公共基本负载均衡器的 Azure Monitor 日志Azure Monitor logs for public Basic Load Balancer

可以在 Azure 中使用不同类型的日志对基本负载均衡器进行管理和故障排除。You can use different types of logs in Azure to manage and troubleshoot Basic Load Balancers. 可通过门户访问其中某些日志。Some of these logs can be accessed through the portal. 可以将日志流式传输到事件中心或 Log Analytics 工作区。Logs can be streamed to an event hub or a Log Analytics workspace. 所有日志都可从 Azure Blob 存储提取并在 Excel 和 Power BI 等各种工具中查看。All logs can be extracted from Azure blob storage, and viewed in different tools, such as Excel and Power BI. 可从下表了解有关各种类型日志的详细信息。You can learn more about the different types of logs from the list below.

  • 活动日志: 可以使用查看活动日志以监视对资源的操作,查看提交到 Azure 订阅的所有活动及其状态。Activity logs: You can use View activity logs to monitor actions on resources to view all activity being submitted to your Azure subscription(s), and their status. 活动日志默认情况下启用,并且可以在 Azure 门户中查看。Activity logs are enabled by default, and can be viewed in the Azure portal.
  • 警报事件日志: 可以使用此日志查看负载均衡器引发的警报。Alert event logs: You can use this log to view alerts raised by the load balancer. 每隔五分钟收集一次负载均衡器的状态。The status for the load balancer is collected every five minutes. 仅在引发了负载均衡器警报事件的情况下,才会向此日志写入相关内容。This log is only written if a load balancer alert event is raised.
  • 运行状况探测日志: 可以使用此日志查看运行状况探测器检测到的问题,例如后端池中由于运行状况探测失败未从负载均衡器接收请求的实例数。Health probe logs: You can use this log to view problems detected by your health probe, such as the number of instances in your backend-pool that are not receiving requests from the load balancer because of health probe failures. 当运行状况探测状态发生更改时,将写入此日志。This log is written to when there is a change in the health probe status.

重要

运行状况探测事件日志当前不起作用,已在 Azure 负载均衡器已知问题中列出。Health probe event logs are not currently functional and are listed in the known issues for the Azure Load Balancer. 日志仅适用于在资源管理器部署模型中部署的资源。Logs are only available for resources deployed in the Resource Manager deployment model. 不能将日志用于经典部署模型中的资源。You cannot use logs for resources in the classic deployment model. 有关部署模型的详细信息,请参阅了解 Resource Manager 部署和经典部署For more information about the deployment models, see Understanding Resource Manager deployment and classic deployment.

启用日志记录Enable logging

每个 Resource Manager 资源都会自动启用活动日志记录。Activity logging is automatically enabled for every Resource Manager resource. 需启用事件和运行状况探测日志记录才能开始收集通过这些日志提供的数据。Enable event and health probe logging to start collecting the data available through those logs. 使用以下步骤启用日志记录。Use the following steps to enable logging.

登录到 Azure 门户Sign in to the Azure portal. 如果用户还没有负载均衡器,请先 创建负载均衡器 ,并继续。If you don't already have a load balancer, create a load balancer before you continue.

  1. 在门户中,单击“资源组”。In the portal, click Resource groups.

  2. 选择负载均衡器所在的 <resource-group-name>Select <resource-group-name> where your load balancer is.

  3. 选择负载均衡器。Select your load balancer.

  4. 选择“监视” > “诊断设置” 。Select Monitoring > Diagnostic settings.

  5. 在“诊断设置”窗格中,在“诊断设置”下选择“添加诊断设置”。 In the Diagnostics settings pane, under Diagnostics settings, select + Add diagnostic setting.

  6. 在“诊断设置”创建窗格中,在“名称”字段中输入“myLBDiagnostics” 。In the Diagnostics settings creation pane, enter myLBDiagnostics in the Name field.

  7. “诊断设置”有三个选项。You have three options for the Diagnostics settings. 可以选择一个、两个或全部三个,并根据要求对各选项进行配置:You can choose one, two or all three and configure each for your requirements:

    • 存档到存储帐户Archive to a storage account
    • 流式传输到事件中心Stream to an event hub
    • 发送到 Log AnalyticsSend to Log Analytics

    存档到存储帐户Archive to a storage account

    此进程需要已创建好的存储帐户。You'll need a storage account already created for this process. 若要创建存储帐户,请参阅创建存储帐户To create a storage account, see Create a storage account

    1. 选中“存档到存储帐户”旁的复选框。Select the checkbox next to Archive to a storage account.
    2. 选择“配置”,打开“选择存储帐户”窗格 。Select Configure to open the Select a storage account pane.
    3. 在下拉框中,选择在其中创建了存储帐户的“订阅”。Select the Subscription where your storage account was created in the pull-down box.
    4. 在下拉框中,在“存储帐户”下选择存储帐户的名称。Select the name of your storage account under Storage account in the pull-down box.
    5. 选择“确定”。Select OK.

    流式传输到事件中心Stream to an event hub

    此进程需要已创建好的事件中心。You'll need an event hub already created for this process. 若要创建事件中心,请参阅快速入门:使用 Azure 门户创建事件中心To create an event hub, see Quickstart: Create an event hub using Azure portal

    1. 选中“流式传输到事件中心”旁的复选框Select the checkbox next to Stream to an event hub
    2. 选择“配置”,打开“选择事件中心”窗格 。Select Configure to open the Select event hub pane.
    3. 在下拉框中,选择在其中创建了事件中心的“订阅”。Select the Subscription where your event hub was created in the pull-down box.
    4. 在下拉框中,选择“事件中心命名空间”。Select event hub namespace in the pull-down box.
    5. 在下拉框中,选择“事件中心策略名称”。Select event hub policy name in the pull-down box.
    6. 选择“确定”。Select OK.

    发送到 Log AnalyticsSend to Log Analytics

    此进程需要已创建并配置好的 Log Analytics 工作区。You'll need to already have a log analytics workspace created and configured for this process. 若要创建 Log Analytics 工作区,请参阅在 Azure 门户中创建 Log Analytics 工作区To create a Log Analytics workspace, see Create a Log Analytics workspace in the Azure portal

    1. 选择“发送到 Log Analytics”旁的复选框。Select the checkbox next to Send to Log Analytics.
    2. 在下拉框中,选择 Log Analytics 工作区所在的“订阅”。Select the Subscription where your Log Analytics workspace is in the pull-down box.
    3. 在下拉框中选择“Log Analytics 工作区”。Select the Log Analytics Workspace in the pull-down box.
  8. 在“诊断设置”窗格的“指标”部分下 ,选中以下项旁边的复选框:Beneath the METRIC section in the Diagnostics settings pane, select the check box next to:

  • AllMetricsAllMetrics
  1. 检查确认所有内容都正确,然后单击创建“诊断设置”窗格顶部的“保存” 。Verify everything looks correct and click Save at the top of the create Diagnostic settings pane.

活动日志Activity log

默认生成活动日志。The activity log is generated by default. 日志在 Azure 的事件日志存储区中保留 90 天。The logs are preserved for 90 days in Azure's Event Logs store. 若要了解这些日志的详细信息,请阅读查看活动日志以监视对资源的操作一文。Learn more about these logs by reading the View activity logs to monitor actions on resources article.

存档到存储帐户日志Archive to storage account logs

警报事件日志Alert event log

只有基于每个负载均衡器启用了此日志,才会生成此日志。This log is only generated if you've enabled it on a per load balancer basis. 事件以 JSON 格式记录,并存储在启用日志记录时指定的存储帐户中。The events are logged in JSON format and stored in the storage account you specified when you enabled the logging. 下面是关于事件的示例。The following example is of an event.

{
    "time": "2016-01-26T10:37:46.6024215Z",
    "systemId": "32077926-b9c4-42fb-94c1-762e528b5b27",
    "category": "LoadBalancerAlertEvent",
    "resourceId": "/SUBSCRIPTIONS/XXXXXXXXXXXXXXXXX-XXXX-XXXX-XXXXXXXXX/RESOURCEGROUPS/RG7/PROVIDERS/MICROSOFT.NETWORK/LOADBALANCERS/WWEBLB",
    "operationName": "LoadBalancerProbeHealthStatus",
    "properties": {
        "eventName": "Resource Limits Hit",
        "eventDescription": "Ports exhausted",
        "eventProperties": {
            "public ip address": "40.117.227.32"
        }
    }
}

JSON 输出显示的“eventname”属性说明负载均衡器创建警报的原因。The JSON output shows the eventname property, which will describe the reason for the load balancer created an alert. 在本示例中,生成警报是因为源 IP NAT 限制 (SNAT) 导致 TCP 端口耗竭。In this case, the alert generated was because of TCP port exhaustion caused by source IP NAT limits (SNAT).

运行状况探测日志Health probe log

只有你按照上述详细步骤基于每个负载均衡器启用了该日志,才会生成该日志。This log is only generated if you've enabled it on a per load balancer basis as detailed above. 数据存储在启用日志记录时指定的存储帐户中。The data is stored in the storage account you specified when you enabled the logging. 创建了名为“insights-logs-loadbalancerprobehealthstatus”的容器并记录了以下数据:A container named 'insights-logs-loadbalancerprobehealthstatus' is created and the following data is logged:

{
    "records":[
    {
        "time": "2016-01-26T10:37:46.6024215Z",
        "systemId": "32077926-b9c4-42fb-94c1-762e528b5b27",
        "category": "LoadBalancerProbeHealthStatus",
        "resourceId": "/SUBSCRIPTIONS/XXXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX/RESOURCEGROUPS/RG7/PROVIDERS/MICROSOFT.NETWORK/LOADBALANCERS/WWEBLB",
        "operationName": "LoadBalancerProbeHealthStatus",
        "properties": {
            "publicIpAddress": "40.83.190.158",
            "port": "81",
            "totalDipCount": 2,
            "dipDownCount": 1,
            "healthPercentage": 50.000000
        }
    },
    {
        "time": "2016-01-26T10:37:46.6024215Z",
        "systemId": "32077926-b9c4-42fb-94c1-762e528b5b27",
        "category": "LoadBalancerProbeHealthStatus",
        "resourceId": "/SUBSCRIPTIONS/XXXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX/RESOURCEGROUPS/RG7/PROVIDERS/MICROSOFT.NETWORK/LOADBALANCERS/WWEBLB",
        "operationName": "LoadBalancerProbeHealthStatus",
        "properties": {
            "publicIpAddress": "40.83.190.158",
            "port": "81",
            "totalDipCount": 2,
            "dipDownCount": 0,
            "healthPercentage": 100.000000
        }
    }]
}

JSON 输出在属性字段显示了探测运行状况的基本信息。The JSON output shows in the properties field the basic information for the probe health status. “dipDownCount”属性显示在后端因探测响应失败而收不到网络流量的实例的总数。The dipDownCount property shows the total number of instances on the back-end, which are not receiving network traffic because of failed probe responses.

查看和分析活动日志View and analyze the activity log

可使用以下任意方法查看和分析活动日志数据:You can view and analyze activity log data using any of the following methods:

  • Azure 工具: 通过 Azure PowerShell、Azure 命令行接口 (CLI)、Azure REST API 或 Azure 门户检索活动日志中的信息。Azure tools: Retrieve information from the activity log through Azure PowerShell, the Azure Command Line Interface (CLI), the Azure REST API, or the Azure portal. 使用 Resource Manager 审核操作一文中详细介绍了每种方法的分步说明。Step-by-step instructions for each method are detailed in the Audit operations with Resource Manager article.
  • Power BI: 如果还没有 Power BI 帐户,可以选择试用。Power BI: If you don't already have a Power BI account, you can try it. 使用适用于 Power BI 的 Azure 审核日志内容包,可以借助预配置的仪表板分析数据,也可以自定义视图来满足自己的要求。Using the Azure Audit Logs content pack for Power BI, you can analyze your data with pre-configured dashboards, or you can customize views to suit your requirements.

查看和分析运行状况探测和事件日志View and analyze the health probe and event log

需要连接到存储帐户并检索事件和运行状况探测日志的 JSON 日志项。Connect to your storage account and retrieve the JSON log entries for event and health probe logs. 下载 JSON 文件后,可以将它们转换为 CSV 并在 Excel、Power BI 或任何其他数据可视化工具中查看。Once you download the JSON files, you can convert them to CSV and view in Excel, Power BI, or any other data visualization tool.

提示

如果熟悉 Visual Studio 和更改 C# 中的常量和变量值的基本概念,则可以使用 GitHub 提供的日志转换器工具If you are familiar with Visual Studio and basic concepts of changing values for constants and variables in C#, you can use the log converter tools available from GitHub.

流式传输到事件中心Stream to an event hub

将诊断信息流式传输到事件中心后,可以通过 Azure Monitor 集成将其用于第三方 SIEM 工具中的集中式日志分析。When diagnostic information is streamed to an event hub, it can be used for centralized log analysis in a third-party SIEM tool with Azure Monitor Integration. 有关详细信息,请参阅将 Azure 监视数据流式传输到事件中心For more information, see Stream Azure monitoring data to an event hub

发送到 Log AnalyticsSend to Log Analytics

Azure 中的资源可以将其诊断信息直接发送到 Log Analytics 工作区,在此工作区中,可以针对信息运行复杂的查询以进行故障排除和分析。Resources in Azure can have their diagnostic information sent directly to a Log Analytics workspace where complex queries can be run against the information for troubleshooting and analysis. 有关详细信息,请参阅在 Azure Monitor 的 Log Analytics 工作区中收集 Azure 资源日志For more information, see Collect Azure resource logs in Log Analytics workspace in Azure Monitor

后续步骤Next steps

了解负载均衡器探测Understand load balancer probes