适用于 Linux 的 Log Analytics 虚拟机扩展Log Analytics virtual machine extension for Linux

概述Overview

Azure Monitor 日志提供跨云和本地资产的监视、警报和警报修正功能。Azure Monitor Logs provides monitoring, alerting, and alert remediation capabilities across cloud and on-premises assets. 适用于 Linux 的 Log Analytics 虚拟机扩展由 Azure 发布并提供支持。The Log Analytics virtual machine extension for Linux is published and supported by Azure. 该扩展在 Azure 虚拟机上安装 Log Analytics 代理,并将虚拟机注册到现有的 Log Analytics 工作区中。The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. 本文档详细介绍适用于 Linux 的 Log Analytics 虚拟机扩展支持的平台、配置和部署选项。This document details the supported platforms, configurations, and deployment options for the Log Analytics virtual machine extension for Linux.

备注

从 Microsoft Operations Management Suite (OMS) 过渡到 Azure Monitor 期间,Windows 或 Linux 的 OMS 代理称为 Windows 或 Linux 的 Log Analytics 代理。As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

先决条件Prerequisites

操作系统Operating system

有关支持的 Linux 发行版的详细信息,请参阅 Azure Monitor 代理的概述一文。For details about the supported Linux distributions, refer to the Overview of Azure Monitor agents article.

代理和 VM 扩展版本Agent and VM Extension version

下表提供每次发布的 Log Analytics VM 扩展和 Log Analytics 代理捆绑包的版本映射。The following table provides a mapping of the version of the Log Analytics VM extension and Log Analytics agent bundle for each release. 并附有 Log Analytics 代理捆绑包版本的发行说明链接。A link to the release notes for the Log Analytics agent bundle version is included. 发行说明包括有关可用于给定代理版本的 bug 修补程序和新功能的详细信息。Release notes include details on bug fixes and new features available for a given agent release.

Log Analytics Linux VM 扩展版本Log Analytics Linux VM extension version Log Analytics 代理捆绑包版本Log Analytics Agent bundle version
1.13.131.13.13 1.13.7-01.13.7-0
1.12.251.12.25 1.12.15-01.12.15-0
1.11.151.11.15 1.11.0-91.11.0-9
1.10.01.10.0 1.10.0-11.10.0-1
1.9.11.9.1 1.9.0-01.9.0-0
1.8.111.8.11 1.8.1-2561.8.1-256
1.8.01.8.0 1.8.0-2561.8.0-256
1.7.91.7.9 1.6.1-31.6.1-3
1.6.42.01.6.42.0 1.6.0-421.6.0-42
1.4.60.21.4.60.2 1.4.4-2101.4.4-210
1.4.59.11.4.59.1 1.4.3-1741.4.3-174
1.4.58.71.4.58.7 14.2-12514.2-125
1.4.56.51.4.56.5 1.4.2-1241.4.2-124
1.4.55.41.4.55.4 1.4.1-1231.4.1-123
1.4.45.31.4.45.3 1.4.1-451.4.1-45
1.4.45.21.4.45.2 1.4.0-451.4.0-45
1.3.127.51.3.127.5 1.3.5-1271.3.5-127
1.3.127.71.3.127.7 1.3.5-1271.3.5-127
1.3.18.71.3.18.7 1.3.4-151.3.4-15

Azure 安全中心Azure Security Center

Azure 安全中心自动预配 Log Analytics 代理并将其连接到 Azure 订阅中由 ASC 创建的默认 Log Analytics 工作区。Azure Security Center automatically provisions the Log Analytics agent and connects it to a default Log Analytics workspace created by ASC in your Azure subscription. 如果使用 Azure 安全中心,请勿按照本文档中的步骤运行。If you are using Azure Security Center, do not run through the steps in this document. 这样做会覆盖已配置的工作区并断开与 Azure 安全中心的连接。Doing so overwrites the configured workspace and breaks the connection with Azure Security Center.

Internet 连接Internet connectivity

适用于 Linux 的 Log Analytics 代理扩展要求目标虚拟机已连接到 Internet。The Log Analytics Agent extension for Linux requires that the target virtual machine is connected to the internet.

扩展架构Extension schema

以下 JSON 显示 Log Analytics 代理扩展的架构。The following JSON shows the schema for the Log Analytics Agent extension. 此扩展需要目标 Log Analytics 工作区的工作区 ID 和工作区密钥,这些值可在 Azure 门户中的 Log Analytics 工作区中找到。The extension requires the workspace ID and workspace key from the target Log Analytics workspace; these values can be found in your Log Analytics workspace in the Azure portal. 由于工作区密钥应视为敏感数据,因此将它存储在受保护的设置配置中。Because the workspace key should be treated as sensitive data, it should be stored in a protected setting configuration. Azure VM 扩展的受保护设置数据已加密,并且只能在目标虚拟机上解密。Azure VM extension protected setting data is encrypted, and only decrypted on the target virtual machine. 请注意,workspaceIdworkspaceKey 区分大小写。Note that workspaceId and workspaceKey are case-sensitive.

{
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "name": "OMSExtension",
  "apiVersion": "2018-06-01",
  "location": "<location>",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', <vm-name>)]"
  ],
  "properties": {
    "publisher": "Microsoft.EnterpriseCloud.Monitoring",
    "type": "OmsAgentForLinux",
    "typeHandlerVersion": "1.13",
    "autoUpgradeMinorVersion": true,
    "settings": {
      "workspaceId": "myWorkspaceId"
    },
    "protectedSettings": {
      "workspaceKey": "myWorkSpaceKey"
    }
  }
}

备注

上面的架构假定,将其放置在模板的根级别。The schema above assumes that it will be placed at the root level of the template. 如果将其放在模板的虚拟机资源中,则应更改 typename 属性,如后文所述。If you put it inside the virtual machine resource in the template, the type and name properties should be changed, as described further down.

属性值Property values

名称Name 值/示例Value / Example
apiVersionapiVersion 2018-06-012018-06-01
publisherpublisher Microsoft.EnterpriseCloud.MonitoringMicrosoft.EnterpriseCloud.Monitoring
typetype OmsAgentForLinuxOmsAgentForLinux
typeHandlerVersiontypeHandlerVersion 1.71.7
workspaceId (e.g)workspaceId (e.g) 6f680a37-00c6-41c7-a93f-1437e34625746f680a37-00c6-41c7-a93f-1437e3462574
workspaceKey (e.g)workspaceKey (e.g) z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==

模板部署Template deployment

可使用 Azure Resource Manager 模板部署 Azure VM 扩展。Azure VM extensions can be deployed with Azure Resource Manager templates. 部署需要进行部署后配置(例如,载入 Azure Monitor 日志)的一个或多个虚拟机时,模板是理想选择。Templates are ideal when deploying one or more virtual machines that require post deployment configuration such as onboarding to Azure Monitor Logs. 包含 Log Analytics 代理 VM 扩展的示例资源管理器模板可以在 Azure 快速入门库中找到。A sample Resource Manager template that includes the Log Analytics Agent VM extension can be found on the Azure Quickstart Gallery.

虚拟机扩展的 JSON 配置可以嵌套在虚拟机资源内,或放置在资源管理器 JSON 模板的根级别或顶级别。The JSON configuration for a virtual machine extension can be nested inside the virtual machine resource, or placed at the root or top level of a Resource Manager JSON template. JSON 的位置会影响资源名称和类型的值。The placement of the JSON configuration affects the value of the resource name and type. 有关详细信息,请参阅设置子资源的名称和类型For more information, see Set name and type for child resources.

以下示例假定 VM 扩展嵌套在虚拟机资源内。The following example assumes the VM extension is nested inside the virtual machine resource. 嵌套扩展资源时,JSON 放置在虚拟机的 "resources": [] 对象中。When nesting the extension resource, the JSON is placed in the "resources": [] object of the virtual machine.

{
  "type": "extensions",
  "name": "OMSExtension",
  "apiVersion": "2018-06-01",
  "location": "<location>",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', <vm-name>)]"
  ],
  "properties": {
    "publisher": "Microsoft.EnterpriseCloud.Monitoring",
    "type": "OmsAgentForLinux",
    "typeHandlerVersion": "1.7",
    "settings": {
      "workspaceId": "myWorkspaceId"
    },
    "protectedSettings": {
      "workspaceKey": "myWorkSpaceKey"
    }
  }
}

将扩展 JSON 放置在模板的根部时,资源名称包括对父虚拟机的引用,并且类型反映了嵌套的配置。When placing the extension JSON at the root of the template, the resource name includes a reference to the parent virtual machine, and the type reflects the nested configuration.

{
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "name": "<parentVmResource>/OMSExtension",
  "apiVersion": "2018-06-01",
  "location": "<location>",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', <vm-name>)]"
  ],
  "properties": {
    "publisher": "Microsoft.EnterpriseCloud.Monitoring",
    "type": "OmsAgentForLinux",
    "typeHandlerVersion": "1.7",
    "settings": {
      "workspaceId": "myWorkspaceId"
    },
    "protectedSettings": {
      "workspaceKey": "myWorkSpaceKey"
    }
  }
}

Azure CLI 部署Azure CLI deployment

可以使用 Azure CLI 将 Log Analytics 代理 VM 扩展部署到现有的虚拟机。The Azure CLI can be used to deploy the Log Analytics Agent VM extension to an existing virtual machine. 将下面的 myWorkspaceKey 值替换为工作区密钥,并将 myWorkspaceId 值替换为工作区 ID。Replace the myWorkspaceKey value below with your workspace key and the myWorkspaceId value with your workspace ID. 这些值可以在 Azure 门户的 Log Analytics 工作区中的“高级设置”下找到。These values can be found in your Log Analytics workspace in the Azure portal under Advanced Settings.

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name OmsAgentForLinux \
  --publisher Microsoft.EnterpriseCloud.Monitoring \
  --version 1.10.1 --protected-settings '{"workspaceKey":"myWorkspaceKey"}' \
  --settings '{"workspaceId":"myWorkspaceId"}'

备注

当我们在 Microsoft PowrShell 环境中运行 Azure CLI 时,应在相应的脚本中替换以下格式:When we run the Azure CLI on Microsoft PowrShell environment, we should replace the following format in corresponding script:

  1. \ 的串联替换为 ```。Repalce the concatenation of \ with ```.
  2. protected-settingssettings 的属性替换为实际值。Replace the properties of protected-settings and settings with actual values. --protected-settings "{'workspaceKey':'myWorkspaceKey'}" --settings "{'workspaceId':'myWorkspaceId'}"

故障排除和支持Troubleshoot and support

故障排除Troubleshoot

有关扩展部署状态的数据可以从 Azure 门户和使用 Azure CLI 进行检索。Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure CLI. 若要查看给定 VM 的扩展部署状态,请使用 Azure CLI 运行以下命令。To see the deployment state of extensions for a given VM, run the following command using the Azure CLI.

az vm extension list --resource-group myResourceGroup --vm-name myVM -o table

扩展执行输出将记录到以下文件:Extension execution output is logged to the following file:

/opt/microsoft/omsagent/bin/stdout

错误代码及其含义Error codes and their meanings

错误代码Error Code 含义Meaning 可能的操作Possible Action
99 过早调用 enableEnable called prematurely Azure Linux 代理更新为可用的最新版本。Update the Azure Linux Agent to the latest available version.
10 个10 VM 已连接至 Log Analytics 工作区VM is already connected to a Log Analytics workspace 要将 VM 连接到扩展架构中指定的工作区,请在公共设置中将“stopOnMultipleConnections”设置为 false,或删除该属性。To connect the VM to the workspace specified in the extension schema, set stopOnMultipleConnections to false in public settings or remove this property. 连接到工作区后,此 VM 立即开始计费。This VM gets billed once for each workspace it is connected to.
1111 提供给扩展的无效配置Invalid config provided to the extension 按上述示例设置部署所需的所有属性值。Follow the preceding examples to set all property values necessary for deployment.
1717 Log Analytics 包安装失败Log Analytics package installation failure
1919 OMI 包安装失败OMI package installation failure
20 个20 SCX 包安装失败SCX package installation failure
5151 VM 的操作系统不支持此扩展This extension is not supported on the VM's operation system
5555 无法连接到 Azure Monitor 服务或缺少所需的包或 dpkg 包管理器已锁定Cannot connect to the Azure Monitor service or required packages missing or dpkg package manager is locked 确保系统具有 Internet 访问权限,或已提供有效 HTTP 代理。Check that the system either has Internet access, or that a valid HTTP proxy has been provided. 此外,检查工作区 ID 的正确性,并验证是否已安装 curl 和 tar 实用程序。Additionally, check the correctness of the workspace ID, and verify curl and tar utilities are installed.

有关其他故障排除信息,可查看 Log Analytics-Agent-for-Linux 故障排除指南Additional troubleshooting information can be found on the Log Analytics-Agent-for-Linux Troubleshooting Guide.

支持Support

如果对本文中的任何观点存在疑问,可以联系 Azure 支持上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on the Azure support. 或者,也可以提出 Azure 支持事件。Alternatively, you can file an Azure support incident. 请转到 Azure 支持站点提交请求。Go to the Azure support site and submit your request. 有关使用 Azure 支持的信息,请阅读 Azure 支持常见问题For information about using Azure Support, read the Azure support FAQ.