How to reach the logs of Log Analytics agent extension for VMSS?
I've followed the manual remediation for the following recommendation from Microsoft Defender For Cloud regarding Virtual Machine Scale Set:
Log Analytics agent should be installed on virtual machine scale sets
Defender for Cloud collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats. Data is collected using the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. You'll also need to follow that procedure if your VMs are used by an Azure managed service such as Azure Kubernetes Service or Azure Service Fabric. You cannot configure auto-provisioning of the agent for Azure virtual machine scale sets. To deploy the agent on virtual machine scale sets (including those used by Azure managed services such as Azure Kubernetes Service and Azure Service Fabric), follow the procedure in the remediation steps.
which was to install the Log Analytics agent extension (in my case for Linux). The extension was installed properly and I can see it in the portal in the VMSS resource.
My understanding is that this should result in the agent collecting some logs. Is there a place where I can find them? The page linked above refers to Performance Counters of Service Fabric, which I don't believe applies to my case.
Are the logs visible in the Log Analytics workspace? If so, what should be the query? Do I have to install Insights as well to see any actual logs/metrics?
Are the logs visible in Log Analytics workspace? If so, what should be the query? Do I have to install Insights as well to see any actual logs/metrics?
The logs are visible in Log Analytics workspace.
Sample Heartbeat Query
Heartbeat
| where OSType == 'Linux'
| where Category != 'Azure Monitor Agent'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| render table
We downloaded the agent and installed it on Linux VMSS.
Logs in Log Analytics Workspace
- Unattended authentication using Azure Active Directory- UserCredential not accepting username and password
- The type or namespace name 'Storage' does not exist in the namespace 'Microsoft.WindowsAzure'
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Why does my Azure App service have a very slow reponse from an endpoint?
- Creating multiple function apps with one Flex Consumption plan
- ASP.NET Core Authorization with Microsoft Entra ID
- How to get client IP address in Azure Functions C#?
- unable to StartCopyFromUriAsync a blob between 2 storage accounts
- MSgraph cannot find string in attachment value using Azure Automation
- Visual Studio 2022 caches old tenant id, can't get rid of it
- Msgraph-sdk-python get sharepoint site id from name
- using multiple storage accounts locally using azurite at the same time
- Adding Graph API application permission via Terraform shows corrupted IDs instead of scope names
- Azure DevOps Wiki page usage analytics
- How to fix worker runtime metadata for Azure .net8 isolated worker model functions?
- Download attachment content using Microsoft Graph API using Java
- Is it possible to assign a Power BI Pro License to an Azure Service Principal? Deploy .bim in PBI Service without Premium Workspace
- How to grant permissions to my application to use Microsoft Fabric services?
- Copy ARM template from REPO to BLOB task fails "unable to download content"
- Azure Devops Pipeline trigger from a different repo does not work
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Azure VM metadata missing / emtpy publicIpAddress
- Python: List containers in the Azure Data Lake Storage
- azure blob storage account - log file is not generated as per setup
- SAS token mismatch on Azure DPS with Azure IoT Edge
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How can I set the MQTT keepalive in the Azure IoTHub C SDK?
- AzureWebJobsStorage Managed Identity not working
- Resource move is not supported for resource types 'microsoft.visualstudio/account'
- Invalid configuration value detected for fs.azure.account.key with com.crealytics:spark-excel