使用恢复服务保管库的诊断设置Use diagnostics settings for Recovery Services vaults

Azure 备份发送诊断事件,可以收集这些事件并使用它们来实现分析、警报和报告目的。Azure Backup sends diagnostics events that can be collected and used for the purposes of analysis, alerting, and reporting.

可以通过 Azure 门户配置恢复服务保管库的诊断设置,方法是转到该保管库并选择“诊断设置”。You can configure diagnostics settings for a Recovery Services vault via the Azure portal by going to the vault and selecting Diagnostics settings. 选择“+ 添加诊断设置”可将一个或多个诊断事件发送到存储帐户、事件中心或 Log Analytics 工作区。Selecting + Add Diagnostic Setting lets you send one or more diagnostic events to a storage account, an event hub, or a Log Analytics workspace.

诊断设置窗格

Azure 备份用户可用的诊断事件Diagnostics events available for Azure Backup users

Azure 备份提供以下诊断事件。Azure Backup provides the following diagnostics events. 每个事件都提供一组特定的备份相关项目的详细数据:Each event provides detailed data on a specific set of backup-related artifacts:

  • CoreAzureBackupCoreAzureBackup
  • AddonAzureBackupAlertsAddonAzureBackupAlerts
  • AddonAzureBackupProtectedInstanceAddonAzureBackupProtectedInstance
  • AddonAzureBackupJobsAddonAzureBackupJobs
  • AddonAzureBackupPolicyAddonAzureBackupPolicy
  • AddonAzureBackupStorageAddonAzureBackupStorage

如果仍在使用旧事件 AzureBackupReport,则建议切换为使用以上事件。If you are still using the legacy event AzureBackupReport, we recommend switching to using the events above.

有关详细信息,请参阅 Azure 备份诊断事件的数据模型For more information, see Data model for Azure Backup diagnostics events.

可以将这些事件的数据发送到存储帐户、Log Analytics 工作区或事件中心。Data for these events can be sent to either a storage account, a Log Analytics workspace, or an event hub. 如果要将这些数据发送到 Log Analytics 工作区,请在“诊断设置”屏幕上选择“资源专用”开关。If you're sending this data to a Log Analytics workspace, select the Resource specific toggle on the Diagnostics settings screen. 有关详细信息,请参阅以下部分。For more information, see the following sections.

将诊断设置与 Log Analytics 配合使用Use diagnostics settings with Log Analytics

现在,可以使用 Azure 备份将保管库诊断数据发送到专用 Log Analytics 表进行备份。You can now use Azure Backup to send vault diagnostics data to dedicated Log Analytics tables for backup. 这些表称为资源专用表These tables are called resource-specific tables.

若要将保管库诊断数据发送到 Log Analytics,请执行以下操作:To send your vault diagnostics data to Log Analytics:

  1. 转到保管库,选择“诊断设置”。Go to your vault, and select Diagnostic Settings. 选择“+ 添加诊断设置”。Select + Add Diagnostic Setting.

  2. 为诊断设置提供名称。Give a name to the diagnostics setting.

  3. 选中“发送到 Log Analytics”复选框,然后选择 Log Analytics 工作区。Select the Send to Log Analytics check box, and select a Log Analytics workspace.

  4. 在开关中选择“资源专用”,然后选择以下六个事件:CoreAzureBackup、AddonAzureBackupJobs、AddonAzureBackupAlerts、AddonAzureBackupPolicy、AddonAzureBackupStorage 和 AddonAzureBackupProtectedInstanceSelect Resource specific in the toggle, and select the following six events: CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, and AddonAzureBackupProtectedInstance.

  5. 选择“保存” 。Select Save.

    资源专用模式

数据流入 Log Analytics 工作区后,将在工作区中为以上各个事件创建专用表。After data flows into the Log Analytics workspace, dedicated tables for each of these events are created in your workspace. 你可以直接查询这些表中的任何一个。You can query any of these tables directly. 如果需要,还可以在这些表之间执行联接或联合。You can also perform joins or unions between these tables if necessary.

重要

只有在资源专用模式下,备份报表才支持这六个事件,即 CoreAzureBackup、AddonAzureBackupJobs、AddonAzureBackupAlerts、AddonAzureBackupPolicy、AddonAzureBackupStorage 和 AddonAzureBackupProtectedInstance。The six events, namely, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, and AddonAzureBackupProtectedInstance, are supported only in the resource-specific mode in Backup reports. 如果尝试在 Azure 诊断模式下发送这六个事件的数据,则在备份报表中将看不到任何数据。If you try to send data for these six events in Azure diagnostics mode, no data will be visible in Backup reports.

旧事件Legacy event

在传统上,保管库的所有与备份相关的诊断数据都包含在名为“AzureBackupReport”的单个事件中。Traditionally, all backup-related diagnostics data for a vault was contained in a single event called AzureBackupReport. 此处所述的这六个事件实质上是 AzureBackupReport 中包含的所有数据的分解。The six events described here are, in essence, a decomposition of all the data contained in AzureBackupReport.

目前,如果用户仍在对此事件运行自定义查询,为了实现向后兼容,我们将继续支持 AzureBackupReport 事件。Currently, we continue to support the AzureBackupReport event for backward compatibility in cases where users have existing custom queries on this event. 示例包括自定义日志警报和自定义可视化效果。Examples are custom log alerts and custom visualizations. 建议尽早迁移到新事件We recommend that you move to the new events as early as possible. 新事件:The new events:

  • 在日志查询中使用数据时更方便。Make the data much easier to work with in log queries.
  • 提高了架构及其结构的可发现性。Provide better discoverability of schemas and their structure.
  • 改善了引入延迟和查询时间的性能。Improve performance across both ingestion latency and query times.

Azure 诊断模式下的旧事件最终将被弃用。选择新事件可以帮助你避免以后进行复杂的迁移。The legacy event in Azure diagnostics mode will eventually be deprecated. Choosing the new events might help you to avoid complex migrations at a later date. 使用 Log Analytics 的报告解决方案也将停止支持旧事件的数据。Our reporting solution that uses Log Analytics will also stop supporting data from the legacy event.

迁移到 Log Analytics 工作区的新诊断设置的步骤Steps to move to new diagnostics settings for a Log Analytics workspace

  1. 通过使用旧事件及其所属的订阅,确定哪些保管库正在将数据发送到 Log Analytics 工作区。Identify which vaults are sending data to the Log Analytics workspaces by using the legacy event and the subscriptions they belong to. 在每个工作区中运行以下查询来标识这些保管库和订阅。Run the following query in each of your workspaces to identify these vaults and subscriptions.

    let RangeStart = startofday(ago(3d));
    let VaultUnderAzureDiagnostics = (){
        AzureDiagnostics
        | where TimeGenerated >= RangeStart | where Category == "AzureBackupReport" and OperationName == "Vault" and SchemaVersion_s == "V2"
        | summarize arg_max(TimeGenerated, *) by ResourceId
        | project ResourceId, Category};
    let VaultUnderResourceSpecific = (){
        CoreAzureBackup
        | where TimeGenerated >= RangeStart | where OperationName == "Vault"
        | summarize arg_max(TimeGenerated, *) by ResourceId
        | project ResourceId, Category};
        // Some Workspaces will not have AzureDiagnostics Table, so you need to use isFuzzy
    let CombinedVaultTable = (){
        union isfuzzy = true
        (VaultUnderAzureDiagnostics() ),
        (VaultUnderResourceSpecific() )
        | distinct ResourceId, Category};
    CombinedVaultTable | where Category == "AzureBackupReport"
    | join kind = leftanti (
    CombinedVaultTable | where Category == "CoreAzureBackup"
    ) on ResourceId
    | parse ResourceId with * "SUBSCRIPTIONS/" SubscriptionId:string "/RESOURCEGROUPS" * "MICROSOFT.RECOVERYSERVICES/VAULTS/" VaultName:string
    | project ResourceId, SubscriptionId, VaultName
    

    以下屏幕截图显示了在其中一个工作区中运行的查询:Below is a screenshot of the query being run in one of the workspaces:

    工作区查询

  2. 使用 Azure 备份的内置 Azure Policy 定义,为指定范围内的所有保管库添加新的诊断设置。Use the built-in Azure Policy definitions in Azure Backup to add a new diagnostics setting for all vaults in a specified scope. 此策略会将新的诊断设置添加到没有诊断设置或仅具有旧诊断设置的保管库。This policy adds a new diagnostics setting to vaults that either don't have a diagnostics setting or have only a legacy diagnostics setting. 可以一次性将此策略分配给整个订阅或资源组。This policy can be assigned to an entire subscription or resource group at a time. 你必须对分配了此策略的每个订阅都具有所有者访问权限。You must have Owner access to each subscription for which the policy is assigned.

在迁移所有自定义查询以使用新表中的数据之前,可以选择为 AzureBackupReport 和六个新事件创建单独的诊断设置。You might choose to have separate diagnostics settings for AzureBackupReport and the six new events until you've migrated all of your custom queries to use data from the new tables. 下图显示了采用两项诊断设置的保管库示例。The following image shows an example of a vault that has two diagnostic settings. 第一项设置名为 Setting1,它以 Azure 诊断模式将 AzureBackupReport 事件的数据发送到 Log Analytics 工作区。The first setting, named Setting1, sends data of an AzureBackupReport event to a Log Analytics workspace in Azure diagnostics mode. 第二项设置名为 Setting2,它以资源专用模式将六个新 Azure 备份事件的数据发送到 Log Analytics 工作区。The second setting, named Setting2, sends data of the six new Azure Backup events to a Log Analytics workspace in the resource-specific mode.

两项设置

重要

仅在 Azure 诊断模式下才支持 AzureBackupReport 事件。The AzureBackupReport event is supported only in Azure diagnostics mode. 如果尝试以资源专用模式发送此事件的数据,则不会将任何数据传送到 Log Analytics 工作区。If you try to send data for this event in the resource-specific mode, no data will flow to the Log Analytics workspace.

备注

仅当用户选中了“发送到 Log Analytics”时,才会显示“Azure 诊断”或“资源专用”开关 。The toggle for Azure diagnostics or Resource specific appears only if the user selects Send to Log Analytics. 若要将数据发送到存储帐户或事件中心,用户可选择所需的目标并选中任何所需事件的复选框,而无需提供任何其他输入。To send data to a storage account or an event hub, a user selects the required destination and selects the check boxes for any of the desired events, without any additional inputs. 同样,建议不要选择旧事件 AzureBackupReport 或更早的事件。Again, we recommend that you don't choose the legacy event AzureBackupReport going forward.

将 Azure Site Recovery 事件发送到 Log AnalyticsSend Azure Site Recovery events to Log Analytics

Azure 备份和 Azure Site Recovery 事件从同一个恢复服务保管库发送。Azure Backup and Azure Site Recovery events are sent from the same Recovery Services vault. Azure Site Recovery 目前不适用于资源专用表。Azure Site Recovery is currently not available for resource-specific tables. 对于想要将 Azure Site Recovery 事件发送到 Log Analytics 的用户,系统会指示他们仅使用 Azure 诊断模式,如下图所示。Users who want to send Azure Site Recovery events to Log Analytics are directed to use Azure diagnostics mode only, as shown in the image. 为 Azure Site Recovery 事件选择资源专用模式会导致无法将所需的数据发送到 Log Analytics 工作区。Choosing the resource-specific mode for Azure Site Recovery events will prevent the required data from being sent to the Log Analytics workspace.

Site Recovery 事件

总结:To summarize:

  • 如果已使用 Azure 诊断设置了 Log Analytics 诊断,并在其顶层编写了自定义查询,请在迁移查询以使用新事件中的数据之前,保持该设置不变。If you already have Log Analytics diagnostics set up with Azure Diagnostics and have written custom queries on top of it, keep that setting intact until you migrate your queries to use data from the new events.
  • 如果你还想要加入到新表(我们建议这样做),请创建新的诊断设置,选择“资源专用”,并选择六个新事件。If you also want to onboard onto new tables, as we recommend, create a new diagnostics setting, select Resource specific, and select the six new events.
  • 如果当前正在将 Azure Site Recovery 事件发送到 Log Analytics,请不要为这些事件选择资源专用模式。If you're currently sending Azure Site Recovery events to Log Analytics, do not choose the resource-specific mode for these events. 否则,这些事件的数据不会流入 Log Analytics 工作区。Otherwise, data for these events won't flow into your Log Analytics workspace. 应该创建附加的诊断设置,选择“Azure 诊断”,然后选择相关的 Azure Site Recovery 事件。Instead, create an additional diagnostic setting, select Azure diagnostics, and select the relevant Azure Site Recovery events.

下图显示了用户对保管库使用三项诊断设置的示例。The following image shows an example of a user who has three diagnostics settings for a vault. 第一项设置名为 Setting1,它以 Azure 诊断模式将 AzureBackupReport 事件中的数据发送到 Log Analytics 工作区。The first setting, named Setting1, sends data from an AzureBackupReport event to a Log Analytics workspace in Azure diagnostics mode. 第二项设置名为 Setting2,它以资源专用模式将六个新 Azure 备份事件中的数据发送到 Log Analytics 工作区。The second setting, named Setting2, sends data from the six new Azure Backup events to a Log Analytics workspace in the resource-specific mode. 第三项设置名为 Setting3,它以 Azure 诊断模式将 Azure Site Recovery 事件中的数据发送到 Log Analytics 工作区。The third setting, named Setting3, sends data from the Azure Site Recovery events to a Log Analytics workspace in Azure diagnostics mode.

三项设置

后续步骤Next steps

了解诊断事件的 Log Analytics 数据模型Learn the Log Analytics data model for the diagnostics events