Azure Log Analytics

Monitor process and services with Log Analytics

realworlditComments Off on Monitor process and services with Log Analytics

Monitor a process

To monitor a process on a VM in Azure, you will need to setup Log Analytics. Once you have the workspace deployed then you need to configure your VM’s to push information to the workspace. You do this by going to your VM, clicking on Logs and choosing the Log Analytics workspace to connect your VM to. Once your machine is connected to the workspace, go to the Log Analytics workspace in the browser and select Agents configuration.

In here you can add performance counters to monitor services. So I wanted to track when my java app was running or not. I added these two counters to the performance counters.

After I had added them, it was time to test my KQL to see if it worked. Click on Logs and add the following to the query. Click on Run 

Perf
| where ObjectName == "Process" and CounterName == "ID Process"
| where InstanceName == "java"
| where TimeGenerated > ago(5m)

This shows that the process is running. If’s it not running there will be no data. Quite a quick and dirty way to see what’s happening. I’ve also added this to a Workbook so if someone asks me to check if a process is running or not I can quickly access the Workbook and see if any data is there or not, in other words, if the process is running or not.

Monitor a Service

To monitor a service add System to the Windows event logs to monitor


Then go to the logs and drop in this query. You can change the service name to one that suits the service you are after.

Event
| where TimeGenerated >ago(1d)
| where EventLog == “System” and EventID ==7036 and Source == “Service Control Manager”
| parse kind=relaxed EventData with * ‘<Data Name=”param1">’ Windows_Service_Name ‘</Data><Data Name=”param2">’ Windows_Service_State ‘</Data>’*
| where Windows_Service_Name ==”WinRM”
| sort by TimeGenerated desc
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated

A good site to look at Kusto query language is this one.https://marckean.com/2019/03/25/log-analytics-advanced-queries/

Related Articles

unrecognizable hacker with smartphone typing on laptop at desk
AWS Terraform

Terraform Output Examples for AWS

realworldit

In Terraform, an output is a way to display the values of resources or data sources that are created by your infrastructure code. There are several types of outputs that you can define in Terraform, and each serves a specific purpose. Here are the possible output types in Terraform and their explanations:
Azure Azure AD PowerShell

Querying API’s using PowerShell Commands

realworldit

It’s always useful to have these commands at your fingertips when you need to get or post some information to an API. I’m going to cover three of Microsoft API’s here. Azure DevOps API Azure Rest API Azure Graph API The Azure DevOps API is used to interact with Azure DevOps; you can create release […]
Azure

finding the right Azure Virtual Machine Extension

realworldit

Azure virtual machine (VM) extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. For example, if a virtual machine requires software installation, anti-virus protection, or to run a script inside of it, a VM extension can be used. The command below can be used to find the extension you are after.