2.18 Introduction to Azure Monitor

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back. In this episode,
00:00
we're going to dive into the last of our topics for
00:00
Module 2 with an introduction to Azure Monitor.
00:00
Our objectives include understanding
00:00
what Azure Monitor is,
00:00
taking a look at metrics and logs,
00:00
and finally, alerts and action groups.
00:00
First, what is Azure Monitor?
00:00
Azure Monitor maximizes
00:00
your Cloud resources by collecting, analyzing,
00:00
and acting on performance and availability
00:00
data from Cloud and on-premises environments.
00:00
Azure Monitor provides insights on how
00:00
applications and infrastructure are
00:00
performing in these environments,
00:00
so you can proactively identify issues
00:00
affecting them and other dependent resources.
00:00
Azure Monitor works across your Azure and
00:00
on-premises resources by collecting
00:00
data from a variety of places.
00:00
This can be anything from application
00:00
monitoring data for code you've written,
00:00
or it could be from the operating systems
00:00
where your applications are running.
00:00
Whether the operating system is located in Azure,
00:00
another Cloud, or on-premises data center.
00:00
You can also look at more abstract data coming from
00:00
your Azure Subscriptions and Azure Active Directory.
00:00
As soon as you start creating resources in
00:00
Azure like virtual machines or web apps,
00:00
Azure Monitor begins collecting this data.
00:00
Azure Monitor is broken into three different areas
00:00
to provide full visibility into your solutions.
00:00
First, there's monitoring and visualizing metrics.
00:00
This is data to help you understand both the health,
00:00
operation, and performance of your systems.
00:00
Next is querying and analyzing logs.
00:00
These logs include diagnostic data and
00:00
telemetry from other monitoring solutions.
00:00
Azure Monitor provides
00:00
the capabilities of searching through
00:00
all these data points and analyzing it
00:00
to find patterns and diagnose issues.
00:00
Finally, there is setting up alerts and actions.
00:00
If a resource or event happens,
00:00
you can set up alerts to notify you of
00:00
these conditions and even
00:00
take automated remediation actions.
00:00
This provides quicker resolutions to issues,
00:00
as well as removes the need for admins to
00:00
manually resolve errors, thereby reducing downtime.
00:00
Now I've made mention of metrics and
00:00
logs while discussing Azure Monitor,
00:00
so let's clarify what these terms mean.
00:00
First is metrics.
00:00
These are numerical values that define
00:00
a resource or system at a point in time.
00:00
They are real-time data points
00:00
coming from your resources.
00:00
Some common metrics include
00:00
network throughput and virtual machines,
00:00
CPU and RAM usage.
00:00
For example, if CPU percentage
00:00
is running at 90 percent or higher,
00:00
this would probably be a good indication that the system
00:00
is being taxed or process has gone awry.
00:00
Azure Monitor will have a historical view
00:00
of this metric where another would be generated.
00:00
Next are logs. Logs are
00:00
events that are occurring on a system.
00:00
For Windows admins, these would
00:00
be things occurring in the event via
00:00
on a Windows Server or in the sys log for a Linux admins.
00:00
Azure Monitor also collects actions
00:00
taken on a resource or in sign a tenant.
00:00
For instance, when a virtual machine is turned on or off,
00:00
logs can be queried using
00:00
the Kusto Query Language to
00:00
retrieve data from Azure Monitor.
00:00
We'll see some more on
00:00
the syntax of this language later on.
00:00
Here I have a screenshot of
00:00
the metrics available on a virtual machine.
00:00
These are pretty typical things
00:00
you've probably already looked at inside of
00:00
something like task manager or
00:00
resource monitor on a Windows Server.
00:00
For instance, we have the average CPU
00:00
percentage and network total throughput.
00:00
Next, we have the ability to query our log data.
00:00
This screenshot is an example of
00:00
a query against our performance monitor data.
00:00
This upper part is where we input
00:00
our KQL query and
00:00
the bottom is our results from the query.
00:00
This is generated from data
00:00
gathered from the virtual machine.
00:00
For example, showing the available megabytes
00:00
available on VM 01.
00:00
Now, having all this data is a great thing,
00:00
but what can we do with it?
00:00
Let's talk about our third pillar,
00:00
called alerts and actions.
00:00
Alerts proactively notify you when
00:00
conditions are met based on the monitoring data.
00:00
They allow you to identify and remediate issues,
00:00
hopefully before your users notice.
00:00
Previously alerts and actions were a function of
00:00
a separate product called
00:00
Log Analytics and Application Insights,
00:00
but they can now be found built into Azure Monitor.
00:00
We have several options for what we
00:00
can configure alerts against,
00:00
including metrics, log search queries, and activity logs.
00:00
Activity logs contain actions
00:00
that are taken on resources in
00:00
your Azure subscription or
00:00
when a service health event occurs,
00:00
like maintenance or incidents.
00:00
Here we have an example of how an alert is built.
00:00
First at the top of the diagram,
00:00
we have to define the resource we want to alert
00:00
on and the signal coming from the resource to check.
00:00
Next we define the criteria,
00:00
which is a combination of
00:00
the signal plus some logic to alert on.
00:00
For example, our signal might be CPU percentage
00:00
and the criteria would be if it
00:00
is greater than 80 percent.
00:00
Next, we have an action group assign.
00:00
This action group defines what we're going to
00:00
do when the CPU hits 80 percent or higher.
00:00
This could be something like sending
00:00
an email or a text message.
00:00
Finally, we have the monitor condition,
00:00
which is the alert state.
00:00
This is where the alert is and the resolution process.
00:00
It could be new as it was just detected, acknowledged,
00:00
meaning the alert has been reviewed and is
00:00
actively being worked on or closed,
00:00
meaning the issue is now resolved.
00:00
In our alert anatomy,
00:00
I mentioned action groups.
00:00
These are a collection of preferences
00:00
for your notifications.
00:00
These include who to notify or what
00:00
action to take when alert has been triggered.
00:00
We have several options for alerts,
00:00
such as a voice call,
00:00
sending an SMS or email,
00:00
or even taken an automated action like
00:00
triggering a runbook or ITSM action.
00:00
ITSM connectors can be created to connect to
00:00
something like ServiceNow or
00:00
System Center Service Manager.
00:00
That does it for the slides for right now,
00:00
let's follow this up with a post assessment question.
00:00
What language is used to query log data?
00:00
The answer is the Kusto Query Language or KQL.
00:00
Or maybe it's pronounced KQul,
00:00
SQL, I'm not too sure.
00:00
Coming up next, we're going to
00:00
take everything we just learned about
00:00
Azure Monitor and jump into our portal
00:00
to check it out in our Azure Monitor demo.
00:00
See you in the next episode.
Up Next