适用于 Windows 的 Log Analytics 虚拟机扩展Log Analytics virtual machine extension for Windows

Azure Monitor 日志提供跨云和本地资产的监视功能。Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. 适用于 Windows 的 Log Analytics 代理虚拟机扩展由 Azure 发布和提供支持。The Log Analytics agent virtual machine extension for Windows is published and supported by Azure. 该扩展在 Azure 虚拟机上安装 Log Analytics 代理,并将虚拟机注册到现有的 Log Analytics 工作区中。The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. 本文档详细介绍适用于 Windows 的 Log Analytics 虚拟机扩展支持的平台、配置和部署选项。This document details the supported platforms, configurations, and deployment options for the Log Analytics virtual machine extension for Windows.

先决条件Prerequisites

操作系统Operating system

有关支持的 Windows 操作系统的详细信息,请参阅 Azure Monitor 代理的概述一文。For details about the supported Windows operating systems, refer to the Overview of Azure Monitor agents article.

代理和 VM 扩展版本Agent and VM Extension version

下表提供了每次发布的 Windows Log Analytics VM 扩展和 Log Analytics 代理捆绑包的版本映射。The following table provides a mapping of the version of the Windows Log Analytics VM extension and Log Analytics agent bundle for each release.

Log Analytics Windows 代理捆绑包版本Log Analytics Windows agent bundle version Log Analytics Windows VM 扩展版本Log Analytics Windows VM extension version 发布日期Release Date 发行说明Release Notes
10.20.1805310.20.18053 1.0.18053.01.0.18053.0 2020 年 10 月October 2020
  • 新代理疑难解答New Agent Troubleshooter
  • 代理如何处理 Azure 服务的证书更改的更新Updates to how the agent handles certificate changes to Azure services
10.20.1804010.20.18040 1.0.18040.21.0.18040.2 2020 年 8 月August 2020
  • 解决 Azure Arc 问题Resolves an issue on Azure Arc
10.20.1803810.20.18038 1.0.180381.0.18038 2020 年 4 月April 2020
  • 使用 Azure Monitor 专用链接作用域启用通过专用链接建立连接Enables connectivity over Private Link using Azure Monitor Private Link Scopes
  • 添加引入限制,以避免在引入工作区时突然出现意外流入Adds ingestion throttling to avoid a sudden, accidental influx in ingestion to a workspace
    • >
  • 解决 HealthService.exe 出现故障的 bugResolves a bug where HealthService.exe crashed
10.20.1802910.20.18029 1.0.180291.0.18029 2020 年 3 月March 2020
  • 添加 SHA-2 代码签名支持Adds SHA-2 code signing support
  • 改进了 VM 扩展安装和管理Improves VM extension installation and management
  • 解决了用于服务器的 Azure Arc 集成中的 BugResolves a bug in Azure Arc for Servers integration
  • 添加了用于客户支持的内置故障排除工具Adds a built-in troubleshooting tool for customer support
10.20.1801810.20.18018 1.0.180181.0.18018 2019 年 10 月October 2019
  • 次要 bug 修复和稳定性改进Minor bug fixes and stabilization improvements
10.20.1801110.20.18011 1.0.180111.0.18011 2019 年 7 月July 2019
  • 次要 bug 修复和稳定性改进Minor bug fixes and stabilization improvements
  • MaxExpressionDepth 已增加到10000Increased MaxExpressionDepth to 10000
10.20.1800110.20.18001 1.0.180011.0.18001 2019 年 6 月June 2019
  • 次要 bug 修复和稳定性改进Minor bug fixes and stabilization improvements
  • 添加了在建立代理连接时禁用默认凭据的功能(支持 WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH)Added ability to disable default credentials when making proxy connection (support for WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH)
10.19.1351510.19.13515 1.0.135151.0.13515 2019 年 3 月March 2019
  • 次要稳定性修复Minor stabilization fixes
10.19.1000610.19.10006 不适用n/a 2018 年 12 月Dec 2018
  • 次要稳定性修复Minor stabilization fixes
8.0.111368.0.11136 不适用n/a 2018 年 9 月Sept 2018
  • 添加了对 VM 移动时检测资源 ID 更改的支持Added support for detecting resource ID change on VM move
  • 添加了对使用非扩展安装时报告资源 ID 的支持Added Support for reporting resource ID when using non-extension install
8.0.111038.0.11103 不适用n/a 2018 年 4 月April 2018
8.0.110818.0.11081 1.0.110811.0.11081 2017 年 11 月Nov 2017
8.0.110728.0.11072 1.0.110721.0.11072 2017 年 9 月Sept 2017
8.0.110498.0.11049 1.0.110491.0.11049 2017 年 2 月Feb 2017

Azure 安全中心Azure Security Center

Azure 安全中心自动预配 Log Analytics 代理并将其连接到 Azure 订阅的默认 Log Analytics 工作区。Azure Security Center automatically provisions the Log Analytics agent and connects it with the default Log Analytics workspace of the Azure subscription. 如果使用 Azure 安全中心,请勿按照本文档中的步骤运行。If you are using Azure Security Center, do not run through the steps in this document. 这样做会覆盖已配置的工作区并断开与 Azure 安全中心的连接。Doing so overwrites the configured workspace and break the connection with Azure Security Center.

Internet 连接Internet connectivity

适用于 Windows 的 Log Analytics 代理扩展要求目标虚拟机已连接到 Internet。The Log Analytics agent extension for Windows requires that the target virtual machine is connected to the internet.

扩展架构Extension schema

以下 JSON 显示 Log Analytics 代理扩展的架构。The following JSON shows the schema for the Log Analytics agent extension. 此扩展需要目标 Log Analytics 工作区的工作区 ID 和工作区密钥。The extension requires the workspace ID and workspace key from the target Log Analytics workspace. 这些数据可在 Azure 门户的工作区设置中找到。These can be found in the settings for the workspace in the Azure portal. 由于工作区密钥应视为敏感数据,因此将它存储在受保护的设置配置中。Because the workspace key should be treated as sensitive data, it should be stored in a protected setting configuration. Azure VM 扩展的受保护设置数据已加密,并且只能在目标虚拟机上解密。Azure VM extension protected setting data is encrypted, and only decrypted on the target virtual machine. 请注意,workspaceIdworkspaceKey 区分大小写。Note that workspaceId and workspaceKey are case-sensitive.

{
    "type": "extensions",
    "name": "OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

属性值Property values

名称Name 值/示例Value / Example
apiVersionapiVersion 2015-06-152015-06-15
publisherpublisher Microsoft.EnterpriseCloud.MonitoringMicrosoft.EnterpriseCloud.Monitoring
typetype MicrosoftMonitoringAgentMicrosoftMonitoringAgent
typeHandlerVersiontypeHandlerVersion 1.01.0
workspaceId (e.g)*workspaceId (e.g)* 6f680a37-00c6-41c7-a93f-1437e34625746f680a37-00c6-41c7-a93f-1437e3462574
workspaceKey (e.g)workspaceKey (e.g) z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==

* workspaceId 在 Log Analytics API 中称为 consumerId。* The workspaceId is called the consumerId in the Log Analytics API.

备注

有关其他属性,请参阅 Azure 的将 Windows 计算机连接到 Azure Monitor 一文。For additional properties see Azure Connect Windows Computers to Azure Monitor.

模板部署Template deployment

可使用 Azure Resource Manager 模板部署 Azure VM 扩展。Azure VM extensions can be deployed with Azure Resource Manager templates. 可以在 Azure 资源管理器模板中使用上一部分中详细介绍的 JSON 架构,以便在 Azure 资源管理器模板部署过程中运行 Log Analytics 代理扩展。The JSON schema detailed in the previous section can be used in an Azure Resource Manager template to run the Log Analytics agent extension during an Azure Resource Manager template deployment. 包含 Log Analytics 代理 VM 扩展的示例模板可以在 Azure 快速入门库中找到。A sample template that includes the Log Analytics agent VM extension can be found on the Azure Quickstart Gallery.

备注

需要将代理配置为向多个工作区报告时,此模板不支持指定多个工作区 ID 和工作区密钥。The template does not support specifying more than one workspace ID and workspace key when you want to configure the agent to report to multiple workspaces. 若要将代理配置为向多个工作区报告,请参阅添加或删除工作区To configure the agent to report to multiple workspaces, see Adding or removing a workspace.

虚拟机扩展的 JSON 可以嵌套在虚拟机资源内,或放置在 Resource Manager JSON 模板的根级别或顶级别。The JSON for a virtual machine extension can be nested inside the virtual machine resource, or placed at the root or top level of a Resource Manager JSON template. JSON 的位置会影响资源名称和类型的值。The placement of the JSON affects the value of the resource name and type. 有关详细信息,请参阅设置子资源的名称和类型For more information, see Set name and type for child resources.

以下示例假定 Log Analytics 扩展嵌套在虚拟机资源内。The following example assumes the Log Analytics extension is nested inside the virtual machine resource. 嵌套扩展资源时,JSON 放置在虚拟机的 "resources": [] 对象中。When nesting the extension resource, the JSON is placed in the "resources": [] object of the virtual machine.

{
    "type": "extensions",
    "name": "OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

将扩展 JSON 放置在模板的根部时,资源名称包括对父虚拟机的引用,并且类型反映了嵌套的配置。When placing the extension JSON at the root of the template, the resource name includes a reference to the parent virtual machine, and the type reflects the nested configuration.

{
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "name": "<parentVmResource>/OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

PowerShell 部署PowerShell deployment

可以使用 Set-AzVMExtension 命令将 Log Analytics 代理虚拟机扩展部署到现有的虚拟机。The Set-AzVMExtension command can be used to deploy the Log Analytics agent virtual machine extension to an existing virtual machine. 运行命令之前,需将公共和专用的配置存储在 PowerShell 哈希表中。Before running the command, the public and private configurations need to be stored in a PowerShell hash table.

$PublicSettings = @{"workspaceId" = "myWorkspaceId"}
$ProtectedSettings = @{"workspaceKey" = "myWorkspaceKey"}

Set-AzVMExtension -ExtensionName "MicrosoftMonitoringAgent" `
    -ResourceGroupName "myResourceGroup" `
    -VMName "myVM" `
    -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
    -ExtensionType "MicrosoftMonitoringAgent" `
    -TypeHandlerVersion 1.0 `
    -Settings $PublicSettings `
    -ProtectedSettings $ProtectedSettings `
    -Location ChinaNorth

故障排除和支持Troubleshoot and support

疑难解答Troubleshoot

有关扩展部署状态的数据可以从 Azure 门户和使用 Azure PowerShell 模块进行检索。Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure PowerShell module. 若要查看给定 VM 的扩展部署状态,请使用 Azure PowerShell 模块运行以下命令。To see the deployment state of extensions for a given VM, run the following command using the Azure PowerShell module.

Get-AzVMExtension -ResourceGroupName myResourceGroup -VMName myVM -Name myExtensionName

扩展执行输出记录到在以下目录中发现的文件:Extension execution output is logged to files found in the following directory:

C:\WindowsAzure\Logs\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\

支持Support

如果对本文中的任何观点存在疑问,可以联系 Azure 支持上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on the Azure support. 或者,也可以提出 Azure 支持事件。Alternatively, you can file an Azure support incident. 请转到 Azure 支持站点提交请求。Go to the Azure support site and submit your request. 有关使用 Azure 支持的信息,请阅读 Azure 支持常见问题For information about using Azure Support, read the Azure support FAQ.