Windows 诊断扩展架构Windows diagnostics extension schema

Azure 诊断扩展是 Azure Monitor 中的一个代理,用于从 Azure 计算资源的来宾操作系统和工作负荷中收集监视数据。Azure Diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system and workloads of Azure compute resources. 本文详细介绍了用于在 Windows 虚拟机和其他计算资源上配置诊断扩展的架构。This article details the schema used for configuration of the diagnostics extension on Windows virtual machines and other compute resources.

备注

本文中的架构适用于版本 1.3 及更高版本(Azure SDK 2.4 及更高版本)。The schema in this article is valid for versions 1.3 and newer (Azure SDK 2.4 and newer). 已对较新的配置节进行注释,以显示其添加于哪一版本。Newer configuration sections are commented to show in what version they were added. 架构版本 1.0 和 1.2 已存档,不再可用。Version 1.0 and 1.2 of the schema have been archived and no longer available.

公共配置文件架构Public configuration file schema

通过执行以下 PowerShell 命令下载公共配置文件架构定义:Download the public configuration file schema definition by executing the following PowerShell command:

(Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNamespace 'Microsoft.Azure.Diagnostics').PublicConfigurationSchema | Out-File -Encoding utf8 -FilePath 'C:\temp\WadConfig.xsd'  

常见的属性类型Common Attribute Types

scheduledTransferPeriod 属性显示在多个元素中。scheduledTransferPeriod attribute appears in several elements. 它是到存储空间的计划传输之间的间隔,向上舍入为最接近的分钟数。It is the interval between scheduled transfers to storage rounded up to the nearest minute. 值是 XML“持续时间数据类型。”The value is an XML “Duration Data Type.”

DiagnosticsConfiguration 元素DiagnosticsConfiguration Element

树:根 - DiagnosticsConfigurationTree: Root - DiagnosticsConfiguration

在版本 1.3 中添加。Added in version 1.3.

诊断配置文件的顶级元素。The top-level element of the diagnostics configuration file.

Attribute xmlns - 诊断配置文件的 XML 命名空间是:Attribute xmlns - The XML namespace for the diagnostics configuration file is:
http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration

子元素Child Elements 说明Description
PublicConfigPublicConfig 必需。Required. 在此页的其他位置查看说明。See description elsewhere on this page.
PrivateConfigPrivateConfig 可选。Optional. 在此页的其他位置查看说明。See description elsewhere on this page.
IsEnabledIsEnabled 布尔值。Boolean. 在此页的其他位置查看说明。See description elsewhere on this page.

PublicConfig 元素PublicConfig Element

树:根 - DiagnosticsConfiguration - PublicConfigTree: Root - DiagnosticsConfiguration - PublicConfig

描述公共诊断配置。Describes the public diagnostics configuration.

子元素Child Elements 说明Description
WadCfgWadCfg 必需。Required. 在此页的其他位置查看说明。See description elsewhere on this page.
StorageAccountStorageAccount 用于存储数据的 Azure 存储帐户的名称。The name of the Azure Storage account to store the data in. 执行 Set-AzureServiceDiagnosticsExtension cmdlet 时,还可能将其指定为参数。May also be specified as a parameter when executing the Set-AzureServiceDiagnosticsExtension cmdlet.
StorageTypeStorageType 可以是 TableBlobTableAndBlobCan be Table, Blob, or TableAndBlob. Table 是默认值。Table is default. 当选择了 TableAndBlob 时,诊断数据将写入两次 -- 针对每种类型写入一次。When TableAndBlob is chosen, diagnostic data is written twice -- once to each type.
LocalResourceDirectoryLocalResourceDirectory Monitoring Agent 在其中存储事件数据的虚拟机上的目录。The directory on the virtual machine where the Monitoring Agent stores event data. 如果不设置,则使用默认目录:If not, set, the default directory is used:

对于辅助角色/Web 角色:C:\Resources\<guid>\directory\<guid>.<RoleName.DiagnosticStore\For a Worker/web role: C:\Resources\<guid>\directory\<guid>.<RoleName.DiagnosticStore\

对于虚拟机:C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\<WADVersion>\WAD<WADVersion>For a Virtual Machine: C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\<WADVersion>\WAD<WADVersion>

必需属性:Required attributes are:

- path - Azure 诊断将使用的系统上的目录。- path - The directory on the system to be used by Azure Diagnostics.

- expandEnvironment - 控制是否在路径名称中扩展环境变量。- expandEnvironment - Controls whether environment variables are expanded in the path name.

WadCFG 元素WadCFG Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFGTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG

标识并配置要收集的遥测数据。Identifies and configures the telemetry data to be collected.

DiagnosticMonitorConfiguration 元素DiagnosticMonitorConfiguration Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfigurationTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration

必须Required

属性Attributes 说明Description
overallQuotaInMBoverallQuotaInMB 由 Azure 诊断收集的各类诊断数据使用的最大本地磁盘空间量。The maximum amount of local disk space that may be consumed by the various types of diagnostic data collected by Azure Diagnostics. 默认设置是 4096 MB。The default setting is 4096 MB.
useProxyServeruseProxyServer 将 Azure 诊断配置为使用在 IE 设置中设置的代理服务器设置。Configure Azure Diagnostics to use the proxy server settings as set in IE settings.
sinkssinks 在 1.5 中添加。Added in 1.5. 可选。Optional. 指向接收器位置以同时发送支持接收器的所有子元素的诊断数据。Points to a sink location to also send diagnostic data for all child elements that support sinks. 接收器示例是 Application Insights 或事件中心。Sink example is Application Insights or Event Hubs. 注意,如果希望上传到事件中心的事件具有资源 ID,则需要在“指标”元素下添加 resourceId 属性 。Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID.



子元素Child Elements 说明Description
CrashDumpsCrashDumps 在此页的其他位置查看说明。See description elsewhere on this page.
DiagnosticInfrastructureLogsDiagnosticInfrastructureLogs 启用收集 Azure 诊断生成的日志。Enable collection of logs generated by Azure Diagnostics. 诊断基础结构日志可用于排查诊断系统本身的故障。The diagnostic infrastructure logs are useful for troubleshooting the diagnostics system itself. 可选属性:Optional attributes are:

- scheduledTransferLogLevelFilter - 配置收集的日志的最低严重级别。- scheduledTransferLogLevelFilter - Configures the minimum severity level of the logs collected.

- scheduledTransferPeriod - 到存储空间的计划传输之间的时间间隔,向上舍入为最接近的分钟数。- scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. 值是 XML“持续时间数据类型。”The value is an XML “Duration Data Type.”
DirectoriesDirectories 在此页的其他位置查看说明。See description elsewhere on this page.
EtwProvidersEtwProviders 在此页的其他位置查看说明。See description elsewhere on this page.
度量值Metrics 在此页的其他位置查看说明。See description elsewhere on this page.
PerformanceCountersPerformanceCounters 在此页的其他位置查看说明。See description elsewhere on this page.
WindowsEventLogWindowsEventLog 在此页的其他位置查看说明。See description elsewhere on this page.
DockerSourcesDockerSources 在此页的其他位置查看说明。See description elsewhere on this page.

CrashDumps 元素CrashDumps Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - CrashDumpsTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - CrashDumps

启用故障转储收集。Enable the collection of crash dumps.

属性Attributes 说明Description
containerNamecontainerName 可选。Optional. Azure 存储帐户中用于存储故障转储的 blob 容器的名称。The name of the blob container in your Azure Storage account to be used to store crash dumps.
crashDumpTypecrashDumpType 可选。Optional. 将 Azure 诊断配置为收集少量或完整故障转储。Configures Azure Diagnostics to collect mini or full crash dumps.
directoryQuotaPercentagedirectoryQuotaPercentage 可选。Optional. 配置为 VM 上故障转储保留的 overallQuotaInMB 的百分比。Configures the percentage of overallQuotaInMB to be reserved for crash dumps on the VM.
子元素Child Elements 说明Description
CrashDumpConfigurationCrashDumpConfiguration 必需。Required. 定义每个进程的配置值。Defines configuration values for each process.

还必需以下属性:The following attribute is also required:

processName - 希望 Azure 诊断为其收集故障转储的进程的名称。processName - The name of the process you want Azure Diagnostics to collect a crash dump for.

Directories 元素Directories Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - DirectoriesTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories

启用收集目录内容、IIS 失败的访问请求日志和/或 IIS 日志。Enables the collection of the contents of a directory, IIS failed access request logs and/or IIS logs.

可选的 scheduledTransferPeriod 属性。Optional scheduledTransferPeriod attribute. 请参阅前面的说明。See explanation earlier.

子元素Child Elements 说明Description
IISLogsIISLogs 在配置中包括此元素可启用收集 IIS 日志:Including this element in the configuration enables the collection of IIS logs:

containerName - Azure 存储帐户中用于存储 IIS 日志的 blob 容器的名称。containerName - The name of the blob container in your Azure Storage account to be used to store the IIS logs.
FailedRequestLogsFailedRequestLogs 在配置中包括此元素可启用收集有关对 IIS 站点或应用程序的失败请求的日志。Including this element in the configuration enables collection of logs about failed requests to an IIS site or application. 还必须在 Web.config 文件中的 system.WebServer 下启用跟踪选项。You must also enable tracing options under system.WebServer in Web.config.
DataSourcesDataSources 要监视的目录的列表。A list of directories to monitor.

DataSources 元素DataSources Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSourcesTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSources

要监视的目录的列表。A list of directories to monitor.

子元素Child Elements 说明Description
DirectoryConfigurationDirectoryConfiguration 必需。Required. 必需属性:Required attribute:

containerName - Azure 存储帐户中用于存储日志文件的 blob 容器的名称。containerName - The name of the blob container in your Azure Storage account that to be used to store the log files.

DirectoryConfiguration 元素DirectoryConfiguration Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSources - DirectoryConfigurationTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Directories - DataSources - DirectoryConfiguration

可能包括 AbsoluteLocalResource 元素,但不能同时包含两者。May include either the Absolute or LocalResource element but not both.

子元素Child Elements 说明Description
AbsoluteAbsolute 要监视的目录的绝对路径。The absolute path to the directory to monitor. 需要以下属性:The following attributes are required:

- Path - 要监视的目录的绝对路径。- Path - The absolute path to the directory to monitor.

- expandEnvironment - 配置是否在路径中扩展环境变量。- expandEnvironment - Configures whether environment variables in Path are expanded.
LocalResourceLocalResource 要监视的本地资源的相对路径。The path relative to a local resource to monitor. 必需属性:Required attributes are:

- Name - 包含要监视的目录的本地资源- Name - The local resource that contains the directory to monitor

- relativePath - 包含要监视的目录的名称的相对路径- relativePath - The path relative to Name that contains the directory to monitor

EtwProviders 元素EtwProviders Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProvidersTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders

配置从基于 EventSource 和/或 ETW 清单的提供程序收集 ETW 事件。Configures collection of ETW events from EventSource and/or ETW Manifest based providers.

子元素Child Elements 说明Description
EtwEventSourceProviderConfigurationEtwEventSourceProviderConfiguration 配置收集从 EventSource 类生成的事件。Configures collection of events generated from EventSource Class. 必需属性:Required attribute:

provider - EventSource 事件的类名称。provider - The class name of the EventSource event.

可选属性:Optional attributes are:

- scheduledTransferLogLevelFilter - 要传输到存储帐户的最低严重级别。- scheduledTransferLogLevelFilter - The minimum severity level to transfer to your storage account.

- scheduledTransferPeriod - 到存储空间的计划传输之间的时间间隔,向上舍入为最接近的分钟数。- scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. 值是 XML“持续时间数据类型。”The value is an XML “Duration Data Type.”
EtwManifestProviderConfigurationEtwManifestProviderConfiguration 必需属性:Required attribute:

provider - 事件提供程序的 GUIDprovider - The GUID of the event provider

可选属性:Optional attributes are:

- scheduledTransferLogLevelFilter - 要传输到存储帐户的最低严重级别。- scheduledTransferLogLevelFilter - The minimum severity level to transfer to your storage account.

- scheduledTransferPeriod - 到存储空间的计划传输之间的时间间隔,向上舍入为最接近的分钟数。- scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. 值是 XML“持续时间数据类型。”The value is an XML “Duration Data Type.”

EtwEventSourceProviderConfiguration 元素EtwEventSourceProviderConfiguration Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders- EtwEventSourceProviderConfigurationTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders- EtwEventSourceProviderConfiguration

配置收集从 EventSource 类生成的事件。Configures collection of events generated from EventSource Class.

子元素Child Elements 说明Description
DefaultEventsDefaultEvents 可选属性:Optional attribute:

eventDestination -存储事件的表的名称eventDestination - The name of the table to store the events in
事件Event 必需属性:Required attribute:

id - 事件 ID。id - The id of the event.

可选属性:Optional attribute:

eventDestination -存储事件的表的名称eventDestination - The name of the table to store the events in

EtwManifestProviderConfiguration 元素EtwManifestProviderConfiguration Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders - EtwManifestProviderConfigurationTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - EtwProviders - EtwManifestProviderConfiguration

子元素Child Elements 说明Description
DefaultEventsDefaultEvents 可选属性:Optional attribute:

eventDestination -存储事件的表的名称eventDestination - The name of the table to store the events in
事件Event 必需属性:Required attribute:

id - 事件 ID。id - The id of the event.

可选属性:Optional attribute:

eventDestination -存储事件的表的名称eventDestination - The name of the table to store the events in

Metrics 元素Metrics Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - MetricsTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Metrics

可以生成针对快速查询进行优化的性能计数器表。Enables you to generate a performance counter table that is optimized for fast queries. PerformanceCounters 元素中定义的每个性能计数器除存储在性能计数器表内外,还存储在度量值表中。Each performance counter that is defined in the PerformanceCounters element is stored in the Metrics table in addition to the Performance Counter table.

必需 resourceId 属性。The resourceId attribute is required. 要在其中部署 Azure 诊断的虚拟机或虚拟机规模集的资源 ID。The resource ID of the Virtual Machine or Virtual Machine Scale Set you are deploying Azure Diagnostics to. Azure 门户获取 resourceIDGet the resourceID from the Azure portal. 选择“浏览” -> “资源组” -> “<名称>”。Select Browse -> Resource Groups -> <Name>. 单击“属性”磁贴,并从“ID”字段复制值。Click the Properties tile and copy the value from the ID field. 此 resourceID 属性既用于发送自定义指标,又用于为发送到事件中心的数据添加 resourceID 属性。This resourceID property is used for both sending custom metrics and for adding a resourceID property to data sent to Event Hubs. 注意,如果希望上传到事件中心的事件具有资源 ID,则需要在“指标”元素下添加 resourceId 属性 。Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID.

子元素Child Elements 说明Description
MetricAggregationMetricAggregation 必需属性:Required attribute:

scheduledTransferPeriod - 到存储空间的计划传输之间的时间间隔,向上舍入为最接近的分钟数。scheduledTransferPeriod - The interval between scheduled transfers to storage rounded up to the nearest minute. 值是 XML“持续时间数据类型。”The value is an XML “Duration Data Type.”

PerformanceCounters 元素PerformanceCounters Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - PerformanceCountersTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - PerformanceCounters

启用性能计数器收集。Enables the collection of performance counters.

可选属性:Optional attribute:

可选的 scheduledTransferPeriod 属性。Optional scheduledTransferPeriod attribute. 请参阅前面的说明。See explanation earlier.

子元素Child Element 说明Description
PerformanceCounterConfigurationPerformanceCounterConfiguration 需要以下属性:The following attributes are required:

- counterSpecifier - 性能计数器的名称。- counterSpecifier - The name of the performance counter. 例如,\Processor(_Total)\% Processor TimeFor example, \Processor(_Total)\% Processor Time. 若要获取性能计数器列表,请在主机上运行 typeperf 命令。To get a list of performance counters on your host, run the command typeperf.

- sampleRate - 应对计数器进行采样的频率。- sampleRate - How often the counter should be sampled.

可选属性:Optional attribute:

unit - 计数器的度量单位。unit - The unit of measure of the counter. 值在 UnitType 类中提供Values are available at UnitType Class
sinkssinks 在 1.5 中添加。Added in 1.5. 可选。Optional. 指向同时要发送诊断数据的接收器位置。Points to a sink location to also send diagnostic data. 例如 Azure Monitor 或事件中心。For example, Azure Monitor or Event Hubs.

WindowsEventLog 元素WindowsEventLog Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - WindowsEventLogTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - WindowsEventLog

启用收集 Windows 事件日志。Enables the collection of Windows Event Logs.

可选的 scheduledTransferPeriod 属性。Optional scheduledTransferPeriod attribute. 请参阅前面的说明。See explanation earlier.

子元素Child Element 说明Description
DataSourceDataSource 要收集的 Windows 事件日志。The Windows Event logs to collect. 必需属性:Required attribute:

name - 描述要收集的 Windows 事件的 XPath 查询。name - The XPath query describing the windows events to be collected. 例如:For example:

Application!*[System[(Level <=3)]], System!*[System[(Level <=3)]], System!*[System[Provider[@Name='Microsoft Antimalware']]], Security!*[System[(Level <= 3)]

若要收集所有事件,请指定“*”To collect all events, specify "*"
sinkssinks 在 1.5 中添加。Added in 1.5. 可选。Optional. 指向接收器位置以同时发送支持接收器的所有子元素的诊断数据。Points to a sink location to also send diagnostic data for all child elements that support sinks. 接收器示例是 Application Insights 或事件中心。Sink example is Application Insights or Event Hubs.

Logs 元素Logs Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - LogsTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - Logs

在 1.0 和 1.1 版本中提供。Present in version 1.0 and 1.1. 1.2 中不提供。Missing in 1.2. 在 1.3 中重新添加。Added back in 1.3.

定义基本 Azure 日志的缓冲区配置。Defines the buffer configuration for basic Azure logs.

属性Attribute 类型Type 说明Description
bufferQuotaInMBbufferQuotaInMB unsignedIntunsignedInt 可选。Optional. 指定可用于存储指定数据的文件系统存储最大容量。Specifies the maximum amount of file system storage that is available for the specified data.

默认值为 0。The default is 0.
scheduledTransferLogLevelFilterscheduledTransferLogLevelFilter stringstring 可选。Optional. 指定传输的日志条目的最低严重级别。Specifies the minimum severity level for log entries that are transferred. 默认值是“未定义”,这会传输所有日志。The default value is Undefined, which transfers all logs. 其他可能的值是(按信息严重级别从高到低排序)“详细”、“信息”、“警告”、“错误”和“严重”。Other possible values (in order of most to least information) are Verbose, Information, Warning, Error, and Critical.
scheduledTransferPeriodscheduledTransferPeriod durationduration 可选。Optional. 指定计划的数据传输之间的时间间隔,向上舍入为最接近的分钟数。Specifies the interval between scheduled transfers of data, rounded up to the nearest minute.

默认是 PT0S。The default is PT0S.
sinkssinks stringstring 在 1.5 中添加。Added in 1.5. 可选。Optional. 指向同时要发送诊断数据的接收器位置。Points to a sink location to also send diagnostic data. 例如,Application Insights 或事件中心。For example, Application Insights or Event Hubs. 注意,如果希望上传到事件中心的事件具有资源 ID,则需要在“指标”元素下添加 resourceId 属性 。Note you need to add the resourceId property under the Metrics element if you want events uploaded to Event Hubs to have a resource ID.

DockerSourcesDockerSources

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - DockerSourcesTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - DiagnosticMonitorConfiguration - DockerSources

在 1.9 中添加的。Added in 1.9.

元素名称Element Name 说明Description
StatsStats 告诉系统收集 Docker 容器的统计信息Tells the system to collect stats for Docker containers

SinksConfig 元素SinksConfig Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfigTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig

向其中发送诊断数据的位置的列表以及与这些位置关联的配置。A list of locations to send diagnostics data to and the configuration associated with those locations.

元素名称Element Name 说明Description
接收器Sink 在此页的其他位置查看说明。See description elsewhere on this page.

Sink 元素Sink Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - SinkTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink

在版本 1.5 中添加。Added in version 1.5.

定义向其中发送诊断数据的位置。Defines locations to send diagnostic data to. 例如,Application Insights 服务。For example, the Application Insights service.

属性Attribute 类型Type 说明Description
name name stringstring 标识 sinkname 的字符串。A string identifying the sinkname.
元素Element 类型Type 说明Description
Application InsightsApplication Insights stringstring 仅在将数据发送到 Application Insights 时使用。Used only when sending data to Application Insights. 包含有权访问的有效 Application Insights 帐户的检测密钥。Contain the Instrumentation Key for an active Application Insights account that you have access to.
通道Channels stringstring 每个对应一个流处理的其他筛选One for each additional filtering that stream that you

Channels 元素Channels Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - ChannelsTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - Channels

在版本 1.5 中添加。Added in version 1.5.

定义通过接收器的日志数据流的筛选器。Defines filters for streams of log data passing through a sink.

元素Element 类型Type 说明Description
ChannelChannel stringstring 在此页的其他位置查看说明。See description elsewhere on this page.

Channel 元素Channel Element

树:根 - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - Channels - ChannelTree: Root - DiagnosticsConfiguration - PublicConfig - WadCFG - SinksConfig - Sink - Channels - Channel

在版本 1.5 中添加。Added in version 1.5.

定义向其中发送诊断数据的位置。Defines locations to send diagnostic data to. 例如,Application Insights 服务。For example, the Application Insights service.

属性Attributes 类型Type 说明Description
logLevellogLevel stringstring 指定传输的日志条目的最低严重级别。Specifies the minimum severity level for log entries that are transferred. 默认值是“未定义”,这会传输所有日志。The default value is Undefined, which transfers all logs. 其他可能的值是(按信息严重级别从高到低排序)“详细”、“信息”、“警告”、“错误”和“严重”。Other possible values (in order of most to least information) are Verbose, Information, Warning, Error, and Critical.
namename stringstring 要引用的通道的唯一名称A unique name of the channel to refer to

PrivateConfig 元素PrivateConfig Element

树:根 - DiagnosticsConfiguration - PrivateConfigTree: Root - DiagnosticsConfiguration - PrivateConfig

在版本 1.3 中添加。Added in version 1.3.

可选Optional

存储存储帐户的私有详细信息(名称、密钥和终结点)。Stores the private details of the storage account (name, key, and endpoint). 此信息发送到虚拟机,但不能从中检索。This information is sent to the virtual machine, but cannot be retrieved from it.

子元素Child Elements 说明Description
StorageAccountStorageAccount 要使用的存储帐户。The storage account to use. 需要以下属性The following attributes are required

- name - 存储帐户的名称。- name - The name of the storage account.

- key - 存储帐户的密钥。- key - The key to the storage account.

- endpoint - 用于访问存储帐户的终结点。- endpoint - The endpoint to access the storage account.

-sasToken(在 1.8.1 中添加)- 可以在专用配置中指定 SAS 令牌而非存储帐户密钥。如果提供了此项,则会忽略存储帐户密钥。-sasToken (added 1.8.1)- You can specify an SAS token instead of a storage account key in the private config. If provided, the storage account key is ignored.
对 SAS 令牌的要求:Requirements for the SAS Token:
- 仅支持帐户 SAS 令牌- Supports account SAS token only
- bt 服务类型是必需的。- b, t service types are required.
- acuw 权限是必需的。- a, c, u, w permissions are required.
- co 资源类型是必需的。- c, o resource types are required.
- 仅支持 HTTPS 协议- Supports the HTTPS protocol only
- 起始时间和到期时间必须有效。- Start and expiry time must be valid.

IsEnabled 元素IsEnabled Element

树:根 - DiagnosticsConfiguration - IsEnabledTree: Root - DiagnosticsConfiguration - IsEnabled

布尔值。Boolean. 使用 true 启用诊断或使用 false 禁用诊断。Use true to enable the diagnostics or false to disable the diagnostics.

配置示例Example configuration

以下是以 JSON 和 XML 格式显示的 Windows 诊断扩展的完整示例配置。Following is a complete sample configuration for Windows diagnostics extension shown in both JSON and XML.

JSONJSON

PublicConfig 和 PrivateConfig 是分开的,因为在大多数 JSON 用例中,它们作为不同的变量传递。The PublicConfig and PrivateConfig are separated because in most JSON usage cases, they are passed as different variables. 这些用例包括资源管理器模板、PowerShell 和 Visual Studio。These cases include Resource Manager templates, PowerShell, and Visual Studio.

备注

公共配置 Azure Monitor 接收器定义有两个属性:resourceId 和 region。The public config Azure Monitor sink definition has two properties, resourceId and region. 这些属性仅是经典 VM 和经典云服务所必需的。These are only required for Classic VMs and Classic Cloud services. region 属性不应用于其他资源,在 ARM VM 上使用 resourceId 属性以将 resourceID 字段填充到上传到事件中心的日志中 。The region property should not be used for other resources, the resourceId property is used on ARM VMs to populate the resourceID field in logs uploaded to Event Hubs.

"PublicConfig" {
    "WadCfg": {
        "DiagnosticMonitorConfiguration": {
            "overallQuotaInMB": 10000,
            "DiagnosticInfrastructureLogs": {
                "scheduledTransferLogLevelFilter": "Error"
            },
            "PerformanceCounters": {
                "scheduledTransferPeriod": "PT1M",
                "sinks": "AzureMonitorSink",
                "PerformanceCounterConfiguration": [
                    {
                        "counterSpecifier": "\\Processor(_Total)\\% Processor Time",
                        "sampleRate": "PT1M",
                        "unit": "percent"
                    }
                ]
            },
            "Directories": {
                "scheduledTransferPeriod": "PT5M",
                "IISLogs": {
                    "containerName": "iislogs"
                },
                "FailedRequestLogs": {
                    "containerName": "iisfailed"
                },
                "DataSources": [
                    {
                        "containerName": "mynewprocess",
                        "Absolute": {
                            "path": "C:\\MyNewProcess",
                            "expandEnvironment": false
                        }
                    },
                    {
                        "containerName": "badapp",
                        "Absolute": {
                            "path": "%SYSTEMDRIVE%\\BadApp",
                            "expandEnvironment": true
                        }
                    },
                    {
                        "containerName": "goodapp",
                        "LocalResource": {
                            "relativePath": "..\\PeanutButter",
                            "name": "Skippy"
                        }
                    }
                ]
            },
            "EtwProviders": {
                "sinks": "",
                "EtwEventSourceProviderConfiguration": [
                    {
                        "scheduledTransferPeriod": "PT5M",
                        "provider": "MyProviderClass",
                        "Event": [
                            {
                                "id": 0
                            },
                            {
                                "id": 1,
                                "eventDestination": "errorTable"
                            }
                        ],
                        "DefaultEvents": {
                        }
                    }
                ],
                "EtwManifestProviderConfiguration": [
                    {
                        "scheduledTransferPeriod": "PT2M",
                        "scheduledTransferLogLevelFilter": "Information",
                        "provider": "5974b00b-84c2-44bc-9e58-3a2451b4e3ad",
                        "Event": [
                            {
                                "id": 0
                            }
                        ],
                        "DefaultEvents": {
                        }
                    }
                ]
            },
            "WindowsEventLog": {
                "scheduledTransferPeriod": "PT5M",
                "DataSource": [
                    {
                        "name": "System!*[System[Provider[@Name='Microsoft Antimalware']]]"
                    },
                    {
                        "name": "System!*[System[Provider[@Name='NTFS'] and (EventID=55)]]"
                    },
                    {
                        "name": "System!*[System[Provider[@Name='disk'] and (EventID=7 or EventID=52 or EventID=55)]]"
                    }
                ]
            },
            "Logs": {
                "scheduledTransferPeriod": "PT1M",
                "scheduledTransferLogLevelFilter": "Verbose",
                "sinks": "ApplicationInsights.AppLogs"
            },
            "CrashDumps": {
                "directoryQuotaPercentage": 30,
                "dumpType": "Mini",
                "containerName": "wad-crashdumps",
                "CrashDumpConfiguration": [
                    {
                        "processName": "mynewprocess.exe"
                    },
                    {
                        "processName": "badapp.exe"
                    }
                ]
            }
        },
        "SinksConfig": {
            "Sink": [
                {
                    "name": "AzureMonitorSink",
                    "AzureMonitor":
                    {
                        "ResourceId": "{insert resourceId if a classic VM or cloud service, else property not needed}",
                        "Region": "{insert Azure region of resource if a classic VM or cloud service, else property not needed}"
                    }
                },
                {
                    "name": "ApplicationInsights",
                    "ApplicationInsights": "{Insert InstrumentationKey}",
                    "Channels": {
                        "Channel": [
                            {
                                "logLevel": "Error",
                                "name": "Errors"
                            },
                            {
                                "logLevel": "Verbose",
                                "name": "AppLogs"
                            }
                        ]
                    }
                },
                {
                    "name": "EventHub",
                    "EventHub": {
                        "Url": "https://myeventhub-ns.servicebus.chinacloudapi.cn/diageventhub",
                        "SharedAccessKeyName": "SendRule",
                        "usePublisherId": false
                    }
                },
                {
                    "name": "secondaryEventHub",
                    "EventHub": {
                        "Url": "https://myeventhub-ns.servicebus.chinacloudapi.cn/secondarydiageventhub",
                        "SharedAccessKeyName": "SendRule",
                        "usePublisherId": false
                    }
                },
                {
                    "name": "secondaryStorageAccount",
                    "StorageAccount": {
                        "name": "secondarydiagstorageaccount",
                        "endpoint": "https://core.chinacloudapi.cn"
                    }
                }
            ]
        }
    },
    "StorageAccount": "diagstorageaccount",
    "StorageType": "TableAndBlob"
}

备注

专用配置 Azure Monitor 接收器定义有两个属性:PrincipalId 和 Secret。The private config Azure Monitor sink definition has two properties, PrincipalId and Secret. 这些属性仅是经典 VM 和经典云服务所必需的。These are only required for Classic VMs and Classic Cloud services. 这些属性不应用于其他资源。These properties should not be used for other resources.

"PrivateConfig" {
    "storageAccountName": "diagstorageaccount",
    "storageAccountKey": "{base64 encoded key}",
    "storageAccountEndPoint": "https://core.chinacloudapi.cn",
    "storageAccountSasToken": "{sas token}",
    "EventHub": {
        "Url": "https://myeventhub-ns.servicebus.chinacloudapi.cn/diageventhub",
        "SharedAccessKeyName": "SendRule",
        "SharedAccessKey": "{base64 encoded key}"
    },
    "AzureMonitorAccount": {
        "ServicePrincipalMeta": {
            "PrincipalId": "{Insert service principal client Id}",
            "Secret": "{Insert service principal client secret}"
        }
    },
    "SecondaryStorageAccounts": {
        "StorageAccount": [
            {
                "name": "secondarydiagstorageaccount",
                "key": "{base64 encoded key}",
                "endpoint": "https://core.chinacloudapi.cn",
                "sasToken": "{sas token}"
            }
        ]
    },
    "SecondaryEventHubs": {
        "EventHub": [
            {
                "Url": "https://myeventhub-ns.servicebus.chinacloudapi.cn/secondarydiageventhub",
                "SharedAccessKeyName": "SendRule",
                "SharedAccessKey": "{base64 encoded key}"
            }
        ]
    }
}

XMLXML

<?xml version="1.0" encoding="utf-8"?>  
<DiagnosticsConfiguration  xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">   
  <PublicConfig>  
    <WadCfg>  
      <DiagnosticMonitorConfiguration overallQuotaInMB="10000">  

        <PerformanceCounters scheduledTransferPeriod="PT1M", sinks="AzureMonitorSink">  
          <PerformanceCounterConfiguration counterSpecifier="\Processor(_Total)\% Processor Time" sampleRate="PT1M" unit="percent" />  
        </PerformanceCounters>  

        <Directories scheduledTransferPeriod="PT5M">  
          <IISLogs containerName="iislogs" />  
          <FailedRequestLogs containerName="iisfailed" />  

          <DataSources>  
            <DirectoryConfiguration containerName="mynewprocess">  
              <Absolute path="C:\MyNewProcess" expandEnvironment="false" />  
            </DirectoryConfiguration>  
            <DirectoryConfiguration containerName="badapp">  
              <Absolute path="%SYSTEMDRIVE%\BadApp" expandEnvironment="true" />  
            </DirectoryConfiguration>  
            <DirectoryConfiguration containerName="goodapp">  
              <LocalResource name="Skippy" relativePath="..\PeanutButter"/>  
            </DirectoryConfiguration>  
          </DataSources>  

        </Directories>  

        <EtwProviders>  
          <EtwEventSourceProviderConfiguration   
                       provider="MyProviderClass"   
                       scheduledTransferPeriod="PT5M">  
            <Event id="0"/>  
            <Event id="1" eventDestination="errorTable"/>  
            <DefaultEvents />  
          </EtwEventSourceProviderConfiguration>  
          <EtwManifestProviderConfiguration provider="5974b00b-84c2-44bc-9e58-3a2451b4e3ad" scheduledTransferLogLevelFilter="Information" scheduledTransferPeriod="PT2M">  
            <Event id="0"/>  
            <DefaultEvents eventDestination="defaultTable"/>  
          </EtwManifestProviderConfiguration>  
        </EtwProviders>  

        <WindowsEventLog scheduledTransferPeriod="PT5M">  
          <DataSource name="System!*[System[Provider[@Name='Microsoft Antimalware']]]"/>  
          <DataSource name="System!*[System[Provider[@Name='NTFS'] and (EventID=55)]]" />  
          <DataSource name="System!*[System[Provider[@Name='disk'] and (EventID=7 or EventID=52 or EventID=55)]]" />  
        </WindowsEventLog>  

        <Logs  bufferQuotaInMB="1024"   
             scheduledTransferPeriod="PT1M"   
             scheduledTransferLogLevelFilter="Verbose"   
             sinks="ApplicationInsights.AppLogs"/>  <!-- sinks attribute added in 1.5 -->  

        <CrashDumps containerName="wad-crashdumps" directoryQuotaPercentage="30" dumpType="Mini">  
          <CrashDumpConfiguration processName="mynewprocess.exe" />  
          <CrashDumpConfiguration processName="badapp.exe"/>  
        </CrashDumps>  

        <DockerSources> <!-- Added in 1.9 -->
          <Stats enabled="true" sampleRate="PT1M" scheduledTransferPeriod="PT1M" />
        </DockerSources>

      </DiagnosticMonitorConfiguration>  

      <SinksConfig>   <!-- Added in 1.5 -->  
        <Sink name="AzureMonitorSink">
            <AzureMonitor> <!-- Added in 1.11 -->
                <resourceId>{insert resourceId}</ResourceId> <!-- Parameter only needed for classic VMs and Classic Cloud Services, exclude VMSS and Resource Manager VMs-->
                <Region>{insert Azure region of resource}</Region> <!-- Parameter only needed for classic VMs and Classic Cloud Services, exclude VMSS and Resource Manager VMs -->
            </AzureMonitor>
        </Sink>
        <Sink name="ApplicationInsights">   
          <ApplicationInsights>{Insert InstrumentationKey}</ApplicationInsights>   
          <Channels>   
            <Channel logLevel="Error" name="Errors"  />   
            <Channel logLevel="Verbose" name="AppLogs"  />   
          </Channels>   
        </Sink>   
        <Sink name="EventHub"> <!-- Added in 1.7 -->
          <EventHub Url="https://myeventhub-ns.servicebus.chinacloudapi.cn/diageventhub" SharedAccessKeyName="SendRule" usePublisherId="false" />
        </Sink>
        <Sink name="secondaryEventHub"> <!-- Added in 1.7 -->
          <EventHub Url="https://myeventhub-ns.servicebus.chinacloudapi.cn/secondarydiageventhub" SharedAccessKeyName="SendRule" usePublisherId="false" />
        </Sink>
        <Sink name="secondaryStorageAccount"> <!-- Added in 1.7 -->
          <StorageAccount name="secondarydiagstorageaccount" endpoint="https://core.chinacloudapi.cn" />
        </Sink>
   </SinksConfig>

  </WadCfg>  

  <StorageAccount>diagstorageaccount</StorageAccount>
  <StorageType>TableAndBlob</StorageType> <!-- Added in 1.8 -->  
  </PublicConfig>  

  <PrivateConfig>  <!-- Added in 1.3 -->  
    <StorageAccount name="" key="" endpoint="" sasToken="{sas token}"  />  <!-- sasToken in Private config added in 1.8.1 -->  
    <EventHub Url="https://myeventhub-ns.servicebus.chinacloudapi.cn/diageventhub" SharedAccessKeyName="SendRule" SharedAccessKey="{base64 encoded key}" />

    <AzureMonitorAccount>
        <ServicePrincipalMeta> <!-- Added in 1.11; only needed for classic VMs and Classic cloud services -->
            <PrincipalId>{Insert service principal clientId}</PrincipalId>
            <Secret>{Insert service principal client secret}</Secret>
        </ServicePrincipalMeta>
    </AzureMonitorAccount>

    <SecondaryStorageAccounts>
       <StorageAccount name="secondarydiagstorageaccount" key="{base64 encoded key}" endpoint="https://core.chinacloudapi.cn" sasToken="{sas token}" />
    </SecondaryStorageAccounts>

    <SecondaryEventHubs>
       <EventHub Url="https://myeventhub-ns.servicebus.chinacloudapi.cn/secondarydiageventhub" SharedAccessKeyName="SendRule" SharedAccessKey="{base64 encoded key}" />
    </SecondaryEventHubs>

  </PrivateConfig>  
  <IsEnabled>true</IsEnabled>  
</DiagnosticsConfiguration>  

备注

公共配置 Azure Monitor 接收器定义有两个属性:resourceId 和 region。The public config Azure Monitor sink definition has two properties, resourceId and region. 这些属性仅是经典 VM 和经典云服务所必需的。These are only required for Classic VMs and Classic Cloud services. 这些属性不应该用于资源管理器虚拟机或虚拟机规模集。These properties should not be used for Resource Manager Virtual Machines or Virtual Machine Scale sets. Azure Monitor 接收器还有一个额外的 Private Config 元素,它传入主体 ID 和机密。There is also an additional Private Config element for the Azure Monitor sink, that passes in a Principal Id and Secret. 此属性仅是经典 VM 和经典云服务所必需的。This is only required for Classic VMs and Classic Cloud Services. 对于资源管理器 VM 和 VMSS,可以排除 private config 元素中的 Azure Monitor 定义。For Resource Manager VMs and VMSS the Azure Monitor definition in the private config element can be excluded.