将 Windows 计算机连接到 Azure MonitorConnect Windows computers to Azure Monitor

要使用 Azure Monitor 在本地数据中心或其他云环境中监视和管理虚拟机或物理计算机,需部署 Log Analytics 代理(也称为 Microsoft Monitoring Agent (MMA)),并将其配置为向一个或多个 Log Analytics 工作区报告。In order to monitor and manage virtual machines or physical computers in your local datacenter or other cloud environment with Azure Monitor, you need to deploy the Log Analytics agent (also referred to as the Microsoft Monitoring Agent (MMA)) and configure it to report to one or more Log Analytics workspaces. 该代理还支持用于 Azure 自动化的混合 Runbook 辅助角色。The agent also supports the Hybrid Runbook Worker role for Azure Automation.

在受到监视的 Windows 计算机上,该代理被列为 Microsoft Monitoring Agent 服务。On a monitored Windows computer, the agent is listed as the Microsoft Monitoring Agent service. Microsoft Monitoring Agent 服务从日志文件和 Windows 事件日志、性能数据及其他遥测数据中收集事件。The Microsoft Monitoring Agent service collects events from log files and Windows event log, performance data, and other telemetry. 即使代理无法与 Azure Monitor(其报告对象)保持通信,也会持续在受监视计算机的磁盘上运行收集的数据,并对这些数据进行排队。Even when the agent is unable to communicate with Azure Monitor it reports to, the agent continues to run and queues the collected data on the disk of the monitored computer. 还原连接后,Microsoft Monitoring Agent 服务会向该服务发送所收集的数据。When the connection is restored, the Microsoft Monitoring Agent service sends collected data to the service.

可使用以下方法之一安装代理。The agent may be installed by using one of the following methods. 大多数安装采用这些方法的组合,根据实际情况安装不同的计算机组。Most installations use a combination of these methods to install different sets of computers, as appropriate. 有关使用每种方法的详细信息在本文中后面提供。Details on using each method are provided later in the article.

  • 手动安装。Manual installation. 可以使用安装向导通过命令行在计算机上手动运行安装程序,也可以使用现有软件分发工具进行部署。Setup is manually run on the computer using the setup wizard, from the command line, or deployed using an existing software distribution tool.
  • Azure 自动化 Desired State Configuration (DSC)。Azure Automation Desired State Configuration (DSC). 配合使用 Azure 自动化中的 DSC 以及已部署在环境中的 Windows 计算机的脚本。Using DSC in Azure Automation with a script for Windows computers already deployed in your environment.
  • PowerShell 脚本。PowerShell script.
  • 适用于在 Azure Stack 中运行 Windows 本地环境的虚拟机的资源管理器模板。Resource Manager template for virtual machines running Windows on-premises in Azure Stack.

Note

Azure 安全中心 (ASC) 依赖于 Microsoft Monitoring Agent(也称为 Log Analytics Windows 代理),并将在其部署过程中安装和配置它以便向 Log Analytics 工作区报告。Azure Security Center (ASC) depends on the Microsoft Monitoring Agent (also referred to as the Log Analytics Windows agent) and will install and configure it to report to a Log Analytics workspace as part of its deployment. ASC 包括一个自动预配选项,该选项允许在订阅中的所有 VM 上自动安装 Log Analytics Windows 代理,并将其配置为向特定工作区报告。ASC includes an automatic provisioning option which enables automatic installation of the Log Analytics Windows agent on all VMs in your subscription and configures it to report to a specific workspace.

如果需要将代理配置为向多个工作区报告,则不能在初始设置期间执行此操作,只能在通过从控制面板或 PowerShell 更新设置之后执行,如添加或删除工作区中所述。If you need to configure the agent to report to more than one workspace, this cannot be performed during initial setup, only afterwards by updating the settings from Control Panel or PowerShell as described in Adding or removing a workspace.

若要了解支持的配置,请查看支持的 Windows 操作系统网络防火墙配置To understand the supported configuration, review supported Windows operating systems and network firewall configuration.

获取工作区 ID 和密钥Obtain workspace ID and key

在安装适用于 Windows 的 Log Analytics 代理前,需要先获得 Log Analytics 工作区的工作区 ID 和秘钥。Before installing the Log Analytics agent for Windows, you need the workspace ID and key for your Log Analytics workspace. 安装期间每种安装方法需要此信息才能正确配置代理,并确保它能在 Azure 商业版和中国政府云中与 Azure Monitor 成功通信。This information is required during setup from each installation method to properly configure the agent and ensure it can successfully communicate with Azure Monitor in Azure commercial and China Government cloud.

  1. 在 Azure 门户中,单击“所有服务”。In the Azure portal, click All services. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics”。Select Log Analytics.
  2. 在 Log Analytics 工作区列表中,选择要将代理配置为向其报告的工作区。In your list of Log Analytics workspaces, select the workspace you intend on configuring the agent to report to.
  3. 选择“高级设置”。Select Advanced settings.

    Log Analytics 高级设置Log Analytics Advance Settings

  4. 选择“已连接的源”,然后选择“Windows 服务器”。Select Connected Sources, and then select Windows Servers.
  5. 工作区 ID主密钥复制并粘贴到常用编辑器。Copy and paste into your favorite editor, the Workspace ID and Primary Key.

将代理配置为使用 TLS 1.2Configure Agent to use TLS 1.2

若要为 Windows 代理与 Log Analytics 服务之间的通信使用 TLS 1.2 协议,可以在将代理安装在虚拟机上之前或之后执行以下步骤来启用该协议。To configure use of the TLS 1.2 protocol for communication between the Windows agent and the Log Analytics service, you can follow the steps below to enable before the agent is installed on the virtual machine or afterwards.

  1. 找到以下注册表子项:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ProtocolsLocate the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  2. Protocols 下为 TLS 1.2 创建一个子项:HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2Create a subkey under Protocols for TLS 1.2 HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

  3. 在你之前创建的 TLS 1.2 协议版本子项下创建一个 Client 子项。Create a Client subkey under the TLS 1.2 protocol version subkey you created earlier. 例如,HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientFor example, HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client.

  4. HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client 下创建以下 DWORD 值:Create the following DWORD values under HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client:

    • Enabled [值 = 1]Enabled [Value = 1]
    • DisabledByDefault [值 = 0]DisabledByDefault [Value = 0]

将 .NET Framework 4.6 或更高版本配置为安全加密,因为默认情况下禁用此功能。Configure .NET Framework 4.6 or later to support secure cryptography, as by default it is disabled. 强加密使用更安全的网络协议(例如 TLS 1.2)并且会阻止不安全的协议。The strong cryptography uses more secure network protocols like TLS 1.2, and blocks protocols that are not secure.

  1. 找到以下注册表子项:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319Locate the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.
  2. 在此子项下创建值为 1的 DWORD 值 SchUseStrongCryptoCreate the DWORD value SchUseStrongCrypto under this subkey with a value of 1.
  3. 找到以下注册表子项:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319Locate the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319.
  4. 在此子项下创建值为 1的 DWORD 值 SchUseStrongCryptoCreate the DWORD value SchUseStrongCrypto under this subkey with a value of 1.
  5. 重启系统以使设置生效。Restart the system for the settings to take effect.

使用安装向导安装代理Install the agent using setup wizard

以下步骤在计算机上使用代理的设置向导在 Azure 和 Azure China Cloud 云中安装并配置 Log Analytics 的代理。The following steps install and configure the agent for Log Analytics in Azure and Azure China Cloud cloud by using the setup wizard for the agent on your computer. 如果希望了解如何将代理配置为也向 System Center Operations Manager 管理组进行报告,请参阅使用代理设置向导部署 Operations Manager 代理If you want to learn how to configure the agent to also report to a System Center Operations Manager management group, see deploy the Operations Manager agent with the Agent Setup Wizard.

  1. 在 Log Analytics 工作区中,从先前导航到的“Windows 服务器”页,根据 Windows 操作系统的处理器体系结构选择相应的“下载 Windows 代理”版本。In your Log Analytics workspace, from the Windows Servers page you navigated to earlier, select the appropriate Download Windows Agent version to download depending on the processor architecture of the Windows operating system.
  2. 运行安装程序在计算机上安装该代理。Run Setup to install the agent on your computer.
  3. 在“欢迎”页面上,单击“下一步”。On the Welcome page, click Next.
  4. 在“许可条款”页面上阅读许可协议,然后单击“我接受”。On the License Terms page, read the license and then click I Agree.
  5. 在“目标文件夹”页面上更改或保留默认安装文件夹,然后单击“下一步”。On the Destination Folder page, change or keep the default installation folder and then click Next.
  6. 在“代理安装选项”页上,选择将代理连接到 Azure Log Analytics,单击“下一步”。On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then click Next.
  7. 在“Azure Log Analytics”页上执行以下操作:On the Azure Log Analytics page, perform the following:
    1. 粘贴前面复制的“工作区 ID”和“工作区密钥(主密钥)”。Paste the Workspace ID and Workspace Key (Primary Key) that you copied earlier. 如果计算机应向 Azure China Cloud 云中的 Log Analytics 工作区报告,请从“Azure 云”下拉列表中选择“Azure 中国政府”。If the computer should report to a Log Analytics workspace in Azure China Cloud cloud, select Azure China Government from the Azure Cloud drop-down list.
    2. 如果计算机需要通过代理服务器来与 Log Analytics 通信,请单击“高级”并提供代理服务器的 URL 和端口号。If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. 如果代理服务器要求身份验证,请键入用于在代理服务器上进行身份验证的用户名和密码,并单击“下一步”。If your proxy server requires authentication, type the username and password to authenticate with the proxy server and then click Next.
  8. 提供所需的配置设置后,单击“下一步”。Click Next once you have completed providing the necessary configuration settings.

    粘贴工作区 ID 和主键paste Workspace ID and Primary Key

  9. 在“准备安装”页上检查所做的选择,并单击“安装”。On the Ready to Install page, review your choices and then click Install.
  10. 在“配置已成功完成”页上,单击“完成”。On the Configuration completed successfully page, click Finish.

完成后,Microsoft Monitoring Agent 将显示在“控制面板”中。When complete, the Microsoft Monitoring Agent appears in Control Panel. 要确认其正在向 Log Analytics 报告,请参阅验证代理与 Log Analytics 的连接To confirm it is reporting to Log Analytics, review Verify agent connectivity to Log Analytics.

使用命令行安装代理Install the agent using the command line

下载的代理文件是自包含安装包。The downloaded file for the agent is a self-contained installation package. 代理和支持文件的安装程序包含在该包中,需要提取才能使用以下示例中所示的命令行正确安装。The setup program for the agent and supporting files are contained in the package and need to be extracted in order to properly install using the command line shown in the following examples.

Note

如果想要升级代理,需要使用 Log Analytics 脚本 API。If you want to upgrade an agent, you need to use the Log Analytics scripting API.

下表突出显示了代理的安装程序支持的特定参数,包括使用 Automation DSC 进行部署的时间。The following table highlights the specific parameters supported by setup for the agent, including when deployed using Automation DSC.

特定于 MMA 的选项MMA-specific options 注释Notes
NOAPM=1NOAPM=1 可选参数。Optional parameter. 安装不带 .NET 应用程序性能监视的代理。Installs the agent without .NET Application Performance Monitoring.
ADD_OPINSIGHTS_WORKSPACEADD_OPINSIGHTS_WORKSPACE 1 = 将代理配置为向工作区报告1 = Configure the agent to report to a workspace
OPINSIGHTS_WORKSPACE_IDOPINSIGHTS_WORKSPACE_ID 要添加的工作区的工作区 ID (GUID)Workspace ID (guid) for the workspace to add
OPINSIGHTS_WORKSPACE_KEYOPINSIGHTS_WORKSPACE_KEY 工作区密钥,用于通过工作区进行初始身份验证Workspace key used to initially authenticate with the workspace
OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPEOPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE 指定工作区所在的云环境Specify the cloud environment where the workspace is located
0 = Azure 商业云(默认值)0 = Azure commercial cloud (default)
1 = Azure China Cloud1 = Azure China Cloud
OPINSIGHTS_PROXY_URLOPINSIGHTS_PROXY_URL 要使用的代理的 URIURI for the proxy to use
OPINSIGHTS_PROXY_USERNAMEOPINSIGHTS_PROXY_USERNAME 要访问的经过身份验证的代理用户名Username to access an authenticated proxy
OPINSIGHTS_PROXY_PASSWORDOPINSIGHTS_PROXY_PASSWORD 要访问的经过身份验证的代理密码Password to access an authenticated proxy
  1. 若要提取代理安装文件,请在提升的命令提示符处运行 MMASetup-<platform>.exe /c,这会提示要将文件提取到的路径。To extract the agent installation files, from an elevated command prompt run MMASetup-<platform>.exe /c and it will prompt you for the path to extract files to. 或者,可以通过传递参数 MMASetup-<platform>.exe /c /t:<Full Path> 来指定路径。Alternatively, you can specify the path by passing the arguments MMASetup-<platform>.exe /c /t:<Full Path>.

  2. 要以无提示方式安装代理,并将其配置为向 Azure 商业版云中的工作区报告,请在提取安装文件的文件夹中键入:To silently install the agent and configure it to report to a workspace in Azure commercial cloud, from the folder you extracted the setup files to type:

    setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=<your workspace ID> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1
    

    或者,要将代理配置为向 Azure 中国政府版云报告,请键入:or to configure the agent to report to Azure China Government cloud, type:

    setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=1 OPINSIGHTS_WORKSPACE_ID=<your workspace ID> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1
    

    Note

    需要将参数 OPINSIGHTS_WORKSPACE_ID 和 OPINSIGHTS_WORKSPACE_KEY 的字符串值封装在双引号中,以指示 Windows Installer 将其解释为包的有效选项。The string values for the parameters OPINSIGHTS_WORKSPACE_ID and OPINSIGHTS_WORKSPACE_KEY need to be encapsulated in double-quotes to instruct Windows Installer to interprit as valid options for the package.

使用 Azure 自动化中的 DSC 安装代理Install the agent using DSC in Azure Automation

可通过以下脚本示例,使用 Azure Automation DSC 安装代理。You can use the following script example to install the agent using Azure Automation DSC. 如果没有自动化帐户,请在使用 Automation DSC 前查看 Azure 自动化入门,了解创建自动化账户的需求和步骤。If you do not have an Automation account, see Get started with Azure Automation to understand requirements and steps for creating an Automation account required before using Automation DSC. 如果不熟悉 Automation DSC,请参阅 Automation DSC 入门If you are not familiar with Automation DSC, review Getting started with Automation DSC.

下面的示例安装由 URI 值标识的 64 位代理。The following example installs the 64-bit agent, identified by the URI value. 还可通过替换 URI 值,使用 32 位版本。You can also use the 32-bit version by replacing the URI value. 这两个版本的 URI 分别是:The URIs for both versions are:

Note

此过程和脚本示例不支持升级已部署到 Windows 计算机的代理。This procedure and script example does not support upgrading the agent already deployed to a Windows computer.

32 位和 64 位版本的代理包具有不同的产品代码,新发布的版本也具有唯一的产品代码。The 32-bit and 64-bit versions of the agent package have different product codes and new versions released also have a unique value. 产品代码是一个 GUID,它是应用程序或产品的主体标志,由 Windows Installer 的“ProductCode”属性表示。The product code is a GUID that is the principal identification of an application or product and is represented by the Windows Installer ProductCode property. MMAgent.ps1 脚本中的 ProductId 值必须与 32 位或 64 位代理安装程序包的产品代码匹配。The ProductId value in the MMAgent.ps1 script has to match the product code from the 32-bit or 64-bit agent installer package.

若要直接从代理安装包检索产品代码,可使用适用于 Windows Installer 开发者的 Windows SDK 组件中的 Orca.exe,该组件是 Windows 软件开发工具包的一个组件,或按照 Azure 最有价值专家 (MVP) 编写的示例脚本来使用 PowerShell。To retrieve the product code from the agent install package directly, you can use Orca.exe from the Windows SDK Components for Windows Installer Developers that is a component of the Windows Software Development Kit or using PowerShell following an example script written by a Azure Valuable Professional (MVP). 对于上述任一种方法,都需要先从 MMASetup 安装包中提取 MOMagent.msi 文件。For either approach, you first need to extract the MOMagent.msi file from the MMASetup installation package. 在前面使用命令行安装代理部分下的第一个步骤中演示了此操作。This is shown earlier in the first step under the section Install the agent using the command line.

  1. https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration 将 xPSDesiredStateConfiguration DSC 模块导入到 Azure 自动化。Import the xPSDesiredStateConfiguration DSC Module from https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration into Azure Automation.

  2. OPSINSIGHTS_WS_IDOPSINSIGHTS_WS_KEY 创建 Azure 自动化变量资产。Create Azure Automation variable assets for OPSINSIGHTS_WS_ID and OPSINSIGHTS_WS_KEY. 将 OPSINSIGHTS_WS_ID 设置为 Log Analytics 工作区 ID,将 OPSINSIGHTS_WS_KEY 设置为工作区的主键。Set OPSINSIGHTS_WS_ID to your Log Analytics workspace ID and set OPSINSIGHTS_WS_KEY to the primary key of your workspace.

  3. 复制脚本,并将其另存为 MMAgent.ps1。Copy the script and save it as MMAgent.ps1.

    Configuration MMAgent
    {
        $OIPackageLocalPath = "C:\Deploy\MMASetup-AMD64.exe"
        $OPSINSIGHTS_WS_ID = Get-AutomationVariable -Name "OPSINSIGHTS_WS_ID"
        $OPSINSIGHTS_WS_KEY = Get-AutomationVariable -Name "OPSINSIGHTS_WS_KEY"
    
        Import-DscResource -ModuleName xPSDesiredStateConfiguration
        Import-DscResource -ModuleName PSDesiredStateConfiguration
    
        Node OMSnode {
            Service OIService
            {
                Name = "HealthService"
                State = "Running"
                DependsOn = "[Package]OI"
            }
    
            xRemoteFile OIPackage {
                Uri = "https://go.microsoft.com/fwlink/?LinkId=828603"
                DestinationPath = $OIPackageLocalPath
            }
    
            Package OI {
                Ensure = "Present"
                Path  = $OIPackageLocalPath
                Name = "Microsoft Monitoring Agent"
                ProductId = "8A7F2C51-4C7D-4BFD-9014-91D11F24AAE2"
                Arguments = '/C:"setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=' + $OPSINSIGHTS_WS_ID + ' OPINSIGHTS_WORKSPACE_KEY=' + $OPSINSIGHTS_WS_KEY + ' AcceptEndUserLicenseAgreement=1"'
                DependsOn = "[xRemoteFile]OIPackage"
            }
        }
    }
    
    
  4. 按照先前建议的方法,使用从最新版本的代理安装包中提取的产品代码更新脚本中的 ProductId 值。Update the ProductId value in the script with the product code extracted from the latest version of the agent install package using the methods recommended earlier.

  5. 将 MMAgent.ps1 配置脚本导入到自动化帐户。Import the MMAgent.ps1 configuration script into your Automation account.

  6. 将 Windows 计算机或节点分配到配置。Assign a Windows computer or node to the configuration. 15 分钟内,该节点会检查其配置,代理会被推送到该节点。Within 15 minutes, the node checks its configuration and the agent is pushed to the node.

验证代理与 Log Analytics 的连接Verify agent connectivity to Log Analytics

代理安装完毕后,可通过两种方式来验证是否成功连接和完成报告。Once installation of the agent is complete, verifying it is successfully connected and reporting can be accomplished in two ways.

在计算机的“控制面板”中,找到“Microsoft Monitoring Agent”项。From the computer in Control Panel, find the item Microsoft Monitoring Agent. 选择该项,在“Azure Log Analytics”选项卡上,代理应显示一条消息:“Microsoft Monitoring Agent 已成功连接到Microsoft Operations Management Suite 服务”。Select it and on the Azure Log Analytics tab, the agent should display a message stating: The Microsoft Monitoring Agent has successfully connected to the Microsoft Operations Management Suite service.

MMA 与 Log Analytics 的连接状态MMA connection status to Log Analytics

还可在 Azure 门户中执行简单的日志查询。You can also perform a simple log query in the Azure portal.

  1. 在 Azure 门户中,单击“所有服务”。In the Azure portal, click All services. 在资源列表中,键入“Azure Monitor”。In the list of resources, type Azure Monitor. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Azure Monitor”。Select Azure Monitor.

  2. 在菜单中选择“日志”。Select Logs in the menu.

  3. 在“日志”窗格的查询字段中键入:On the Logs pane, in the query field type:

    Heartbeat 
    | where Category == "Direct Agent" 
    | where TimeGenerated > ago(30m)  
    

在返回的搜索结果中,应可以看到计算机的检测信号记录,该记录指示计算机已连接到服务,并向其报告。In the search results returned, you should see heartbeat records for the computer indicating it is connected and reporting to the service.

后续步骤Next steps

查看管理并维护 Windows 和 Linux 的 Log Analytics 代理,了解如何在代理部署生命周期内在计算机上管理代理。Review Managing and maintaining the Log Analytics agent for Windows and Linux to learn about how to manage the agent during its deployment lifecycle on your machines.