Log Analytics agent virtual machine extension for Windows

Статья
2025-04-13

Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. Microsoft publishes and supports the Log Analytics agent virtual machine (VM) extension for Windows. The extension installs the Log Analytics agent on Azure VMs, and enrolls VMs into an existing Log Analytics workspace. This article describes the supported platforms, configurations, and deployment options for the Log Analytics agent VM extension for Windows.

Это важно

The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. If you use the Log Analytics agent to ingest data to Azure Monitor, migrate to the new Azure Monitor agent prior to that date.

Предпосылки

Review the following prerequisites for using the Log Analytics agent VM extension for Windows.

Операционная система

For details about the supported Windows operating systems, see the Overview of Azure Monitor agents article.

Agent and VM extension version

The following table provides a mapping of the version of the Windows Log Analytics VM extension and Log Analytics agent for each release.

Agent version	VM extension version	Дата выпуска	Release notes
10.20.18076.0	1.0.18076	Март 2024 г.	- Support for TLS 1.3 and small patches
10.20.18069.0	1.0.18069	Сентябрь 2023 г.	- Rebuilt the agent to resign then and to replace and expired certificates, Added deprication message to installer
10.20.18067.0	1.0.18067	Март 2022 г.	- Bug fix for performance counters - Enhancements to Agent Troubleshooter
10.20.18064.0	1.0.18064	Декабрь 2021 г.	- Bug fix for intermittent crashes
10.20.18062.0	1.0.18062	Ноябрь 2021 г.	- Minor bug fixes and stabilization improvements
10.20.18053	1.0.18053.0	Октябрь 2020 года	- New Agent Troubleshooter - Updates how the agent handles certificate changes to Azure services
10.20.18040	1.0.18040.2	Август 2020 г.	- Resolves an issue on Azure Arc
10.20.18038	1.0.18038	Апрель 2020 г.	- Enables connectivity over Azure Private Link by using Azure Monitor Private Link Scopes - Adds ingestion throttling to avoid a sudden, accidental influx in ingestion to a workspace - Adds support for more Azure Government clouds and regions - Resolves a bug where HealthService.exe crashed
10.20.18029	1.0.18029	Март 2020 г.	- Adds SHA-2 code signing support - Improves VM extension installation and management - Resolves a bug with Azure Arc-enabled servers integration - Adds built-in troubleshooting tool for customer support - Adds support for more Azure Government regions
10.20.18018	1.0.18018	2019 октября	- Minor bug fixes and stabilization improvements
10.20.18011	1.0.18011	Июль 2019 г.	- Minor bug fixes and stabilization improvements - Increases `MaxExpressionDepth` to 10,000
10.20.18001	1.0.18001	2019 июня	- Minor bug fixes and stabilization improvements - Adds ability to disable default credentials when making proxy connection (support for `WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH`)
10.19.13515	1.0.13515	Март 2019 г.	- Minor stabilization fixes
10.19.10006	n/a	Декабрь 2018 г.	- Minor stabilization fixes
8.0.11136	n/a	2018 сентября	- Adds support for detecting resource ID change on VM move - Adds support for reporting resource ID when using nonextension install
8.0.11103	n/a	Апрель 2018 г.
8.0.11081	1.0.11081	ноябрь 2017 г.
8.0.11072	1.0.11072	Сентябрь 2017 г.
8.0.11049	1.0.11049	Февраль 2017 г.

Microsoft Defender для облака

Microsoft Defender for Cloud automatically provisions the Log Analytics agent and connects it with the default Log Analytics workspace of the Azure subscription.

Это важно

If you're using Microsoft Defender for Cloud, don't follow the extension deployment methods described in this article. These deployment processes overwrite the configured Log Analytics workspace and break the connection with Microsoft Defender for Cloud.

Azure Arc

You can use Azure Arc-enabled servers to deploy, remove, and update the Log Analytics agent VM extension to non-Azure Windows and Linux machines. This approach simplifies the management of your hybrid machine through their lifecycle. Дополнительные сведения см. в документе Управление расширениями виртуальных машин с помощью серверов с поддержкой Azure Arc.

Подключение к Интернету

The Log Analytics agent VM extension for Windows requires that the target VM is connected to the internet.

Схема расширения

The following JSON shows the schema for the Log Analytics agent VM extension for Windows. The extension requires the workspace ID and workspace key from the target Log Analytics workspace. These items can be found in the settings for the workspace in the Azure portal.

Так как ключ рабочей области должен рассматриваться в качестве конфиденциальных данных, его следует хранить в защищенной конфигурации параметров. Azure VM extension protected-setting data is encrypted, and it's only decrypted on the target VM.

Примечание.

The values for workspaceId and workspaceKey are case-sensitive.

{
    "type": "extensions",
    "name": "OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

Property values

Схема JSON содержит следующие свойства.

Имя	Значение или пример
`apiVersion`	15.06.2015
`publisher`	Microsoft.EnterpriseCloud.Monitoring
`type`	MicrosoftMonitoringAgent
`typeHandlerVersion`	1.0
`workspaceId (e.g)`*	6f680a37-00c6-41c7-a93f-1437e3462574
`workspaceKey (e.g)`	z4bU3p1/GrnWpQkky4gdabWXAhbWSTz70hm4m2Xt92XI+rSRgE8qVvRhsGo9TXffbrTahyrwv35W0pOqQAU7uQ==

* The workspaceId schema property is specified as the consumerId property in the Log Analytics API.

Развертывание шаблона

Azure VM extensions can be deployed with Azure Resource Manager (ARM) templates. The JSON schema detailed in the previous section can be used in an ARM template to run the Log Analytics agent VM extension during an ARM template deployment. A sample template that includes the Log Analytics agent VM extension can be found on the Azure Quickstart Gallery.

Примечание.

The ARM template doesn't support specifying more than one workspace ID and workspace key when you want to configure the Log Analytics agent to report to multiple workspaces. To configure the Log Analytics agent VM extension to report to multiple workspaces, see Add or remove a workspace.

The JSON for a VM extension can be nested inside the VM resource, or placed at the root or top level of a JSON ARM template. Размещение JSON влияет на значения имени и типа ресурса. For more information, see Set name and type for child resources.

The following example assumes the Log Analytics agent VM extension is nested inside the VM resource. When you nest the extension resource, the JSON is placed in the "resources": [] object of the VM.

{
    "type": "extensions",
    "name": "OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

When you place the extension JSON at the root of the ARM template, the resource name includes a reference to the parent VM, and the type reflects the nested configuration.

{
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "name": "<parentVmResource>/OMSExtension",
    "apiVersion": "[variables('apiVersion')]",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "properties": {
        "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "workspaceId": "myWorkSpaceId"
        },
        "protectedSettings": {
            "workspaceKey": "myWorkspaceKey"
        }
    }
}

Развертывание с помощью PowerShell

The Set-AzVMExtension command can be used to deploy the Log Analytics agent VM extension to an existing VM. Before you run the command, store the public and private configurations in a PowerShell hashtable.

$PublicSettings = @{"workspaceId" = "myWorkspaceId"}
$ProtectedSettings = @{"workspaceKey" = "myWorkspaceKey"}

Set-AzVMExtension -ExtensionName "MicrosoftMonitoringAgent" `
    -ResourceGroupName "myResourceGroup" `
    -VMName "myVM" `
    -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
    -ExtensionType "MicrosoftMonitoringAgent" `
    -TypeHandlerVersion 1.0 `
    -Settings $PublicSettings `
    -ProtectedSettings $ProtectedSettings `
    -Location WestUS

Устранение неполадок

Ниже приведены некоторые рекомендации по устранению неполадок с развертыванием.

Просмотр состояния расширения

Проверьте состояние развертывания расширения в портал Azure или с помощью PowerShell или Azure CLI.

Чтобы просмотреть состояние развертывания расширений для данной виртуальной машины, выполните следующие команды.

Azure PowerShell:

Get-AzVMExtension -ResourceGroupName <myResourceGroup> -VMName <myVM> -Name <myExtensionName>

Azure CLI:

az vm get-instance-view --resource-group <myResourceGroup> --name <myVM> --query "instanceView.extensions"

Просмотр журналов выходных данных

View output logs for the Log Analytics agent VM extension for Windows under C:\WindowsAzure\Logs\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\.

Получите поддержку

Ниже приведены некоторые другие варианты, которые помогут устранить проблемы с развертыванием.

Чтобы получить помощь, обратитесь к экспертам Azure на форумах Q&A и Stack Overflow.
Вы также можете связаться с служба поддержки Майкрософт. Дополнительные сведения об использовании службы поддержки Azure см. в статье Часто задаваемые вопросы о поддержке Azure.