适用于 Windows 的 Log Analytics 虚拟机扩展Log Analytics virtual machine extension for Windows
Azure Monitor 日志提供跨云和本地资产的监视功能。Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. 适用于 Windows 的 Log Analytics 代理虚拟机扩展由 Azure 发布和提供支持。The Log Analytics agent virtual machine extension for Windows is published and supported by Azure. 该扩展在 Azure 虚拟机上安装 Log Analytics 代理,并将虚拟机注册到现有的 Log Analytics 工作区中。The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. 本文档详细介绍适用于 Windows 的 Log Analytics 虚拟机扩展支持的平台、配置和部署选项。This document details the supported platforms, configurations, and deployment options for the Log Analytics virtual machine extension for Windows.
先决条件Prerequisites
操作系统Operating system
有关支持的 Windows 操作系统的详细信息,请参阅 Azure Monitor 代理的概述一文。For details about the supported Windows operating systems, refer to the Overview of Azure Monitor agents article.
代理和 VM 扩展版本Agent and VM Extension version
下表提供了每次发布的 Windows Log Analytics VM 扩展和 Log Analytics 代理捆绑包的版本映射。The following table provides a mapping of the version of the Windows Log Analytics VM extension and Log Analytics agent bundle for each release.
Log Analytics Windows 代理捆绑包版本Log Analytics Windows agent bundle version | Log Analytics Windows VM 扩展版本Log Analytics Windows VM extension version | 发布日期Release Date | 发行说明Release Notes |
---|---|---|---|
10.20.1805310.20.18053 | 1.0.18053.01.0.18053.0 | 2020 年 10 月October 2020 |
|
10.20.1804010.20.18040 | 1.0.18040.21.0.18040.2 | 2020 年 8 月August 2020 |
|
10.20.1803810.20.18038 | 1.0.180381.0.18038 | 2020 年 4 月April 2020 |
|
10.20.1802910.20.18029 | 1.0.180291.0.18029 | 2020 年 3 月March 2020 |
|
10.20.1801810.20.18018 | 1.0.180181.0.18018 | 2019 年 10 月October 2019 |
|
10.20.1801110.20.18011 | 1.0.180111.0.18011 | 2019 年 7 月July 2019 |
|
10.20.1800110.20.18001 | 1.0.180011.0.18001 | 2019 年 6 月June 2019 |
|
10.19.1351510.19.13515 | 1.0.135151.0.13515 | 2019 年 3 月March 2019 |
|
10.19.1000610.19.10006 | 不适用n/a | 2018 年 12 月Dec 2018 |
|
8.0.111368.0.11136 | 不适用n/a | 2018 年 9 月Sept 2018 |
|
8.0.111038.0.11103 | 不适用n/a | 2018 年 4 月April 2018 | |
8.0.110818.0.11081 | 1.0.110811.0.11081 | 2017 年 11 月Nov 2017 | |
8.0.110728.0.11072 | 1.0.110721.0.11072 | 2017 年 9 月Sept 2017 | |
8.0.110498.0.11049 | 1.0.110491.0.11049 | 2017 年 2 月Feb 2017 |
Azure 安全中心Azure Security Center
Azure 安全中心自动预配 Log Analytics 代理并将其连接到 Azure 订阅的默认 Log Analytics 工作区。Azure Security Center automatically provisions the Log Analytics agent and connects it with the default Log Analytics workspace of the Azure subscription. 如果使用 Azure 安全中心,请勿按照本文档中的步骤运行。If you are using Azure Security Center, do not run through the steps in this document. 这样做会覆盖已配置的工作区并断开与 Azure 安全中心的连接。Doing so overwrites the configured workspace and break the connection with Azure Security Center.
Internet 连接Internet connectivity
适用于 Windows 的 Log Analytics 代理扩展要求目标虚拟机已连接到 Internet。The Log Analytics agent extension for Windows requires that the target virtual machine is connected to the internet.
扩展架构Extension schema
以下 JSON 显示 Log Analytics 代理扩展的架构。The following JSON shows the schema for the Log Analytics agent extension. 此扩展需要目标 Log Analytics 工作区的工作区 ID 和工作区密钥。The extension requires the workspace ID and workspace key from the target Log Analytics workspace. 这些数据可在 Azure 门户的工作区设置中找到。These can be found in the settings for the workspace in the Azure portal. 由于工作区密钥应视为敏感数据,因此将它存储在受保护的设置配置中。Because the workspace key should be treated as sensitive data, it should be stored in a protected setting configuration. Azure VM 扩展的受保护设置数据已加密,并且只能在目标虚拟机上解密。Azure VM extension protected setting data is encrypted, and only decrypted on the target virtual machine. 请注意,workspaceId 和 workspaceKey 区分大小写。Note that workspaceId and workspaceKey are case-sensitive.
{
"type": "extensions",
"name": "OMSExtension",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "myWorkSpaceId"
},
"protectedSettings": {
"workspaceKey": "myWorkspaceKey"
}
}
}
属性值Property values
名称Name | 值/示例Value / Example |
---|---|
apiVersionapiVersion | 2015-06-152015-06-15 |
publisherpublisher | Microsoft.EnterpriseCloud.MonitoringMicrosoft.EnterpriseCloud.Monitoring |
typetype | MicrosoftMonitoringAgentMicrosoftMonitoringAgent |
typeHandlerVersiontypeHandlerVersion | 1.01.0 |
workspaceId (e.g)*workspaceId (e.g)* | 6f680a37-00c6-41c7-a93f-1437e34625746f680a37-00c6-41c7-a93f-1437e3462574 |
workspaceKey (e.g)workspaceKey (e.g) | z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ== |
* workspaceId 在 Log Analytics API 中称为 consumerId。* The workspaceId is called the consumerId in the Log Analytics API.
备注
有关其他属性,请参阅 Azure 的将 Windows 计算机连接到 Azure Monitor 一文。For additional properties see Azure Connect Windows Computers to Azure Monitor.
模板部署Template deployment
可使用 Azure Resource Manager 模板部署 Azure VM 扩展。Azure VM extensions can be deployed with Azure Resource Manager templates. 可以在 Azure 资源管理器模板中使用上一部分中详细介绍的 JSON 架构,以便在 Azure 资源管理器模板部署过程中运行 Log Analytics 代理扩展。The JSON schema detailed in the previous section can be used in an Azure Resource Manager template to run the Log Analytics agent extension during an Azure Resource Manager template deployment. 包含 Log Analytics 代理 VM 扩展的示例模板可以在 Azure 快速入门库中找到。A sample template that includes the Log Analytics agent VM extension can be found on the Azure Quickstart Gallery.
备注
需要将代理配置为向多个工作区报告时,此模板不支持指定多个工作区 ID 和工作区密钥。The template does not support specifying more than one workspace ID and workspace key when you want to configure the agent to report to multiple workspaces. 若要将代理配置为向多个工作区报告,请参阅添加或删除工作区。To configure the agent to report to multiple workspaces, see Adding or removing a workspace.
虚拟机扩展的 JSON 可以嵌套在虚拟机资源内,或放置在 Resource Manager JSON 模板的根级别或顶级别。The JSON for a virtual machine extension can be nested inside the virtual machine resource, or placed at the root or top level of a Resource Manager JSON template. JSON 的位置会影响资源名称和类型的值。The placement of the JSON affects the value of the resource name and type. 有关详细信息,请参阅设置子资源的名称和类型。For more information, see Set name and type for child resources.
以下示例假定 Log Analytics 扩展嵌套在虚拟机资源内。The following example assumes the Log Analytics extension is nested inside the virtual machine resource. 嵌套扩展资源时,JSON 放置在虚拟机的 "resources": []
对象中。When nesting the extension resource, the JSON is placed in the "resources": []
object of the virtual machine.
{
"type": "extensions",
"name": "OMSExtension",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "myWorkSpaceId"
},
"protectedSettings": {
"workspaceKey": "myWorkspaceKey"
}
}
}
将扩展 JSON 放置在模板的根部时,资源名称包括对父虚拟机的引用,并且类型反映了嵌套的配置。When placing the extension JSON at the root of the template, the resource name includes a reference to the parent virtual machine, and the type reflects the nested configuration.
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "<parentVmResource>/OMSExtension",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"workspaceId": "myWorkSpaceId"
},
"protectedSettings": {
"workspaceKey": "myWorkspaceKey"
}
}
}
PowerShell 部署PowerShell deployment
可以使用 Set-AzVMExtension
命令将 Log Analytics 代理虚拟机扩展部署到现有的虚拟机。The Set-AzVMExtension
command can be used to deploy the Log Analytics agent virtual machine extension to an existing virtual machine. 运行命令之前,需将公共和专用的配置存储在 PowerShell 哈希表中。Before running the command, the public and private configurations need to be stored in a PowerShell hash table.
$PublicSettings = @{"workspaceId" = "myWorkspaceId"}
$ProtectedSettings = @{"workspaceKey" = "myWorkspaceKey"}
Set-AzVMExtension -ExtensionName "MicrosoftMonitoringAgent" `
-ResourceGroupName "myResourceGroup" `
-VMName "myVM" `
-Publisher "Microsoft.EnterpriseCloud.Monitoring" `
-ExtensionType "MicrosoftMonitoringAgent" `
-TypeHandlerVersion 1.0 `
-Settings $PublicSettings `
-ProtectedSettings $ProtectedSettings `
-Location ChinaNorth
故障排除和支持Troubleshoot and support
疑难解答Troubleshoot
有关扩展部署状态的数据可以从 Azure 门户和使用 Azure PowerShell 模块进行检索。Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure PowerShell module. 若要查看给定 VM 的扩展部署状态,请使用 Azure PowerShell 模块运行以下命令。To see the deployment state of extensions for a given VM, run the following command using the Azure PowerShell module.
Get-AzVMExtension -ResourceGroupName myResourceGroup -VMName myVM -Name myExtensionName
扩展执行输出记录到在以下目录中发现的文件:Extension execution output is logged to files found in the following directory:
C:\WindowsAzure\Logs\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\
支持Support
如果对本文中的任何观点存在疑问,可以联系 Azure 支持上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on the Azure support. 或者,也可以提出 Azure 支持事件。Alternatively, you can file an Azure support incident. 请转到 Azure 支持站点提交请求。Go to the Azure support site and submit your request. 有关使用 Azure 支持的信息,请阅读 Azure 支持常见问题。For information about using Azure Support, read the Azure support FAQ.