使用 Azure Monitor 进行大规模监视Monitor at scale by using Azure Monitor

Azure 备份在恢复服务保管库中提供内置的监视和警报功能Azure Backup provides built-in monitoring and alerting capabilities in a Recovery Services vault. 无需配置任何附加的管理基础结构即可使用这些功能。These capabilities are available without any additional management infrastructure. 但是,仅限在以下方案中使用此内置服务:But this built-in service is limited in the following scenarios:

  • 监视不同订阅中多个恢复服务保管库中的数据If you monitor data from multiple Recovery Services vaults across subscriptions
  • 首选的通知通道不是电子邮件 If the preferred notification channel is not email
  • 用户想要接收更多方案的警报If users want alerts for more scenarios
  • 在 Azure 中查看来自本地组件(例如 System Center Data Protection Manager)的信息。门户不会在备份作业备份警报中显示这些信息If you want to view information from an on-premises component such as System Center Data Protection Manager in Azure, which the portal doesn't show in Backup Jobs or Backup Alerts

使用 Log Analytics 工作区Using Log Analytics workspace

Note

来自 Azure VM 备份、Azure 备份代理、System Center Data Protection Manager、Azure VM 中的 SQL 备份以及 Azure 文件共享备份的数据将通过诊断设置传送到 Log Analytics 工作区。Data from Azure VM backups, the Azure Backup agent, System Center Data Protection Manager, SQL backups in Azure VMs, and Azure Files share backups is pumped to the Log Analytics workspace through diagnostic settings.

若要进行大规模监视,需要使用两个 Azure 服务的功能。To monitor at scale, you need the capabilities of two Azure services. 诊断设置将多个 Azure 资源管理器资源的数据发送到另一个资源。 Diagnostic settings send data from multiple Azure Resource Manager resources to another resource. Log Analytics 生成自定义警报,在其中,可以使用操作组定义其他通知通道。Log Analytics generates custom alerts where you can use action groups to define other notification channels.

以下部分详细介绍了如何使用 Log Analytics 大规模监视 Azure 备份。The following sections detail how to use Log Analytics to monitor Azure Backup at scale.

配置诊断设置Configure diagnostic settings

恢复服务保管库等 Azure 资源管理器资源会记录有关计划的操作和用户触发的操作的信息作为诊断数据。Azure Resource Manager resources, such as the Recovery Services vault, record information about scheduled operations and user-triggered operations as diagnostic data.

在“监视”部分,选择“诊断设置”并指定恢复服务保管库的诊断数据的目标。 In the monitoring section, select Diagnostic settings and specify the target for the Recovery Services vault's diagnostic data.

面向 Log Analytics 的恢复服务保管库诊断设置

可将另一订阅中的 Log Analytics 工作区设定为目标。You can target a Log Analytics workspace from another subscription. 若要在单个位置监视不同订阅中的保管库,请为多个恢复服务保管库选择相同的 Log Analytics 工作区。To monitor vaults across subscriptions in a single place, select the same Log Analytics workspace for multiple Recovery Services vaults. 若要通过通道将有关 Azure 备份的所有信息传送到 Log Analytics 工作区,请选择“AzureBackupReport”作为日志。 To channel all the information that's related to Azure Backup to the Log Analytics workspace, select AzureBackupReport as the log.

Important

完成配置后,应等待24小时,让初始数据推送完成。After you finish the configuration, you should wait 24 hours for the initial data push to finish. 完成初始数据推送后,将按本文稍后的频率部分中所述推送所有事件。After that initial data push, all the events are pushed as described later in this article, in the frequency section.

将解决方案部署到 Log Analytics 工作区Deploy a solution to the Log Analytics workspace

Important

我们发布了一个更新的多视图模板,适用于在 Azure 备份中进行基于 LA 的监视和报告。We have released an updated, multi-view template for LA-based Monitoring and Reporting in Azure Backup. 请注意,使用过旧版解决方案的用户会继续在其工作区中看到它,即使已部署新解决方案。Please note that users who were using the earlier solution will continue to see it in their workspaces even after deploying the new solution. 但是,旧解决方案可能会提供不准确的结果,因为存在某些小的架构更改。However, the old solution may provide inaccurate results due to some minor schema changes. 因此,用户需要部署新模板。Users are hence required to deploy the new template.

数据进入 Log Analytics 工作区后,将一个 GitHub 模板部署到 Log Analytics 以可视化数据。After the data is inside the Log Analytics workspace, deploy a GitHub template to Log Analytics to visualize the data. 为了正确识别工作区,请确保为其提供相同的资源组、工作区名称和工作区位置。To properly identify the workspace, make sure you give it the same resource group, workspace name, and workspace location. 然后在工作区中安装此模板。Then install this template on the workspace.

使用 Log Analytics 查看 Azure 备份数据View Azure Backup data by using Log Analytics

部署模板后,用于在 Azure 备份中进行监视和报告的解决方案将显示在工作区摘要区域中。After the template is deployed, the solution for monitoring and reporting in Azure Backup will show up in the workspace summary region. 若要访问摘要,请遵循以下路径之一:To go to the summary, follow one of these paths:

  • Azure Monitor:在“见解”部分选择“更多”,然后选择相关的工作区。 Azure Monitor: In the Insights section, select More and then choose the relevant workspace.
  • Log Analytics 工作区:选择相关的工作区,然后在“常规”下选择“工作区摘要”。 Log Analytics workspaces: Select the relevant workspace, and then under General, select Workspace summary.

Log Analytics 监视和报告磁贴

选择任意概览磁贴即可查看进一步的信息。When you select any of the overview tiles, you can view further information. 下面是显示的一些报表:Here are some of the reports you'll see:

  • 非日志备份作业Non Log Backup Jobs

    备份作业的 Log Analytics 图形

  • 来自 Azure 资源备份的警报Alerts from Azure Resources Backup

    还原作业的 Log Analytics 图形

同样,通过单击其他磁贴,你将能够查看有关还原作业、云存储、备份项、来自本地资源备份的警报和日志备份作业的报告。Similarly, by clicking on the other tiles, you will be able to see reports on Restore Jobs, Cloud Storage, Backup Items, Alerts from on-premises Resources Backup, and Log Backup Jobs.

这些图形随模板一起提供。These graphs are provided with the template. 如果需要,可以编辑图形或添加更多图形。You can edit the graphs or add more graphs if you need to.

使用 Log Analytics 创建警报Create alerts by using Log Analytics

在 Azure Monitor 中,可以在 Log Analytics 工作区内创建你自己的警报。In Azure Monitor, you can create your own alerts in a Log Analytics workspace. 在工作区中,可以使用 Azure 操作组来选择首选的通知机制。 In the workspace, you use Azure action groups to select your preferred notification mechanism.

Important

有关创建此查询所产生的成本的信息,请参阅 Azure Monitor 定价For information on the cost of creating this query, see Azure Monitor pricing.

选择任意图形打开 Log Analytics 工作区的“日志”部分。 Select any of the graphs to open the Logs section of the Log Analytics workspace. 在“日志”部分,编辑查询并基于查询创建警报。 In the Logs section, edit the queries and create alerts on them.

在 Log Analytics 工作区中创建警报

选择“新建警报规则”时,将打开 Azure Monitor 警报创建页,如下图所示。 When you select New Alert Rule, the Azure Monitor alert-creation page opens, as shown in the following image. 此处的资源已标记为 Log Analytics 工作区,并提供了操作组集成。Here the resource is already marked as the Log Analytics workspace, and action group integration is provided.

Log Analytics 警报创建页

警报条件Alert condition

警报的定义特征是其触发条件。The defining characteristic of an alert is its triggering condition. 选择“条件”可在“日志”页上自动加载 Kusto 查询,如下图所示。 Select Condition to automatically load the Kusto query on the Logs page as shown in the following image. 在此处可根据需要编辑条件。Here you can edit the condition to suit your needs. 有关详细信息,请参阅示例 Kusto 查询For more information, see Sample Kusto queries.

设置警报条件

如果需要,可以编辑 Kusto 查询。If necessary, you can edit the Kusto query. 选择阈值、期限和频率。Choose a threshold, period, and frequency. 阈值确定何时引发警报。The threshold determines when the alert will be raised. 期限是运行查询的时间范围。The period is the window of time in which the query is run. 例如,如果阈值大于 0,期限为 5 分钟,频率为 5 分钟,那么,该规则将每隔 5 分钟运行一次查询,并检查前 5 分钟的数据。For example, if the threshold is greater than 0, the period is 5 minutes, and the frequency is 5 minutes, then the rule runs the query every 5 minutes, reviewing the previous 5 minutes. 如果结果数大于 0,则系统将通过所选的操作组通知你。If the number of results is greater than 0, you're notified through the selected action group.

警报操作组Alert action groups

使用操作组指定通知通道。Use an action group to specify a notification channel. 若要查看可用的通知机制,请在“操作组”下选择“新建”。 To see the available notification mechanisms, under Action groups, select Create New.

“添加操作组”窗口中的可用通知机制

单纯地在 Log Analytics 中就能满足所有的警报和监视要求;你也可以使用 Log Analytics 来补充内置通知。You can satisfy all alerting and monitoring requirements from Log Analytics alone, or you can use Log Analytics to supplement built-in notifications.

有关详细信息,请参阅使用 Azure Monitor 创建、查看和管理日志警报以及在 Azure 门户中创建和管理操作组For more information, see Create, view, and manage log alerts by using Azure Monitor and Create and manage action groups in the Azure portal.

示例 Kusto 查询Sample Kusto queries

默认图形提供可对其生成警报的基本方案的 Kusto 查询。The default graphs give you Kusto queries for basic scenarios on which you can build alerts. 还可以修改查询,以获取要对其发出警报的数据。You can also modify the queries to get the data you want to be alerted on. 将以下示例 Kusto 查询粘贴到“日志”页中,然后基于查询创建警报: Paste the following sample Kusto queries in the Logs page and then create alerts on the queries:

  • 所有成功的备份作业All successful backup jobs

    AzureDiagnostics
    | where Category == "AzureBackupReport"
    | where SchemaVersion_s == "V2"
    | where OperationName == "Job" and JobOperation_s == "Backup"
    | where JobStatus_s == "Completed"
    
  • 所有失败的备份作业All failed backup jobs

    AzureDiagnostics
    | where Category == "AzureBackupReport"
    | where SchemaVersion_s == "V2"
    | where OperationName == "Job" and JobOperation_s == "Backup"
    | where JobStatus_s == "Failed"
    
  • 所有成功的 Azure VM 备份作业All successful Azure VM backup jobs

    AzureDiagnostics
    | where Category == "AzureBackupReport"
    | where SchemaVersion_s == "V2"
    | extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
    | where OperationName == "Job" and JobOperation_s == "Backup" and JobStatus_s == "Completed" and JobOperationSubType_s != "Log" and JobOperationSubType_s != "Recovery point_Log"
    | join kind=inner
    (
        AzureDiagnostics
        | where Category == "AzureBackupReport"
        | where OperationName == "BackupItem"
        | where SchemaVersion_s == "V2"
        | where BackupItemType_s == "VM" and BackupManagementType_s == "IaaSVM"
        | distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
        | project BackupItemUniqueId_s , BackupItemFriendlyName_s
    )
    on BackupItemUniqueId_s
    | extend Vault= Resource
    | project-away Resource
    
  • 所有成功的 SQL 日志备份作业All successful SQL log backup jobs

    AzureDiagnostics
    | where Category == "AzureBackupReport"
    | where SchemaVersion_s == "V2"
    | extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
    | where OperationName == "Job" and JobOperation_s == "Backup" and JobStatus_s == "Completed" and JobOperationSubType_s == "Log"
    | join kind=inner
    (
        AzureDiagnostics
        | where Category == "AzureBackupReport"
        | where OperationName == "BackupItem"
        | where SchemaVersion_s == "V2"
        | where BackupItemType_s == "SQLDataBase" and BackupManagementType_s == "AzureWorkload"
        | distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
        | project BackupItemUniqueId_s , BackupItemFriendlyName_s
    )
    on BackupItemUniqueId_s
    | extend Vault= Resource
    | project-away Resource
    
  • 所有成功的 Azure 备份代理作业All successful Azure Backup agent jobs

    AzureDiagnostics
    | where Category == "AzureBackupReport"
    | where SchemaVersion_s == "V2"
    | extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
    | where OperationName == "Job" and JobOperation_s == "Backup" and JobStatus_s == "Completed" and JobOperationSubType_s != "Log" and JobOperationSubType_s != "Recovery point_Log"
    | join kind=inner
    (
        AzureDiagnostics
        | where Category == "AzureBackupReport"
        | where OperationName == "BackupItem"
        | where SchemaVersion_s == "V2"
        | where BackupItemType_s == "FileFolder" and BackupManagementType_s == "MAB"
        | distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
        | project BackupItemUniqueId_s , BackupItemFriendlyName_s
    )
    on BackupItemUniqueId_s
    | extend Vault= Resource
    | project-away Resource
    

诊断数据更新频率Diagnostic data update frequency

保管库中的诊断数据将传送到 Log Analytics 工作区,但会出现一定的延迟。The diagnostic data from the vault is pumped to the Log Analytics workspace with some lag. 从恢复服务保管库推送每个事件 20 到 30 分钟后,这些事件将抵达 Log Analytics 工作区。 Every event arrives at the Log Analytics workspace 20 to 30 minutes after it's pushed from the Recovery Services vault. 下面是有关延迟的更多详细信息:Here are further details about the lag:

  • 在所有解决方案中,一旦创建备份服务的内置警报,就会立即推送这些警报。Across all solutions, the backup service's built-in alerts are pushed as soon as they're created. 因此,它们通常会在 20 到 30 分钟后显示在 Log Analytics 工作区中。So they usually appear in the Log Analytics workspace after 20 to 30 minutes.
  • 在所有解决方案中,在完成按需备份作业和还原作业后,会立即推送这些作业。 Across all solutions, on-demand backup jobs and restore jobs are pushed as soon as they finish.
  • 对于除 SQL 备份以外的所有解决方案,在完成计划的备份作业后,会立即推送这些作业。 For all solutions except SQL backup, scheduled backup jobs are pushed as soon as they finish.
  • 对于 SQL 备份,由于日志备份可每隔 15 分钟发生,所有已完成的计划备份作业的信息(包括日志)将每隔 6 小时进行批处理和推送。For SQL backup, because log backups can occur every 15 minutes, information for all the completed scheduled backup jobs, including logs, is batched and pushed every 6 hours.
  • 在所有解决方案中,备份项、策略、恢复点、存储等其他信息每天至少推送一次。 Across all solutions, other information such as the backup item, policy, recovery points, storage, and so on, is pushed at least once per day.
  • 备份配置发生更改(例如更改策略或编辑策略)会触发所有相关备份信息的推送。A change in the backup configuration (such as changing policy or editing policy) triggers a push of all related backup information.

使用恢复服务保管库的活动日志Using the Recovery Services vault's activity logs

Caution

以下步骤仅适用于 Azure VM 备份。 The following steps apply only to Azure VM backups. 不能对 Azure 备份代理、Azure 中的 SQL 备份或 Azure 文件等解决方案使用这些步骤。You can't use these steps for solutions such as the Azure Backup agent, SQL backups within Azure, or Azure Files.

还可以使用活动日志来获取事件通知,例如备份成功。You can also use activity logs to get notification for events such as backup success. 遵循以下步骤开始:To begin, follow these steps:

  1. 登录 Azure 门户。Sign in into the Azure portal.
  2. 打开相关的恢复服务保管库。Open the relevant Recovery Services vault.
  3. 在保管库的属性中,打开“活动日志”部分。 In the vault's properties, open the Activity log section.

若要识别相应的日志并创建警报:To identify the appropriate log and create an alert:

  1. 应用下图中所示的筛选器,验证是否能够接收成功备份的活动日志。Verify that you're receiving activity logs for successful backups by applying the filters shown in the following image. 根据需要更改“时间跨度”值以查看记录。 Change the Timespan value as necessary to view records.

    通过筛选找到 Azure VM 备份的活动日志

  2. 选择操作名称以查看相关详细信息。Select the operation name to see the relevant details.

  3. 选择“新建警报规则”打开“创建规则”页。 Select New alert rule to open the Create rule page.

  4. 遵循使用 Azure Monitor 创建、查看和管理活动日志警报中的步骤创建警报。Create an alert by following the steps in Create, view, and manage activity log alerts by using Azure Monitor.

    新建警报规则

此处的资源是恢复服务保管库本身。Here the resource is the Recovery Services vault itself. 必须针对要在其中通过活动日志接收通知的所有保管库重复相同的步骤。You must repeat the same steps for all of the vaults in which you want to be notified through activity logs. 条件中不包含阈值、期限或频率,因为此警报基于事件。The condition won't have a threshold, period, or frequency because this alert is based on events. 生成相关的活动日志后,会立即引发警报。As soon as the relevant activity log is generated, the alert is raised.

使用 Log Analytics 进行大规模监视Using Log Analytics to monitor at scale

可以在 Azure Monitor 中查看从活动日志和 Log Analytics 工作区创建的所有警报。You can view all alerts created from activity logs and Log Analytics workspaces in Azure Monitor. 只需打开左侧的“警报”窗格即可。 Just open the Alerts pane on the left.

尽管你可以通过活动日志获取通知,但我们强烈建议使用 Log Analytics(而不是活动日志)进行大规模监视。Although you can get notifications through activity logs, we highly recommend using Log Analytics rather than activity logs for monitoring at scale. 原因如下:Here's why:

  • 方案受限:通过活动日志发送通知仅适用于 Azure VM 备份。Limited scenarios: Notifications through activity logs apply only to Azure VM backups. 必须为每个恢复服务保管库设置通知。The notifications must be set up for every Recovery Services vault.
  • 定义适应:计划的备份活动不能适应活动日志的最新定义。Definition fit: The scheduled backup activity doesn't fit with the latest definition of activity logs. 它与诊断日志相符。Instead, it aligns with diagnostic logs. 当通过活动日志通道传送数据发生变化时,这种相符性会导致意外的影响。This alignment causes unexpected effects when the data that flows through the activity log channel changes.
  • 活动日志通道的问题:在恢复服务保管库中,从 Azure 备份传送的活动日志遵循一个新的模型。Problems with the activity log channel: In Recovery Services vaults, activity logs that are pumped from Azure Backup follow a new model. 遗憾的是,此项更改会影响 Azure 政府、Azure 德国和 Azure 中国世纪互联的活动日志生成。Unfortunately, this change affects the generation of activity logs in Azure Government, Azure Germany, and Azure China 21Vianet. 如果这些云服务的用户在 Azure Monitor 中基于活动日志创建或配置了任何警报,将不会触发警报。If users of these cloud services create or configure any alerts from activity logs in Azure Monitor, the alerts aren't triggered.

使用 Log Analytics 工作区可对 Azure 备份保护的所有工作负荷进行大规模监视和发出警报。Use a Log Analytics workspace for monitoring and alerting at scale for all your workloads that are protected by Azure Backup.

后续步骤Next steps

若要创建自定义查询,请参阅 Log Analytics 数据模型To create custom queries, see Log Analytics data model.