.5 小时。It will wait 30 seconds before the second attempt, 60 seconds before the next, 120 seconds, and so on to a maximum of 8.5 hours between retries until it successfully connects again. 此等待时间会稍微随机化,以避免所有代理同时尝试连接。This wait time is slightly randomized to avoid all agents simultaneously attempting connection. 达到最大缓冲时,会丢弃最早的数据。Oldest data is discarded when the maximum buffer is reached.

默认缓存大小为 50 MB,但可以在最小 5 MB 和最大 1.5 GB 之间进行配置。The default cache size is 50 MB but can be configured between a minimum of 5 MB and maximum of 1.5 GB. 缓存大小将存储在注册表项“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Persistence Cache Maximum”中。It's stored in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Persistence Cache Maximum. 该值表示页数(每页 8 KB)。The value represents the number of pages, with 8 KB per page.

后续步骤Next steps