使用 Azure Monitor 监视 Azure Stack HCIMonitor Azure Stack HCI with Azure Monitor

适用于:Azure Stack HCI 版本 20H2;Windows Server 2019Applies to: Azure Stack HCI, version 20H2; Windows Server 2019

Azure Monitor 从各种资源(包括在本地和云中的 Windows 服务器和虚拟机 (VM))收集、分析和执行遥测。Azure Monitor collects, analyzes, and acts on telemetry from a variety of resources, including Windows servers and virtual machines (VMs), both on-premises and in the cloud. 虽然 Azure Monitor 从 Azure VM 和其他 Azure 资源中提取数据,但本文将重点介绍 Azure Monitor 如何与在 Azure Stack HCI 上运行的本地服务器和 VM(尤其是与 Windows 管理中心)协同工作。Though Azure Monitor pulls data from Azure VMs and other Azure resources, this article focuses on how Azure Monitor works with on-premises servers and VMs running on Azure Stack HCI, specifically with Windows Admin Center.

Azure Monitor 的工作原理是怎样的?How does Azure Monitor work?

Azure Monitor 工作原理示意图 从本地 Windows 服务器生成的数据收集在 Azure Monitor 中的 Log Analytics 工作区中。Data generated from on-premises Windows Servers is collected in a Log Analytics workspace in Azure Monitor. 在工作区中,你可以启用各种监视解决方案逻辑集,为特定方案提供见解。Within a workspace, you can enable various monitoring solutions—sets of logic that provide insights for a particular scenario. 例如,Azure 更新管理、Azure 安全中心和用于 VM 的 Azure Monitor 都是可以在工作区内启用的监视解决方案。For example, Azure Update Management, Azure Security Center, and Azure Monitor for VMs are all monitoring solutions that can be enabled within a workspace.

当你在 Log Analytics 工作区中启用监视解决方案时,向该工作区报告的所有服务器都将开始收集与该解决方案相关的数据,以便该解决方案可以为工作区中的所有服务器生成见解。When you enable a monitoring solution in a Log Analytics workspace, all the servers reporting to that workspace will start collecting data relevant to that solution, so that the solution can generate insights for all the servers in the workspace.

若要在本地服务器上收集诊断数据并将其推送到 Log Analytics 工作区,Azure Monitor 需要安装 Microsoft Monitoring Agent (MMA)。To collect diagnostic data on an on-premises server and push it to the Log Analytics workspace, Azure Monitor requires the installation of the Microsoft Monitoring Agent (MMA). 某些监视解决方案还需要辅助代理。Certain monitoring solutions also require a secondary agent. 例如,用于 VM 的 Azure Monitor 还依赖于 ServiceMap 代理来获得此解决方案提供的其他功能。For example, Azure Monitor for VMs also depends on a ServiceMap agent for additional functionality that this solution provides.

某些解决方案(例如 Azure 更新管理)还依赖于 Azure 自动化来集中管理 Azure 和非 Azure 环境中的资源。Some solutions, like Azure Update Management, also depend on Azure Automation, which enables you to centrally manage resources across Azure and non-Azure environments. 例如,Azure 更新管理使用 Azure 自动化在 Azure 门户中对环境中的计算机上的更新安装集中地进行安排和协调。For example, Azure Update Management uses Azure Automation to schedule and orchestrate installation of updates across machines in your environment, centrally, from the Azure portal.

Azure Monitor 收集哪些数据?What data does Azure Monitor collect?

Azure Monitor 收集的所有数据属于以下两种基本类型之一:指标和日志。All data collected by Azure Monitor fits into one of two fundamental types: metrics and logs.

  1. 指标是数字值,用于描述系统某些方面在特定时间点的情况。Metrics are numerical values that describe some aspect of a system at a particular point in time. 指标是轻型数据,可以支持近实时方案。They are lightweight and capable of supporting near real-time scenarios. Azure 门户的“概述”页中显示了 Azure Monitor 收集的数据。You'll see data collected by Azure Monitor right in the Overview page in the Azure portal.

    在指标资源管理器中引入指标的图像

  2. 日志包含不同类型的已经整理成记录的数据,每种类型都有不同的属性集。Logs contain different kinds of data organized into records with different sets of properties for each type. 与性能数据一样,事件和跟踪等遥测数据也作为日志存储,因此,可将它们合并以进行分析。Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis. 可以使用查询来分析 Azure Monitor 收集的日志数据,这些查询可以快速检索、合并和分析所收集的数据。Log data collected by Azure Monitor can be analyzed with queries to quickly retrieve, consolidate, and analyze collected data. 可以使用 Azure 门户中的 Log Analytics 创建和测试查询,然后可以直接使用这些工具分析数据,或者保存查询以便与可视化效果警报规则配合使用。You can create and test queries using Log Analytics in the Azure portal and then either directly analyze the data using these tools or save queries for use with visualizations or alert rules.

    在 Log Analytics 中引入日志的图像

如何通过 Windows 管理中心使用 Azure Monitor?How does Windows Admin Center enable you to use Azure Monitor?

在 Windows 管理中心,可以启用三个监视解决方案:From within Windows Admin Center, you can enable three monitoring solutions:

你可以从这些工具中的任何一个开始使用 Azure Monitor。You can get started using Azure Monitor from any of these tools. 如果你以前从未使用过 Azure Monitor,Windows 管理中心将自动提供 Log Analytics 工作区(以及 Azure 自动化帐户,如果需要的话),并在目标服务器上安装和配置 MMA。If you've never used Azure Monitor before, Windows Admin Center will automatically provision a Log Analytics workspace (and Azure Automation account, if needed), and install and configure the MMA on the target server. 然后再将相应的解决方案安装到工作区中。It will then install the corresponding solution into the workspace.

例如,如果先使用“更新”工具设置 Azure 更新管理,则 Windows Admin Center 将执行以下操作:For instance, if you first go to the Updates tool to setup Azure Update Management, Windows Admin Center will:

  1. 在计算机上安装 MMA。Install the MMA on the machine.
  2. 创建 Log Analytics 工作区和 Azure 自动化帐户(因为本例中必须使用 Azure 自动化帐户)。Create the Log Analytics workspace and the Azure Automation account (because an Azure Automation account is necessary in this case).
  3. 在新创建的工作区中安装更新管理解决方案。Install the Update Management solution in the newly created workspace.

如果要在同一服务器上的 Windows 管理中心内添加另一个监视解决方案,Windows 管理中心只需将该解决方案安装到该服务器连接到的现有工作区中。If you want to add another monitoring solution from within Windows Admin Center on the same server, Windows Admin Center will simply install that solution into the existing workspace to which that server is connected. Windows 管理中心还将安装任何其他必需的代理。Windows Admin Center will additionally install any other necessary agents.

如果连接到其他服务器,但已设置 Log Analytics 工作区(通过 Windows Admin Center 或在 Azure 门户中手动设置),则也可以在服务器上安装 MMA 并将其连接到现有工作区。If you connect to a different server, but have already setup a Log Analytics workspace (either through Windows Admin Center or manually in the Azure portal), you can also install the MMA on the server and connect it up to an existing workspace. 将服务器连接到工作区时,它会自动开始收集数据并向该工作区中安装的解决方案报告。When you connect a server into a workspace, it automatically starts collecting data and reporting to solutions installed in that workspace.

用于虚拟机的 Azure Monitor(虚拟机见解)Azure Monitor for virtual machines (Virtual Machine insights)

在“服务器设置”中设置用于 VM 的 Azure Monitor 时,Windows 管理中心将启用用于 VM 的 Azure Monitor 解决方案,也称为虚拟机见解。When you set up Azure Monitor for VMs in Server Settings, Windows Admin Center enables the Azure Monitor for VMs solution, also known as Virtual Machine insights. 使用此解决方案,你可监视服务器运行状况和事件,创建电子邮件警报,获得整个环境中服务器性能的统一视图,以及可视化连接到给定服务器的应用、系统和服务。This solution allows you to monitor server health and events, create email alerts, get a consolidated view of server performance across your environment, and visualize apps, systems, and services connected to a given server.

备注

不管名称如何,虚拟机见解都适用于物理服务器和虚拟机。Despite its name, Virtual Machine insights works for physical servers as well as virtual machines.

使用 Azure Monitor 的免费 5 GB 数据/月/客户额度,你可以轻松地在一两台服务器上试用,而无需担心付费。With Azure Monitor's free 5 GB of data/month/customer allowance, you can easily try this out for a server or two without worry of getting charged. 继续阅读以了解将服务器载入到 Azure Monitor 中的其他好处,例如获得环境中服务器的系统性能的统一视图。Read on to see additional benefits of onboarding servers into Azure Monitor, such as getting a consolidated view of systems performance across the servers in your environment.

使用 Windows 管理中心载入群集Onboard your cluster using Windows Admin Center

将群集载入到 Azure Monitor 的最简单方法是,使用 Windows 管理中心中的自动工作流配置运行状况服务和 Log Analytics,然后安装 MMA。The simplest way to onboard your cluster to Azure Monitor is by using the automated workflow in Windows Admin Center that configures the Health Service and Log Analytics, then installs the MMA.

将群集载入到 Azure Monitor 的图像

在服务器连接的“概述”页中,单击“管理警报”新按钮,或转到“服务器设置”>“监视和警报” 。From the Overview page of a server connection, click the new button Manage alerts, or go to Server Settings > Monitoring and alerts. 在此页中,单击“设置”并完成设置窗格,将服务器载入到 Azure Monitor。Within this page, onboard your server to Azure Monitor by clicking Set up and completing the setup pane. 管理中心负责配置 Azure Log Analytics 工作区,安装所需的代理,并确保配置虚拟机见解解决方案。Admin Center takes care of provisioning the Azure Log Analytics workspace, installing the necessary agent, and ensuring the Virtual Machine insights solution is configured. 完成后,服务器将向 Azure Monitor 发送性能计数器数据,使你能够从 Azure 门户查看和创建基于此服务器的电子邮件警报。Once complete, your server will send performance counter data to Azure Monitor, enabling you to view and create email alerts based on this server, from the Azure portal.

使用 PowerShell 手动载入群集Onboard your cluster manually using PowerShell

如果你想要手动载入群集,请执行以下步骤。If you prefer to onboard your cluster manually, follow the steps below.

配置运行状况服务Configure Health Service

首先要做的就是配置群集。The first thing that you need to do is configure your cluster. 你可能也知道,运行状况服务改进了运行存储空间直通的群集的日常监视和操作体验。As you may know, the Health Service improves the day-to-day monitoring and operational experience for clusters running Storage Spaces Direct.

如上所述,Azure Monitor 从群集中运行的每个节点收集日志。As we saw above, Azure Monitor collects logs from each node that it is running on in your cluster. 因此,我们必须将运行状况服务配置为写入事件通道,这恰好是:So, we have to configure the Health Service to write to an event channel, which happens to be:

Event Channel: Microsoft-Windows-Health/Operational
Event ID: 8465

若要配置运行状况服务,请运行:To configure the Health Service, you run:

get-storagesubsystem clus* | Set-StorageHealthSetting -Name "Platform.ETW.MasTypes" -Value "Microsoft.Health.EntityType.Subsystem,Microsoft.Health.EntityType.Server,Microsoft.Health.EntityType.PhysicalDisk,Microsoft.Health.EntityType.StoragePool,Microsoft.Health.EntityType.Volume,Microsoft.Health.EntityType.Cluster"

运行上述 cmdlet 会通知运行状况设置开始将事件写入 Microsoft-Windows-Health/Operational 事件通道。Running the cmdlet above tells the Health Setting to start writing events to the Microsoft-Windows-Health/Operational event channel.

配置 Log AnalyticsConfigure Log Analytics

在群集上正确设置日志记录之后,下一步就是正确配置 Log Analytics。Now that you have setup the proper logging on your cluster, the next step is to properly configure Log Analytics.

为了提供概述,Azure Log Analytics 可将物理或虚拟 Windows 计算机中的数据从数据中心或其他云环境直接收集到单个存储库中,以便进行详细的分析和关联。To give an overview, Azure Log Analytics can collect data directly from your physical or virtual Windows computers in your data center or other cloud environment into a single repository for detailed analysis and correlation.

若要了解支持的配置,请查看支持的 Windows 操作系统网络防火墙配置To understand the supported configuration, review supported Windows operating systems and network firewall configuration.

如果没有 Azure 订阅,请在开始前创建一个试用订阅If you don't have an Azure subscription, create a Trial Subscription before you begin.

登录到 Azure 门户Log in to Azure portal

通过 https://portal.azure.cn 登录到 Azure 门户。Log in to the Azure portal at https://portal.azure.cn.

创建工作区Create a workspace

有关下面列出的步骤的详细信息,请参阅 Azure Monitor 文档For more details on the steps listed below, see the Azure Monitor documentation.

  1. 在 Azure 门户中,单击“所有服务”。In the Azure portal, click All services. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics”。Select Log Analytics.

    Azure 门户

  2. 单击“创建”,然后为以下各项选择选项:Click Create, and then select choices for the following items:

    • 为新的 Log Analytics 工作区提供名称,如 DefaultLAWorkspace。Provide a name for the new Log Analytics Workspace, such as DefaultLAWorkspace.
    • 如果选择的默认值不合适,请从下拉列表中选择要链接到的 订阅Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
    • 对于“资源组”,选择包含一个或多个 Azure 虚拟机的现有资源组。For Resource Group, select an existing resource group that contains one or more Azure virtual machines.

    创建 Log Analytics 资源边栏选项卡

  3. 在“Log Analytics 工作区”窗格上提供所需信息后,单击“确定” 。After providing the required information on the Log Analytics Workspace pane, click OK.

在验证信息和创建工作区时,可以在菜单中的“通知”下面跟踪操作进度。While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.

获取工作区 ID 和密钥Obtain workspace ID and key

在安装适用于 Windows 的 MMA 前,需要先获得 Log Analytics 工作区的工作区 ID 和秘钥。Before installing the MMA for Windows, you need the workspace ID and key for your Log Analytics workspace. 安装向导需要使用此信息来正确配备代理,并确保它能与 Log Analytics 成功通信。This information is required by the setup wizard to properly configure the agent and ensure it can successfully communicate with Log Analytics.

  1. 在 Azure 门户中,单击左上角的“所有服务”。In the Azure portal, click All services found in the upper left-hand corner. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics”。Select Log Analytics.
  2. 在 Log Analytics 工作区列表中,选择之前创建的 DefaultLAWorkspace。In your list of Log Analytics workspaces, select DefaultLAWorkspace created earlier.
  3. 选择“高级设置”。Select Advanced settings. Log Analytics 高级设置
  4. 选择“已连接的源”,然后选择“Windows 服务器” 。Select Connected Sources, and then select Windows Servers.
  5. “工作区 ID”和“主密钥”右侧的值 。The value to the right of Workspace ID and Primary Key. 暂时保存两者 - 暂时将两者复制粘贴到你最喜欢的编辑器中。Save both temporarily - copy and paste both into your favorite editor for the time being.

在 Windows 上安装 MMAInstalling the MMA on Windows

请按照下面的步骤安装和配置 Microsoft Monitoring Agent。The following steps install and configure the Microsoft Monitoring Agent.

重要

请确保在群集中的每台服务器上安装此代理,并指示希望在 Windows 启动时运行该代理。Be sure to install this agent on each server in your cluster and indicate that you want the agent to run at Windows startup.

  1. 在“Windows 服务器”页上,选择“下载 Windows 代理”,根据 Windows 操作系统的处理器体系结构下载相应的版本。 On the Windows Servers page, select the appropriate Download Windows Agent version to download depending on the processor architecture of the Windows operating system.
  2. 运行安装程序在计算机上安装该代理。Run Setup to install the agent on your computer.
  3. 在“欢迎”页面上,单击“下一步”。 On the Welcome page, click Next.
  4. 在“许可条款”页面上阅读许可协议,然后单击“我接受” 。On the License Terms page, read the license and then click I Agree.
  5. 在“目标文件夹”页面上更改或保留默认安装文件夹,然后单击“下一步” 。On the Destination Folder page, change or keep the default installation folder and then click Next.
  6. 在“代理安装选项”页上,选择将代理连接到 Azure Log Analytics,单击“下一步”。 On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then click Next.
  7. 在 Azure Log Analytics 页上,粘贴先前复制的“工作区 ID”和“工作区密钥(主密钥)” 。On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied earlier. 如果计算机需要通过代理服务器来与 Log Analytics 通信,请单击“高级”并提供代理服务器的 URL 和端口号。If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. 如果代理服务器要求身份验证,请键入用于在代理服务器上进行身份验证的用户名和密码,并单击“下一步”。If your proxy server requires authentication, type the username and password to authenticate with the proxy server and then click Next.
  8. 提供所需的配置设置后,单击“下一步”。Click Next once you have completed providing the necessary configuration settings. 粘贴工作区 ID 和主键
  9. 在“准备安装”页上检查所做的选择,并单击“安装”。 On the Ready to Install page, review your choices and then click Install.
  10. 在“配置已成功完成”页上,单击“完成”。 On the Configuration completed successfully page, click Finish.

完成后,Microsoft Monitoring Agent 将显示在“控制面板”中。When complete, the Microsoft Monitoring Agent appears in Control Panel. 可以检查配置,并验证代理是否已连接到 Log Analytics。You can review your configuration and verify that the agent is connected to Log Analytics. 处于已连接状态时,在“Azure Log Analytics”选项卡上,代理会显示一条消息:Microsoft Monitoring Agent 已成功连接到 Microsoft Log Analytics 服务。When connected, on the Azure Log Analytics tab, the agent displays a message stating: The Microsoft Monitoring Agent has successfully connected to the Microsoft Log Analytics service.

MMA 与 Log Analytics 的连接状态

若要了解支持的配置,请查看支持的 Windows 操作系统网络防火墙配置To understand the supported configuration, review supported Windows operating systems and network firewall configuration.

使用 Windows 管理中心设置警报Setting up alerts using Windows Admin Center

将服务器附加到 Azure Monitor 后,可以使用“设置”>“监视”和“警报”页面中的智能超链接导航到 Azure 门户。Once you've attached your server to Azure Monitor, you can use the intelligent hyperlinks within the Settings > Monitoring and alerts page to navigate to the Azure Portal. 在 Windows 管理中心中,你可以轻松配置将应用于 Log Analytics 工作区中所有服务器的默认警报。In Windows Admin Center, you can easily configure default alerts that will apply to all servers in your Log Analytics workspace. Windows 管理中心自动启用性能计数器进行收集,因此你可以通过自定义许多预定义查询之一或编写自己的警报来创建新的警报Windows Admin Center automatically enables performance counters to be collected, so you can create a new alert by customizing one of many pre-defined queries, or write your own.

配置警报屏幕截图

下面列出了可选择加入的警报及其默认条件:These are the alerts and their default conditions that you can opt into:

警报名称Alert Name 默认条件Default Condition
CPU 使用率CPU utilization 持续 10 分钟超过 85%Over 85% for 10 minutes
磁盘容量利用率Disk capacity utilization 持续 10 分钟超过 85%Over 85% for 10 minutes
内存利用率Memory utilization 持续 10 分钟可用内存小于 100 MBAvailable memory less than 100 MB for 10 minutes
检测信号Heartbeat 持续 5 分钟少于 2 个信号Fewer than 2 beats for 5 minutes
系统严重错误System critical error 群集系统事件日志中的任何严重警报Any critical alert in the cluster system event log
运行状况服务警报Health service alert 群集上的任何运行状况服务故障Any health service fault on the cluster

在 Windows 管理中心配置警报后,可以在 Azure 的 Log Analytics 工作区中查看警报。Once you configure the alerts in Windows Admin Center, you can see the alerts in your Log Analytics workspace in Azure.

查看警报屏幕截图

收集事件和性能数据Collecting event and performance data

Log Analytics 可从 Windows 事件日志以及指定用于长期分析的性能计数器中收集事件,并在检测到特定条件时采取措施。Log Analytics can collect events from the Windows event log and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected. 首先,请按照下列步骤操作,配置 Windows 事件日志以及几个常见性能计数器中收集事件。Follow these steps to configure collection of events from the Windows event log, and several common performance counters to start with.

  1. 在 Azure 门户中,单击左下角的“更多服务”。In the Azure portal, click More services found on the lower left-hand corner. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics”。Select Log Analytics.
  2. 选择“高级设置”。Select Advanced settings. Log Analytics 高级设置
  3. 选择“数据”,然后选择“Windows 事件日志”。Select Data, and then select Windows Event Logs.
  4. 在此处,通过键入下面的名称并单击加号“+”来添加运行状况服务事件通道。Here, add the Health Service event channel by typing in the name below and the click the plus sign +.
    Event Channel: Microsoft-Windows-Health/Operational
    
  5. 在表中,选中严重性“错误”和“警告”。In the table, check the severities Error and Warning.
  6. 单击页面顶部的“保存”来保存配置。Click Save at the top of the page to save the configuration.
  7. 选择“Windows 性能计数器”,在 Windows 计算机上启用性能计数器收集。Select Windows Performance Counters to enable collection of performance counters on a Windows computer.
  8. 首次为新的 Log Analytics 工作区配置 Windows 性能计数器时,可以选择快速创建几个通用的计数器。When you first configure Windows Performance counters for a new Log Analytics workspace, you are given the option to quickly create several common counters. 将这些计数器在一个复选框中依次列出。They are listed with a checkbox next to each. 默认选中的 Windows 性能计数器 单击“添加所选性能计数器”。Click Add the selected performance counters. 随即会添加它们,并且通过 10 秒收集示例间隔进行预设。They are added and preset with a ten second collection sample interval.
  9. 单击页面顶部的“保存”来保存配置。Click Save at the top of the page to save the configuration.

基于日志数据创建查询和警报Create queries and alerts based on log data

如果已完成此项,群集应向 Log Analytics 发送日志和性能计数器。If you've made it this far, your cluster should be sending your logs and performance counters to Log Analytics. 下一步是创建警报规则,以定期自动运行日志搜索。The next step is to create alert rules that automatically run log searches at regular intervals. 如果日志搜索的结果与特定条件匹配,则会触发警报,向你发送电子邮件或文本通知。If results of the log search match particular criteria, then an alert is fired that sends you an email or text notification. 下面我们来探讨这个问题。Let's explore this below.

创建查询Create a query

首先打开“日志搜索”门户。Start by opening the Log Search portal.

  1. 在 Azure 门户中,单击“所有服务”。In the Azure portal, click All services. 在资源列表中,键入“监视器”。In the list of resources, type Monitor. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“监视器”。Select Monitor.
  2. 在“监视器”导航菜单上,选择“Log Analytics”,然后选择一个工作区 。On the Monitor navigation menu, select Log Analytics and then select a workspace.

用于检索某些要使用的数据的最快方法是使用一个简单查询,它可返回表中的所有记录。The quickest way to retrieve some data to work with is a simple query that returns all records in table. 在搜索框中键入以下查询,然后单击“搜索”按钮。Type the following queries in the search box and click the search button.

Event

数据会返回到默认列表视图中,并可看到返回的总记录条数。Data is returned in the default list view, and you can see how many total records were returned.

简单查询屏幕截图

屏幕左侧是“筛选器”窗格,可用于向查询添加筛选而无需直接修改查询。On the left side of the screen is the filter pane which allows you to add filtering to the query without modifying it directly. 该记录类型显示有多个记录属性,可选择一个或多个属性值来缩小搜索结果范围。Several record properties are displayed for that record type, and you can select one or more property values to narrow your search results.

选中“EVENTLEVELNAME”下“错误”旁边的复选框,或键入以下内容将结果限制为错误事件 。Select the checkbox next to Error under EVENTLEVELNAME or type the following to limit the results to error events.

Event | where (EventLevelName == "Error")

筛选器屏幕截图

在对所关注的事件进行了适当的查询之后,保存这些查询,然后进行下一步。After you have the appropriate queries made for events you care about, save them for the next step.

创建警报Create alerts

现在,让我们看一看创建警报的示例。Now, let's walk through an example for creating an alert.

  1. 在 Azure 门户中,单击“所有服务”。In the Azure portal, click All services. 在资源列表中,键入“Log Analytics”。In the list of resources, type Log Analytics. 开始键入时,会根据输入筛选该列表。As you begin typing, the list filters based on your input. 选择“Log Analytics”。Select Log Analytics.

  2. 在左窗格中选择“警报”,然后单击页面顶部的“新建警报规则”,以便创建新的警报。 In the left-hand pane, select Alerts and then click New Alert Rule from the top of the page to create a new alert. 创建新的警报规则屏幕截图

  3. 第一步是在“创建警报”部分选择充当资源的 Log Analytics 工作区,因为这是基于日志的警报信号。For the first step, under the Create Alert section, you are going to select your Log Analytics workspace as the resource, since this is a log-based alert signal. 对结果进行筛选,方法是:从下拉列表中选择特定的“订阅”(如果有多个),其中包含此前创建的 Log Analytics 工作区。Filter the results by choosing the specific Subscription from the drop-down list if you have more than one, which contains Log Analytics workspace created earlier. 从下拉列表中选择“Log Analytics”,对“资源类型”进行筛选。 Filter the Resource Type by selecting Log Analytics from the drop-down list. 最后,选择 资源 DefaultLAWorkspace,然后单击“完成”。Finally, select the Resource DefaultLAWorkspace and then click Done. 创建新的警报规则步骤 1 屏幕截图

  4. 在“警报条件”部分下,单击“添加条件”,选择保存的查询,然后指定警报规则遵循的逻辑 。Under the section Alert Criteria, click Add Criteria to select your saved query and then specify logic that the alert rule follows.

  5. 使用以下信息配置警报:a.Configure the alert with the following information: a. 从“基于”下拉列表中选择“指标度量” 。From the Based on drop-down list, select Metric measurement. 指标度量将为查询中其值超出指定阈值的每个对象创建一个警报。A metric measurement will create an alert for each object in the query with a value that exceeds our specified threshold. b.b. 对于“条件”,选择“大于”并指定阈值 。For the Condition, select Greater than and specify a threshold. c.c. 然后定义触发警报的时间。Then define when to trigger the alert. 例如,可以选择“连续违规”,然后从下拉列表中选择“大于”值 3 。For example you could select Consecutive breaches and from the drop-down list select Greater than a value of 3. d.d. 在“评估条件”部分下,将“期间”值修改为“30”分钟,频率改为“5” 。Under Evaluation based on section, modify the Period value to 30 minutes and Frequency to 5. 此规则将每五分钟运行一次,返回从当前时间算起过去 30 分钟内创建的记录。The rule will run every five minutes and return records that were created within the last thirty minutes from the current time. 将时间段设置为更宽的时间窗口可以解决数据延迟的可能性,并确保查询返回数据以避免警报永远不会触发的漏报。Setting the time period to a wider window accounts for the potential of data latency, and ensures the query returns data to avoid a false negative where the alert never fires.

  6. 单击“完成”,完成警报规则。Click Done to complete the alert rule. 配置警报信号屏幕截图

  7. 现在转到第二步,在“警报规则名称”字段中提供警报的名称,例如“所有错误事件的警报” 。Now moving onto the second step, provide a name of your alert in the Alert rule name field, such as Alert on all Error Events. 指定“说明”,详细描述该警报的具体信息,并从提供的选项中选择“关键(严重性 0)”作为“严重性”值。 Specify a Description detailing specifics for the alert, and select Critical(Sev 0) for the Severity value from the options provided.

  8. 若要在创建后立即激活警报规则,请接受“创建后启用规则”选项的默认值。To immediately activate the alert rule on creation, accept the default value for Enable rule upon creation.

  9. 第三步也是最后一步,指定“操作组”,确保每次触发警报时都执行相同的操作,而且这些操作可以用于定义的每项规则。For the third and final step, you specify an Action Group, which ensures that the same actions are taken each time an alert is triggered and can be used for each rule you define. 使用以下信息配置新操作组:a.Configure a new action group with the following information: a. 选择“新建操作组”,此时会显示“添加操作组”窗格。 Select New action group and the Add action group pane appears. b.b. 对于“操作组名称”,请指定一个长名称,例如“IT 操作 - 通知”,以及一个“短名称”,例如“itops-n”。 For Action group name, specify a name such as IT Operations - Notify and a Short name such as itops-n. c.c. 验证“订阅”和“资源组”的默认值是否正确 。Verify the default values for Subscription and Resource group are correct. 如果否,请从下拉列表中选择正确的值。If not, select the correct one from the drop-down list. d.d. 在“操作”部分指定操作的名称,例如“发送电子邮件”,然后在“操作类型”下的下拉列表中选择“电子邮件/短信/推送/语音”。 Under the Actions section, specify a name for the action, such as Send Email and under Action Type select Email/SMS/Push/Voice from the drop-down list. “电子邮件/短信/推送/语音”属性窗格会在右侧打开,其中包含更多的信息。The Email/SMS/Push/Voice properties pane will open to the right in order to provide additional information. e.e. 在“电子邮件/SMS”窗格中,选择并设置首选项。On the Email/SMS pane, select and setup your preference. 例如,启用“电子邮件”,并提供有效的可以接收邮件的电子邮件 SMTP 地址。For example, enable Email and provide a valid email SMTP address to deliver the message to.
    f.f. 单击“确定”以保存你的更改。Click OK to save your changes.

    创建新的操作组屏幕截图

  10. 单击“确定”,完成操作组。Click OK to complete the action group.

  11. 单击“创建警报规则”,完成警报规则。Click Create alert rule to complete the alert rule. 该警报会立即开始运行。It starts running immediately. 完成创建新警报规则的屏幕截图

示例警报Example alert

作为参考,下面提供 Azure 中的示例警报。For reference, this is what an example alert looks like in Azure.

Azure 警报屏幕截图

下面是将由 Azure Monitor 发送的电子邮件的示例:Below is an example of the email that you will be sent by Azure Monitor:

警报电子邮件示例屏幕截图

在 Log Analytics 中创建自定义 Kusto 查询Create custom Kusto queries in Log Analytics

还可以使用 Kusto 查询语言在 Azure Monitor 中编写自定义日志查询,以从一个或多个虚拟机收集数据。You can also write custom log queries in Azure Monitor using the Kusto query language to collect data from one or more virtual machines.

跨多个服务器获取统一视图Get a consolidated view across multiple servers

如果将多个服务器载入到 Azure Monitor 中的单个 Log Analytics 工作区,则可以从 Azure Monitor 中的虚拟机见解解决方案获得所有这些服务器的统一视图。If you onboard multiple servers to a single Log Analytics workspace within Azure Monitor, you can get a consolidated view of all these servers from the Virtual Machines insights solution within Azure Monitor. (请注意,只有适用于 Azure Monitor 的虚拟机见解的“性能”和“映射”选项卡才能与本地服务器一起使用,运行状况选项卡只能与 Azure VM 一起使用。)若要在 Azure 门户中查看此内容,请转到“Azure Monitor”>“虚拟机”(位于“见解”下),然后导航到“性能”或“映射”选项卡 。(Note that only the Performance and Maps tabs of Virtual Machines Insights for Azure Monitor will work with on-premises servers – the health tab functions only with Azure VMs.) To view this in the Azure portal, go to Azure Monitor > Virtual Machines (under Insights), and navigate to the Performance or Maps tabs.

可视化连接服务Visualize connected services

当 Windows 管理中心将服务器载入到 Azure Monitor 中的虚拟机见解解决方案时,它还会启用服务映射功能。When Windows Admin Center onboards a server into the Virtual Machine insights solution within Azure Monitor, it also lights up a capability called Service Map. 此功能会自动发现应用程序组件并映射服务之间的通信,以便你可以从 Azure 门户轻松查看服务器之间的连接,并提供非常详细的信息。This capability automatically discovers application components and maps the communication between services so that you can easily visualize connections between servers with great detail from the Azure portal. 你可以通过转到 Azure 门户并选择“Azure Monitor”>“虚拟机”(位于“见解”下)并导航到“映射”选项卡来找到此功能 。You can find this by going to the Azure portal and selecting Azure Monitor > Virtual Machines (under Insights), and navigating to the Maps tab.

备注

目前在六个公共区域提供了针对 Azure Monitor 的虚拟机见解的可视化。The visualizations for Virtual Machine insights for Azure Monitor are offered in six public regions currently. 有关最新信息,请查看用于 VM 的 Azure Monitor 文档For the latest information, check the Azure Monitor for VMs documentation. 必须将 Log Analytics 工作区部署在一个受支持的区域中,才能获得上述虚拟机见解解决方案提供的其他优势。You must deploy the Log Analytics workspace in one of the supported regions to get the additional benefits provided by the Virtual Machine insights solution described above.

禁用监视Disabling monitoring

若要完全断开服务器与 Log Analytics 工作区的连接,请卸载 MMA。To completely disconnect your server from the Log Analytics workspace, uninstall the MMA. 这意味着此服务器将不再向工作区发送数据,并且该工作区中安装的所有解决方案将不再从该服务器收集和处理数据。This means that this server will no longer send data to the workspace, and all the solutions installed in that workspace will no longer collect and process data from that server. 但是,这不会影响工作区本身;向该工作区报告的所有资源仍将继续运行。However, this does not affect the workspace itself; all the resources reporting to that workspace will continue to do so. 若要卸载 Windows Admin Center 中的 MMA 代理,请连接到服务器,然后转到“已安装的应用”,查找 Microsoft Monitoring Agent,然后选择“删除” 。To uninstall the MMA agent within Windows Admin Center, connect to the server and then go to Installed apps, find the Microsoft Monitoring Agent, and then select Remove.

如果要关闭工作区内的特定解决方案,则需要从 Azure 门户中删除监视解决方案If you want to turn off a specific solution within a workspace, you will need to remove the monitoring solution from the Azure portal. 删除监视解决方案意味着不再为向该工作区报告的任何服务器生成由该解决方案创建的见解。Removing a monitoring solution means that the insights created by that solution will no longer be generated for any of the servers reporting to that workspace. 例如,如果卸载用于 VM 的 Azure Monitor 解决方案,你将不再能够从连接到工作区的任何计算机上看到有关 VM 或服务器性能的信息。For example, if you uninstall the Azure Monitor for VMs solution, you will no longer see insights about VM or server performance from any of the machines connected to your workspace.

后续步骤Next steps

相关主题另请参阅:For related topics, see also: