2.19 Azure Monitor Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back. In this episode,
00:00
we're going to take a look at
00:00
Azure Monitor a little bit more through our demo.
00:00
Our objectives include, well really
00:00
just taking a look at a demo inside
00:00
the Azure portal of how
00:00
Azure Monitor is configured and works.
00:00
Here we are back in our Azure portal,
00:00
and before we go look at Azure Monitor,
00:00
I want to go look at an individual resource first,
00:00
let's take a look at one of our virtual machines.
00:00
If you look at an individual resource
00:00
like a virtual machine,
00:00
you can see under monitoring,
00:00
we have metrics and logs.
00:00
Each individual resource inside of
00:00
Azure should have its own set of metrics and logs.
00:00
Here our filter is already set to vm01,
00:00
and we can select different metrics,
00:00
such as disk performance,
00:00
network performance, or our standard percentage CPU.
00:00
This chart will show us
00:00
the average percentage CPU for
00:00
this virtual machine over the last several hours.
00:00
Now, this is a virtual machine
00:00
that I have on for demo purposes,
00:00
so it doesn't have a lot of activity with it right now.
00:00
Next, let's go take a look at logs.
00:00
This is where we can search the logs for events or
00:00
other performance data and
00:00
information that is occurring on the virtual machine.
00:00
Here I have a previously saved query that I
00:00
wanted to rerun just
00:00
to show you the results that come in.
00:00
Using this query window and the Kusto Query Language,
00:00
we can generate different information
00:00
that is being logged on the virtual machine.
00:00
In this example, the available
00:00
megabytes of memory over time.
00:00
This window up here is where we type in our query.
00:00
Here you can see we're pulling from the performance
00:00
a perf table and we're
00:00
applying a couple of filters on it,
00:00
where the time was generated greater than one hour ago,
00:00
and we're looking specifically at
00:00
the counter name, named available megabytes.
00:00
Over on the left, you can see other types
00:00
of tables that we can pull from,
00:00
such as event and sys log information.
00:00
Now that we've looked at that,
00:00
let's go back and take a look at Azure Monitor.
00:00
I already have it favorited over here on the left.
00:00
Here on the overview page,
00:00
you can see that the three
00:00
pillars we talked about earlier
00:00
in the slides when discussing Azure Monitor,
00:00
we can take a look at metrics,
00:00
logs, and alerts and actions.
00:00
Let's go take a look at metrics.
00:00
Now, this page should look really familiar.
00:00
This is exactly what we just looked at on
00:00
our individual virtual machine resource but here we can
00:00
select any resource available
00:00
inside of our Azure tenant to look at it's metrics.
00:00
We can narrow this down by subscription,
00:00
resource groups, and resource type.
00:00
Let me select my arm demo
00:00
resource group I had previously,
00:00
and it's going to pull up all the resources in
00:00
this group where we can view metrics data.
00:00
Again, we can go and select percentage CPU.
00:00
The main point here is you don t have to go to
00:00
each individual resource to view it's metrics data,
00:00
you can come right here to Azure Monitor and select
00:00
different resources to view
00:00
its historical performance data.
00:00
That's the same thing we're going to see over in logs.
00:00
Here inside the log analyzer,
00:00
what you can do is select
00:00
one or more resources to perform log analysis against.
00:00
Here, you can select multiple resources and
00:00
select our Microsoft Azure standard subscription,
00:00
and this will allow you to perform log queries against
00:00
multiple resources instead of going to
00:00
each individual resource to perform the log query.
00:00
Next, let's go take a look at
00:00
our alerts and action groups.
00:00
Before we create a new alert rule,
00:00
let's go in and manage
00:00
actions and let's create a new action group.
00:00
First, let's give it a name, select our subscription,
00:00
and choose the resource group to
00:00
associate the action group with,
00:00
and let's go select an action type.
00:00
This should be familiar from our slides.
00:00
We can do something like send an email or an SMS message,
00:00
activate an automation runbook,
00:00
or use a connector to ITSM service, such as ServiceNow.
00:00
For this simple example,
00:00
let's just go ahead and select ''Email.''
00:00
Here you can see we can check the box for
00:00
email and put in
00:00
the email address that we want to notify.
00:00
Unfortunately, it doesn't like my short name,
00:00
has to be less than 12 characters.
00:00
Let's save our action group.
00:00
Now, let's go back to
00:00
our main page and create a new alert rule.
00:00
Here we're going to select the resource that
00:00
we want to target and monitor.
00:00
We'll select our subscription,
00:00
filter out by which type of resource we want to monitor.
00:00
In this case, I'm going to look at our virtual machines,
00:00
and I want to monitor vmO1.
00:00
Next I can add a condition.
00:00
Again, we're going to stick with
00:00
our standard percentage CPU,
00:00
and we're going to select our threshold.
00:00
For this I'm going to say greater than 80 percent.
00:00
Now that we have a resource to find
00:00
and the condition we want to alert on,
00:00
we're going to assign an action group for the alert.
00:00
Here, you can select an existing
00:00
one or create an action group,
00:00
since we just created one previously in our demo,
00:00
that's the one I'm going to go in and select.
00:00
This means you can reuse
00:00
action groups across multiple alerts.
00:00
Finally, we will give the alert rule a name,
00:00
and we will choose our severity for the alert.
00:00
We have option 0-4,
00:00
and we're going to go ahead and
00:00
enable the rule upon creation.
00:00
That does it for taking a look at Azure Monitor,
00:00
let's go back to the slides and wrap this up.
00:00
That does it for our demo,
00:00
wanted to follow up by saying
00:00
we took a look at Azure Monitor,
00:00
how to look at our metric and perform some log queries,
00:00
and finally, configure our action groups and alerts.
00:00
Coming up next, we're going to take
00:00
a deeper dive into Log Analytics.
00:00
See you in the next episode.
Up Next