将数据从 Windows Azure 诊断扩展发送到 Azure 事件中心Send data from Windows Azure diagnostics extension to Azure Event Hubs

Azure 诊断扩展是 Azure Monitor 中的一个代理,可从 Azure 虚拟机的来宾操作系统和工作负荷及其他计算资源收集监视数据。Azure diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system and workloads of Azure virtual machines and other compute resources. 本文介绍如何将数据从 Windows Azure 诊断扩展 (WAD) 发送到 Azure 事件中心,以便将其转发到 Azure 之外的位置。This article describes how to send data from the Windows Azure Diagnostic extension (WAD) to Azure Event Hubs so you can forward to locations outside of Azure.

支持的数据Supported data

从来宾操作系统收集的可发送到事件中心的数据包括以下内容。The data collected from the guest operating system that can be sent to Event Hubs includes the following. WAD 收集的其他数据源(包括 IIS 日志和故障转储)无法发送到事件中心。Other data sources collected by WAD, including IIS Logs and crash dumps, cannot be sent to Event Hubs.

  • Windows 事件跟踪 (ETW) 事件Event Tracing for Windows (ETW) events
  • 性能计数器Performance counters
  • Windows 事件日志(包括 Windows 事件日志中的应用程序日志)Windows event logs, including application logs in the Windows event log
  • Azure 诊断基础结构日志Azure Diagnostics infrastructure logs

先决条件Prerequisites

配置架构Configuration schema

请参阅安装并配置 Windows Azure 诊断扩展 (WAD),获取启用和配置诊断扩展的不同选项;参阅 Azure 诊断配置架构,获取配置架构参考。See Install and configure Windows Azure diagnostics extension (WAD) for different options for enabling and configuring the diagnostics extension and Azure Diagnostics configuration schema for a reference of the configuration schema. 本文的其余部分将介绍如何使用此配置向事件中心发送数据。The rest of this article will describe how to use this configuration to send data to an event hub.

Azure 诊断始终将日志和指标发送到 Azure 存储帐户。Azure Diagnostics always sends logs and metrics to an Azure Storage account. 可以配置一个或多个可将数据发送到其他位置的数据接收器。You can configure one or more data sinks that send data to additional locations. 每个接收器都在公共配置的 SinksConfig 元素中定义,而敏感信息则包含在专用配置中。Each sink is defined in the SinksConfig element of the public configuration with sensitive information in the private configuration. 事件中心的此配置使用下表中的值。This configuration for event hubs uses the values in the following table.

属性Property 说明Description
名称Name 接收器的说明性名称。Descriptive name for the sink. 在配置中用于指定要发送到接收器的数据源。Used in the configuration to specify which data sources to send to the sink.
UrlUrl 事件中心的 URL,格式为 <event-hubs-namespace>.servicebus.chinacloudapi.cn/<event-hub-name>。Url of the event hub in the form <event-hubs-namespace>.servicebus.chinacloudapi.cn/<event-hub-name>.
SharedAccessKeyNameSharedAccessKeyName 事件中心的至少具有“发送”权限的共享访问策略的名称。Name of a shared access policy for the event hub that has at least Send authority.
SharedAccessKeySharedAccessKey 事件中心的共享访问策略中的主密钥或辅助密钥。Primary or secondary key from the shared access policy for the event hub.

下面显示了公共和专用配置示例。Example public and private configurations are shown below. 这是一个最小配置,其中包含一个性能计数器和事件日志,用于说明如何配置和使用事件中心数据接收器。This is a minimal configuration with a single performance counter and event log to illustrate how to configure and use the event hub data sink. 如需更复杂的示例,请参阅 Azure 诊断配置架构See Azure Diagnostics configuration schema for a more complex example.

公共配置Public configuration

{
    "WadCfg": {
        "DiagnosticMonitorConfiguration": {
            "overallQuotaInMB": 5120,
            "PerformanceCounters": {
                "scheduledTransferPeriod": "PT1M",
                "sinks": "myEventHub",
                "PerformanceCounterConfiguration": [
                    {
                        "counterSpecifier": "\\Processor(_Total)\\% Processor Time",
                        "sampleRate": "PT3M"
                    }
                ]
            },
            "WindowsEventLog": {
                "scheduledTransferPeriod": "PT1M",
                "sinks": "myEventHub",
                    "DataSource": [
                    {
                        "name": "Application!*[System[(Level=1 or Level=2 or Level=3)]]"
                    }
                ]
            }
        },
        "SinksConfig": {
            "Sink": [
                {
                    "name": "myEventHub",
                    "EventHub": {
                        "Url": "https://diags-mycompany-ns.servicebus.chinacloudapi.cn/diageventhub",
                        "SharedAccessKeyName": "SendRule"
                    }
                }
            ]
        }
    },
    "StorageAccount": "mystorageaccount",
}

专用配置Private configuration

{
    "storageAccountName": "mystorageaccount",
    "storageAccountKey": "{base64 encoded key}",
    "storageAccountEndPoint": "https://core.chinacloudapi.cn",
    "EventHub": {
        "Url": "https://diags-mycompany-ns.servicebus.chinacloudapi.cn/diageventhub",
        "SharedAccessKeyName": "SendRule",
        "SharedAccessKey": "{base64 encoded key}"
    }
}

配置选项Configuration options

若要将数据发送到数据接收器,请在数据源的节点上指定 sinks 特性。To send data to a data sink, you specify the sinks attribute on the data source's node. 在何处放置 sinks 特性决定了分配的范围。Where you place the sinks attribute determines the scope of the assignment. 在以下示例中,sinks 特性定义到 PerformanceCounters 节点,这会导致系统将所有子性能计数器都发送到事件中心。In the following example, the sinks attribute is defined to the PerformanceCounters node which will cause all child performance counters to be sent to the event hub.

"PerformanceCounters": {
    "scheduledTransferPeriod": "PT1M",
    "sinks": "MyEventHub",
    "PerformanceCounterConfiguration": [
        {
            "counterSpecifier": "\\Processor(_Total)\\% Processor Time",
            "sampleRate": "PT3M"
        },
        {
            "counterSpecifier": "\\Memory\\Available MBytes",
            "sampleRate": "PT3M"
        },
        {
            "counterSpecifier": "\\Web Service(_Total)\\ISAPI Extension Requests/sec",
            "sampleRate": "PT3M"
        }
    ]
}

在以下示例中,sinks 特性直接应用到三个计数器,这会导致系统仅将这些性能计数器发送到事件中心。In the following example, the sinks attribute is applied directly to three counters which will cause only those performance counters to be sent to the event hub.

"PerformanceCounters": {
    "scheduledTransferPeriod": "PT1M",
    "PerformanceCounterConfiguration": [
        {
            "counterSpecifier": "\\Processor(_Total)\\% Processor Time",
            "sampleRate": "PT3M",
            "sinks": "MyEventHub"
        },
        {
            "counterSpecifier": "\\Memory\\Available MBytes",
            "sampleRate": "PT3M"
        },
        {
            "counterSpecifier": "\\Web Service(_Total)\\ISAPI Extension Requests/sec",
            "sampleRate": "PT3M"
        },
        {
            "counterSpecifier": "\\ASP.NET\\Requests Rejected",
            "sampleRate": "PT3M",
            "sinks": "MyEventHub"
        },
        {
            "counterSpecifier": "\\ASP.NET\\Requests Queued",
            "sampleRate": "PT3M",
            "sinks": "MyEventHub"
        }
    ]
}

验证配置Validating configuration

可以使用多种方法来验证数据是否发送到事件中心。You can use a variety of methods to validate that data is being sent to the event hub. 使用事件中心捕获是一种直接的方法,如通过 Azure Blob 存储或 Azure Data Lake Storage 中的 Azure 事件中心来捕获事件中所述。ne straightforward method is to use Event Hubs capture as described in Capture events through Azure Event Hubs in Azure Blob Storage or Azure Data Lake Storage.

排查事件中心接收器问题Troubleshoot Event Hubs sinks

  • 查看 Azure 存储表 WADDiagnosticInfrastructureLogsTable,其中包含 Azure 诊断本身的日志和错误。Look at the Azure Storage table WADDiagnosticInfrastructureLogsTable which contains logs and errors for Azure Diagnostics itself. 可使用 Azure 存储资源管理器 等工具连接到此存储帐户,查看此表,并添加过去 24 小时的时间戳查询。One option is to use a tool such as Azure Storage Explorer to connect to this storage account, view this table, and add a query for TimeStamp in the last 24 hours. 可以使用此工具导出 .csv 文件,并在 Microsoft Excel 之类的应用程序中打开它。You can use the tool to export a .csv file and open it in an application such as Microsoft Excel. Excel 可轻松搜索电话卡字符串(如 EventHubs),查看系统报告了哪些错误。Excel makes it easy to search for calling-card strings, such as EventHubs, to see what error is reported.

  • 检查是否已成功预配事件中心。Check that your event hub is successfully provisioned. 配置的 PrivateConfig 节的所有连接信息必须与门户中显示的资源值匹配。All connection info in the PrivateConfig section of the configuration must match the values of your resource as seen in the portal. 请确保已在门户中定义 SAS 策略(本示例中为 SendRule),并为其授予“发送”权限。Make sure that you have a SAS policy defined (SendRule in the example) in the portal and that Send permission is granted.

后续步骤Next steps