Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to enable monitoring for virtual machines, virtual machine scale sets, and Arc-enabled servers at scale using command line tools that allow you to use infrastructure as code (IaC) tools and automation methods. These methods allow you to consistently deploy monitoring across your VM fleet and integrate monitoring configuration into your DevOps pipelines.
Note
- To enable monitoring for a single virtual machine using the Azure portal, see Tutorial: Enable enhanced monitoring for an Azure virtual machine.
- To enable monitoring for a virtual machine scale set using the Azure portal, see Tutorial: Enable monitoring for an Azure virtual machine scale set.
Supported machines
- Azure virtual machines
- Azure virtual machine scale sets
- Arc-enabled servers
For a list of supported operating systems, see Azure Monitor agent supported operating systems.
Prerequisites
- Azure Monitor workspace if you enable OpenTelemetry metrics (preview). See Create an Azure Monitor workspace.
- Log Analytics workspace if you enable logs-based metrics or collect logs. See Create a Log Analytics workspace.
- Permissions to create data collection rules (DCRs) and associate them with VMs. See Data collection rule permissions.
- Azure Connected Machine agent if you're monitoring virtual machines hosted outside of Azure. You must first install the Connected Machine agent so that the machine can be managed through Azure Arc-enabled servers before you can install the Azure Monitor agent and enable monitoring. See Connect a machine to Arc-enabled servers.
Overview
Enabling full monitoring by collecting data from the guest operating system and workloads of a virtual machine by Azure Monitor involves three steps as shown in the following table. When you enable enhanced monitoring or create a DCR in the Azure portal, each of these steps is completed for you automatically.
| Step | Description |
|---|---|
| Install the Azure Monitor agent | The agent needs to be installed on each virtual machine to be monitored. This only needs to be completed once since the agent can use any number of DCRs that each collect different data. |
| Create data collection rules (DCRs) | Each DCR specifies data to collect and where to send it. You can create your own DCRs or use existing ones depending on your requirements. You need to understand the different types of DCRs and their purposes to determine which ones to use. |
| Associate DCRs with VMs | When you create an association between a VM and a DCR, the agent downloads that DCR and begins data collection. Create associations with multiple DCRs for the agent to collect different types of data. Remove associations to stop data collection. |
Note
To enable monitoring at scale using Azure Policy, see Enable VM insights using Azure Policy.
Install Azure Monitor agent
The first step is to install the Azure Monitor agent extension on your virtual machines and Arc-enabled servers.
Azure virtual machine
# Windows
az vm extension set \
--name AzureMonitorWindowsAgent \
--publisher Microsoft.Azure.Monitor \
--vm-name <vm-name> \
--resource-group <resource-group>
# Linux
az vm extension set \
--name AzureMonitorLinuxAgent \
--publisher Microsoft.Azure.Monitor \
--vm-name <vm-name> \
--resource-group <resource-group>
Arc-enabled server
# Windows
az connectedmachine extension create \
--name AzureMonitorWindowsAgent \
--publisher Microsoft.Azure.Monitor \
--type AzureMonitorWindowsAgent \
--machine-name <arc-server-name> \
--resource-group <resource-group> \
--location <location>
# Linux
az connectedmachine extension create \
--name AzureMonitorLinuxAgent \
--publisher Microsoft.Azure.Monitor \
--type AzureMonitorLinuxAgent \
--machine-name <arc-server-name> \
--resource-group <resource-group> \
--location <location>
Virtual machine scale set
# Windows
az vmss extension set \
--name AzureMonitorWindowsAgent \
--publisher Microsoft.Azure.Monitor \
--vmss-name <vmss-name> \
--resource-group <resource-group>
# Linux
az vmss extension set \
--name AzureMonitorLinuxAgent \
--publisher Microsoft.Azure.Monitor \
--vmss-name <vmss-name> \
--resource-group <resource-group>
Create data collection rules
Data collection rules (DCRs) define what data to collect from the Azure Monitor agent and where to send it. You can create different types of DCRs depending on what you want to monitor. Some DCRs will enable features in the Azure portal such as the enhanced monitoring experience for VMs, while others will collect specific types of logs or metrics that you can use for analysis or alerting.
DCRs are structured in JSON. When you create DCRs using the Azure portal, you don't require any knowledge of the DCR structure. You may need to understand the DCR structure though to create DCRs from scratch or to add advanced functionality to existing DCRs such as adding a transformation.
The following table describes the most common DCR types used for VM monitoring. For a complete list of DCR types and their structures, see Data collection rule structure. For details on creating DCRs, see Data collection rules: Create and edit.
| DCR Type | Description |
|---|---|
| OpenTelemetry metrics | Collects system-level performance counters using OpenTelemetry standards. Enables the metrics-based experience for VM monitoring in the Azure portal. Use the DCR definition below. Modify the counterSpecifiers section to add metrics to be collected. See Customize OpenTelemetry metrics for Azure virtual machines. |
| Log based metrics | Collects predefined performance counters in a Log Analytics workspace. Enables the classic logs-based experience in the Azure portal. Use the DCR definition below. This DCR shouldn't be modified. |
| Logs | Collect different types of logs from the VM, including Windows events and Syslog. These DCRs don't enable any additional experiences in Azure Monitor, but they can be analyzed with Log Analytics and used for alerting. See Collect guest log data from virtual machines with Azure Monitor for a description of the different data sources available. See Data collection rule (DCR) samples in Azure Monitor for sample DCR definitions for log collection. |
Use the following DCR definitions to enable enhanced monitoring for a virtual machine. The only modification needed is to update the location and destination workspace in each definition to point to your Azure Monitor workspace for OpenTelemetry metrics or your Log Analytics workspace for logs-based metrics.
Metrics-based experience (preview)
{
"location": "<location>",
"properties": {
"dataSources": {
"performanceCountersOTel": [
{
"streams": "Microsoft-OtelPerfMetrics",
"samplingFrequencyInSeconds": 60,
"counterSpecifiers": [
"system.filesystem.usage",
"system.disk.io",
"system.disk.operation_time",
"system.disk.operations",
"system.memory.usage",
"system.network.io",
"system.cpu.time",
"system.network.dropped",
"system.network.errors",
"system.uptime"
],
"name": "OtelPerfCounters"
}
]
},
"destinations": {
"monitoringAccounts": [
{
"accountResourceId": "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Monitor/accounts/<workspace-name>",
"name": "MonitoringAccount"
}
]
},
"dataFlows": [
{
"streams": [
"Microsoft-OtelPerfMetrics"
],
"destinations": [
"MonitoringAccount"
]
}
]
}
}
Logs-based experience (classic)
{
"location": "<location>",
"properties": {
"description": "Data collection rule for VM Insights.",
"dataSources": {
"performanceCounters": [
{
"name": "VMInsightsPerfCounters",
"streams": [
"Microsoft-InsightsMetrics"
],
"scheduledTransferPeriod": "PT1M",
"samplingFrequencyInSeconds": 60,
"counterSpecifiers": [
"\\VmInsights\\DetailedMetrics"
]
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.OperationalInsights/workspaces/<workspace-name>",
"name": "VMInsightsPerf-Logs-Dest"
}
]
},
"dataFlows": [
{
"streams": [
"Microsoft-InsightsMetrics"
],
"destinations": [
"VMInsightsPerf-Logs-Dest"
]
}
]
}
}
Save the DCR definition to a JSON file and use it to create a DCR with the following commands.
az monitor data-collection rule create \
--name <dcr-name> \
--resource-group <resource-group> \
--location <location> \
--rule-file <path-to-json-file>
Associate DCRs with VMs
The final step is to create associations between your DCRs and your VMs. This activates the DCRs and tells the Azure Monitor agent to begin collecting data based on the rules defined in the DCR. You can create multiple associations for a VM if you want to collect different types of data. You can also remove associations to stop data collection from specific DCRs without affecting other associations or the agent itself.
Azure VM
az monitor data-collection rule association create \
--name "dcr-association" \
--rule-id /subscriptions/<subscription-id>/resourceGroups/<resource-group>/microsoft.insights/datacollectionrules/<dcr-name>
--resource /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Compute/virtualMachines/<vm-name>
Azure VM scale set
az monitor data-collection rule association create \
--name "dcr-association" \
--rule-id /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/microsoft.insights/datacollectionrules/<dcr-name>
--resource /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Compute/virtualMachines/<vm-name>
Arc-enabled server
az monitor data-collection rule association create \
--name "dcr-association" \
--rule-id /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/microsoft.insights/datacollectionrules/<dcr-name> \
--resource /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.HybridCompute/machines/<arc-server-name>
Enable network isolation
There are two methods for network isolation that VM insights supports as described in the following table.
| Method | Description |
|---|---|
| Private link | See Enable network isolation for Azure Monitor Agent by using Private Link. |
| Network security perimeter | See Configure Azure Monitor with Network Security Perimeter. |
Related content
- Monitor virtual machines in Azure - Review the core monitoring capabilities available for virtual machines and scale sets.
- Tutorial: Enable enhanced monitoring for an Azure virtual machine - Enable monitoring for a single VM by using the Azure portal.
- Tutorial: Enable monitoring for an Azure virtual machine scale set - Enable monitoring for a scale set by using the Azure portal.
- Collect guest log data from virtual machines with Azure Monitor - Add guest logs such as Windows events, Syslog, IIS logs, and custom logs.
- Troubleshoot VM monitoring in Azure Monitor - Investigate agent installation and common onboarding problems.