Azure Monitoring is an extremely powerful part of Azure. I 💘 how integrated it is with the platform. Especially with things like AppInsights. Are you using Azure Monitor as part of your day-to-day monitoring of your cloud resources?
Fantastic overview Dana, your presentation style is spot on. I'm not an "Ops guy" but in these times of digital transformation you really do need to have at least a basic idea of all aspects of the systems we're creating.
I appriciate this as a Microsoft Certified trainer and Azure architect...good job and you are third person which youtube channel I have subscribed in my life.... keep rocking
Most people don't turn it on and might be a real shame but it costs money and this is what scares them. It is constantly running in the background accumulating logs and spread that across your estate for a long time all adds up. It can also be confusing for the novice. Combine logs in the same workspace or deleting etc can make people nervous. Add a zero which is the default means stuff is never deleted unless you delete it yourself manually. I think all these things combined means it is not utilized. I can see the reasons. There is no tidy up tool in Azure either to help identify what can safely be removed. I mean why should there be? It simply does not work in the favour of Microsoft. They're in the biz to make money so if you don't know your stuff, it will cost you and sometimes heavily. When you get something like VMware you pay for everything up front so it does not matter so much. Anyway, that's my two cents. Nice summary though on the tech but its not always as simple as people make out.
Some simple examples would have been useful. e.g. create an alert if a VM has stopped because a user showdown rather than sign out, or the disk capacity has exceeded 70%. I started down this route, but became confused by the requirement to setup a separate account and other pre-requirements... not explained in other videos🙈
Azure Monitor installs an agent that can be used for central collection and reporting. The OMS agent has built in SNMP monitoring. Eventually it all ends up in Log Analytics for you to use. In fact, now Azure Sentinel will suck in the critical security traps and report on that for you (if configured).
Are you separating environments by subscription? I normally have dev/staging and prod pipelines each deploying to different subscriptions for testing and production.
You mention some things that if I'm understanding correctly, I didn't know about. From what you're saying, could I potentially ingest logs from VM's and create graphs similar to logstash and graphana? I have the need to measure things like NPS RADIUS auth's and deny spikes and think this might be an awesome and fun fit. Sound like a fitting use?
Michael Zimmerer Yep. That’s the idea. A good starting point would be to ingest the event log data in your VM and get it into Azure Monitor. This might be a way forward: docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Once you get the VM events in Azure Monitor and it’s sitting in Log Analytics you can then build the dashboards you give graphs a data cards: docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-logs-dashboards
@@MichaelZimmerer Have you configured NPS to write out audit success and audit failure messages to the security log? If so, you can get the data into Log Analytics. Start by configuring advanced auditing on the Windows server running NPS: ie: auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable Depending on the server edition, you may need to set the advanced GPO. A quick Google search found this blog post on how to setup the NPS GPO to deal with this when the above doesn't work: www.mikenowak.org/nps-authentication-events-not-showing-event-log/ Once you have that setup right to push NPS events to the security log, then event id 6272 represents success, and 6273 is failure. There are a few other event ids to account for if you use health policies. See: docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-network-policy-server Once you have that, the monitoring agent will then bring those events right into the SecurityEvents table in Log Analytics. I did an episode of #KnowOps showing you how to use Kusto Query Language (KQL) to query these exact type of events. You can see that episode at ruclips.net/video/DuWBLsgqhaI/видео.html The query you want to find NPS logon failures would be something like: SecurityEvents | where TimeGenerated > ago(24h) | where EventId == 6273 | project TimeGenerated, Account, Computer, EventId, Activity Watch the episode for more info if KQL is still new to you. You could use aggregate and metric functions to then "render" charts however you need for your dashboard. HTH. Good luck.
![BAK Jay - Find Out (For Your Love) [Official Music Video]](http://i.ytimg.com/vi/10FJO_XBCvY/mqdefault.jpg)
Azure Monitoring is an extremely powerful part of Azure. I 💘 how integrated it is with the platform. Especially with things like AppInsights. Are you using Azure Monitor as part of your day-to-day monitoring of your cloud resources?
How you did the set up ? using CLI or or in portal ? You have any design document
Fantastic overview Dana, your presentation style is spot on. I'm not an "Ops guy" but in these times of digital transformation you really do need to have at least a basic idea of all aspects of the systems we're creating.
Glad it was helpful!
I appriciate this as a Microsoft Certified trainer and Azure architect...good job and you are third person which youtube channel I have subscribed in my life.... keep rocking
I clicked Like within the first minute; the energy was just right. Great presentation. Now, let's go back and watch the rest of the video :)
Can you create a video which will explain in detail how we can create alerts with the help of azure monitor
Awesome video! I wonder how this differs from Azure Security Center and Azure Sentinel though.
Good stuff
I owe you two thanks so far...
Most people don't turn it on and might be a real shame but it costs money and this is what scares them. It is constantly running in the background accumulating logs and spread that across your estate for a long time all adds up. It can also be confusing for the novice. Combine logs in the same workspace or deleting etc can make people nervous. Add a zero which is the default means stuff is never deleted unless you delete it yourself manually. I think all these things combined means it is not utilized. I can see the reasons. There is no tidy up tool in Azure either to help identify what can safely be removed. I mean why should there be? It simply does not work in the favour of Microsoft. They're in the biz to make money so if you don't know your stuff, it will cost you and sometimes heavily. When you get something like VMware you pay for everything up front so it does not matter so much. Anyway, that's my two cents. Nice summary though on the tech but its not always as simple as people make out.
worth the 2 cents. spot on. Datadog can be used, the cost is less there.
This is a must if you're on AZ140 track.
Brilliant! Too bad it's just a short overview. Thanks for a great content.
Awesome stuff! subscribing!
Can you please take a usecase and walk thru implementation
Very encouraging, thank you, +1
what are the advantages of azure monitor?
Just subscribed !!
You can configure the azure active directory activity logs to appear in azure monitor?
How to set this monitoring system up any hints or guide
what is difference between log analytics and azure monitor log , is both are same ?
Some simple examples would have been useful. e.g. create an alert if a VM has stopped because a user showdown rather than sign out, or the disk capacity has exceeded 70%. I started down this route, but became confused by the requirement to setup a separate account and other pre-requirements... not explained in other videos🙈
There are great examples in the docs. Check out this as a starting point: docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-alerts
Hi! Is it possible to monitor routers/switches with snmp? How does azure monitor onprem infrastructure? Also network WAN-link's etc.
Azure Monitor installs an agent that can be used for central collection and reporting. The OMS agent has built in SNMP monitoring. Eventually it all ends up in Log Analytics for you to use. In fact, now Azure Sentinel will suck in the critical security traps and report on that for you (if configured).
@@KnowOps but there are no agent for a cisco router? I mean to use other protocol than snmp. Snmp is not reliable.
How to deploy Azure dashboard using Pipelines (Azure DevOps) in Dev, Stage , Prod ?
Are you separating environments by subscription? I normally have dev/staging and prod pipelines each deploying to different subscriptions for testing and production.
You mention some things that if I'm understanding correctly, I didn't know about. From what you're saying, could I potentially ingest logs from VM's and create graphs similar to logstash and graphana? I have the need to measure things like NPS RADIUS auth's and deny spikes and think this might be an awesome and fun fit. Sound like a fitting use?
Michael Zimmerer Yep. That’s the idea. A good starting point would be to ingest the event log data in your VM and get it into Azure Monitor. This might be a way forward: docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Once you get the VM events in Azure Monitor and it’s sitting in Log Analytics you can then build the dashboards you give graphs a data cards: docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-logs-dashboards
@@DanaEpp Thank you for putting this on my radar! Keep up the quality content!
incase anyone else runs into this comment, log analytics currently doesn't support audit success and failure messages.
@@MichaelZimmerer Have you configured NPS to write out audit success and audit failure messages to the security log? If so, you can get the data into Log Analytics. Start by configuring advanced auditing on the Windows server running NPS:
ie: auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Depending on the server edition, you may need to set the advanced GPO. A quick Google search found this blog post on how to setup the NPS GPO to deal with this when the above doesn't work: www.mikenowak.org/nps-authentication-events-not-showing-event-log/
Once you have that setup right to push NPS events to the security log, then event id 6272 represents success, and 6273 is failure. There are a few other event ids to account for if you use health policies. See: docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-network-policy-server
Once you have that, the monitoring agent will then bring those events right into the SecurityEvents table in Log Analytics. I did an episode of #KnowOps showing you how to use Kusto Query Language (KQL) to query these exact type of events. You can see that episode at ruclips.net/video/DuWBLsgqhaI/видео.html
The query you want to find NPS logon failures would be something like:
SecurityEvents | where TimeGenerated > ago(24h) | where EventId == 6273 | project TimeGenerated, Account, Computer, EventId, Activity
Watch the episode for more info if KQL is still new to you. You could use aggregate and metric functions to then "render" charts however you need for your dashboard.
HTH. Good luck.