Thursday, September 30, 2021

How to find your Azure Log Analytics agent deployments in preparation for the Azure Monitor agent

If you have been using the Azure Log Analytics agent to monitor your Microsoft Azure virtual machines, you may have received an email stating that this functionality is being replaced by the Azure Monitor agent:


Start using the Azure Monitor agent instead of the Log Analytics agent before 31 August 2024
You're receiving this email because you use the Log Analytics agent to monitor your virtual machines (VMs) or servers.

 

On 31 August 2024, we'll retire the Log Analytics agent that you use in Azure Monitor. Before that date, you'll need to start using the Azure Monitor agent to monitor your VMs and servers in Azure. The Azure Monitor agent provides new features and capabilities, including:
Centralized configuration for multiple VMs.
Data limits and filters at the source.
Multiple destinations for data from a single agent.

 

You have until 31 August 2024 to switch to the Azure Monitor agent but in this article, we’ll look at how to identify which VMs are using the Log Analytics agent and the migration considerations.


PowerShell - Finding Log Analytics agent deployed as an Azure VM extension

Virtual machine extensions are a great way of deploying capabilities to VMs in Azure, as they can be uninstalled and updated via the Azure Resource Manager, including PowerShell, Azure Policy and so on. The Log Analytics agent appears as the “Microsoft Monitoring Agent” extension.


This PowerShell script will list all the VMs in the current subscription that have the Microsoft Monitoring Agent extension installed:

 

$VMs = Get-AzVM 
$WindowsVMs = $VMs | Where-Object { $PSItem.StorageProfile.ImageReference.Offer -eq "WindowsServer" }

foreach ($VM in $WindowsVMs) {
    $extension = Get-AzVMExtension -ResourceGroupName $Vm.ResourceGroupName -VMName $VM.Name

    if ($extension.Name -contains "MicrosoftMonitoringAgent") {
        Write-Host "Microsoft Monitoring Agent is Installed on" $VM.Name

        }
    }

 

 

Azure Policy – Finding Log Analytics agent deployed as an Azure VM extension

There’s also currently a built-in Azure Policy called “Virtual machines should have the Log Analytics extension installed” that you can assign to your subscriptions and see which VMs are compliant (that is, the have the Microsoft Monitoring Agent).

 

However, this kind of policy can be deprecated (removed) as we move away from using this agent, so here’s a copy of the definition in case you need to add it as a custom policy:

 

{
    "properties": {
      "displayName": "Virtual machines should have the Log Analytics extension installed",
      "policyType": "BuiltIn",
      "mode": "Indexed",
      "description": "This policy audits any Windows/Linux virtual machines if the Log Analytics extension is not installed.",
      "metadata": {
        "version": "1.0.1",
        "category": "Monitoring"
      },
      "parameters": {
        "effect": {
          "type": "String",
          "metadata": {
            "displayName": "Effect",
            "description": "Enable or disable the execution of the policy"
          },
          "allowedValues": [
            "AuditIfNotExists",
            "Disabled"
          ],
          "defaultValue": "AuditIfNotExists"
        }
      },
      "policyRule": {
        "if": {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        "then": {
          "effect": "[parameters('effect')]",
          "details": {
            "type": "Microsoft.Compute/virtualMachines/extensions",
            "existenceCondition": {
              "allOf": [
                {
                  "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                  "equals": "Microsoft.EnterpriseCloud.Monitoring"
                },
                {
                  "field": "Microsoft.Compute/virtualMachines/extensions/type",
                  "in": [
                    "MicrosoftMonitoringAgent",
                    "OmsAgentForLinux"
                  ]
                },
                {
                  "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
                  "equals": "Succeeded"
                },
                {
                  "field": "Microsoft.Compute/virtualMachines/extensions/settings.workspaceId",
                  "exists": "true"
                }
              ]
            }
          }
        }
      }
    },
    "id": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be",
    "type": "Microsoft.Authorization/policyDefinitions",
    "name": "a70ca396-0a34-413a-88e1-b956c1e683be"
  }

 

 

Finding Log Analytics agent deployments with Log Analytics Workspaces

Each log analytics workspace also shows which virtual machines are connected to it, in the Azure Portal under the workspace’s Data sources\Virtual machines blade, including virtual machines that are connected to other workspaces:

 

An Azure Log Analytics Workspace showing connected Virtual MachinesAn Azure Log Analytics Workspace showing connected Virtual Machines

 

This will also include VMs that have had the Microsoft Monitoring Agent installed inside their guest OS, without using the VM extension.

 

Migration considerations

The Azure Monitor agent is generally available and fully supported, however it doesn’t yet have full feature parity with the Log Analytics agent. At the time of writing:
Not all Log Analytics solutions are supported today. Learn what's supported .
No support for Azure Private Links.
No support for collecting file based logs or IIS logs.

 

Defining the data collection rules is also handled differently in the Azure Monitor agent, allowing for more unique, scoped configurations for subsets of machines. Learn more at Changes in data collection.

 

Finally, see more migration considerations at Should I switch to the Azure Monitor agent?

 

Deploying the new Azure Monitor agent

In the Azure portal you can create a new Data Collection Rule in Azure Monitor and specify the virtual machines you wish to include. This will enable the system-assigned managed identity, install the Azure Monitor agent extension and create and deploy the data collection rule associations.

 

Find the detailed steps at Configure data collection for the Azure Monitor agent.

 

Learn more

Azure Monitor Agent Frequently Asked Questions

Design a holistic monitoring strategy on Azure

 

 

 

 

Posted at https://sl.advdat.com/3F4IdAE