Azure Logging and Monitoring Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

8 hours 33 minutes
Video Transcription
Hello, Siberians. Welcome to this demonstration on Azure Lugging and monitoring. This demonstration is part of the seventh month do off the 500 Microsoft Azure Security Technologies casts some quick information on the activities that will be completing in this demo will start by reviewing as your service, health
and configuring service. Self allots
would then review metrics on activity logs is in the azure Potter will configure in metrics alerts in *** monitor and finally will enable the so slow collection for to azure resources. Let's get right into this. So in the first task will be configuring
and I just have yourself a lot on. There is a visual representation of what RB Dean are reviewing at your service elf out, then configure a service awful lot to notify on administrative group off service issues,
security and health advisories. So here I am in the azure Pato. If I click on the such option here, unified such for service elf
I click on save itself and you can see where we can review all the different options that we talked about. The 1st 1 I want to show you is that service elf. It's given me a personalized information
based on the context off what I'm using. So, for example, it's automatic a lists and like that Onley divvy Jin's that I currently have azure resources. There's no need,
not a find me off issues going on in Stritzel enough. If I don't have any resources close that day, we can review service issues, planned maintenance, elf advisories and security advisories. Currently there none.
What we want to this want to configure a proactive notification so we don't have to come to the azure portal to review this all the time. If there's an issue, we want to be not a fight of it.
If I go ahead and click on Careful, let's on, I'll click on hearts of herself. Alerts.
Now I'll go ahead and select regions that are intent toe have resources so they'll be UK and I'll select Kick yourself in UK waste. You can also select whichever visions that you're currently using or that you intend to use for the events type. I'll leave. Are the four options selected so you can see I have all the for option selected here
Now an action group allows us toe have every Pieter Boone notification off a mediation group. So why don't click on the option to select action Grip on our guiding click on the option to create an action group Now for the action group, our type in email architect, it's. And for the Shut name, I'll leave it as the same.
So that requires the strove collectors so great and minimize that's and say email hack. Hopefully, that's accepted, so that's good. Now I live every other setting as the same before the actions. You see where we can select the action type. The action type that I want is I want to send an e mail treat distribution group. So if I quiet and select email
on if I go ahead and select the email option and I type in Architect's had super clouds, not X y Z. So that's going to send an email to that distribution group. But we have other options. We can send an SMS message, and I should have push notification or even a voice call how wide and click OK to that.
I'll give you the name
E mail architects. You can see the other options that we have. We can trigger on a Georgia Mission. One book on Nigel Function. We can send a notification tonight, a service management system or even to regenerate Weber. How wide and click OK, and that's going to create a new action group once the action group is created.
How quiet and specify an electoral name. I'll call these
seven elf Let's and I'll leave all the options as the fault are. Make sure I leave the option to enable electoral upon creation, and I'll go ahead and click on Create a lateral and now that's created the electoral for great and refresh my screen on. If I drag this down, you can see my a lateral day.
So now how be notified? If there's and a service issue,
security are out advisory that's available.
So in the next task, I will be reviewing metrics and activity logs in the azure portal. As both of these data types are collected by the fault, there's not in for house to in neighbor so out, just reviewing them.
So here I am, back in the azure Pato. Now, whenever want of you metrics or activity logs there two ways that we can use to view them, we can interview them from as your monitor.
If I go towards your monitor, I have activated locks air and this is going to give me on overall view from a subscription perspective. And I can see all the management activities that has happened within my subscription,
for example, someone to litter the resource group here. If I quiet an expanse that I can griet and click on that option, I can ride and view the Jason request
Were met the request from which I p address. Did they make the request? All this information will be contained on the head now on the left hand side. I have metrics. If I go ahead and click on metrics and I can select this cope that I want to hear the metric. So, for example, I can drill down to view metrics for
a particular results group on that particular resource.
I can select it and I can click on apply and is going to allow me to select the metrics that I want to view for the resource that have selected. So this is one way to view metrics and activity locks. We can also view both of these from the resource perspective. So For example, if I go on the veteran machines
or any other resources in Azure, if I graded and select my virtual machine there,
I can view the activity log from the context of this resource. In other words, I will get a few tad view for this particular resource. If I scroll down on the left hand side on the monitoring, I can also view metrics on. In this case, it will be a pre futre view from the context off this results.
So in the next task are become figuring on a job monitor metrical. Let's
on yes, official representation off what are between? I'll be creating on a lot based on the metric signal on the A, Large was sent a notification to an action group if a metric stress showed is exceeded. So I'm back in the azure Pato and I'm back under my windows virtual machine.
Now I can griet and creates the alleged from azure monitor I can treat from the context of the visit us,
so I'll do this from the context of a resource. So if I scroll down and I go on the metrics now, I can view the metrics for this veteran machine on. If I scroll down to select percentage CPU so I can view the percentage CPU utilization for this virtual machine, there is an option to click and create a new electoral. So if I go ahead and click on that option,
you can see that it's automatically selected the scope for me.
And I can great and specify my condition. It's already to find the condition based on the metrics that I was viewing by. Just need to conflict with the value. So I wired and click on that. And what are between is our be assigning ecstatic threshold. If the CPU utilization is greater than 80%
on, is gonna assess that everyone minutes
off by five minutes. PVS Frequently done, you can see that that's going to cost me about 10 cents per month. Now the good finish. I can reuse the action group that I created Alias are quiet and selects the email Architect Action Group and click on Select on. I'll give this name
Windows VM lots, and I can specify a severe. It's a level for this, how in Nebel It's upon creation on great and creates the electoral,
and they go. I now have a metrics electoral configured. So in the final task off this demonstration, how being Neverland results look collection for to azure resources
are being nibbling resource lock collection for a platform service, which is a content of registry and I'll be doing that is in the diagnostic setting. And I'll also be enabling resource look collection for veteran machine using an agent installation, and in both cases, I will be sending the logs to a storage account.
So here I am, back in the azure Pato,
the first results logged them. Going to enable is for the content of registries are great and click on that. And if I select my registry on if I scroll down to diagnostic settings and you can see that that's no enabled by default, and I have the option to heart diagnostic setting. So if I go ahead and click on that option, I'll give this a name.
Registry results log
on our select the data that I want to collect. I can even collect the match weeks as part off this resource log collection on. I'll be archiving it stretched storage account Now, he said, I can configure the retention, living the retention as zero means it's gonna be retained forever. So I will leave that
now. I can guide and select the storage accounts that I want to start this in. I previously created a storage account called Super Cloud for Saas Locks. If I great and select that
and our guide and click on Safe. And that's now enabled the results LOL collection for this resource. So let's go to the virtual machine. Now.
If I go ahead and select virtual machines and I select my virtual machine,
I scroll down on the left hand side and I'll go to diagnostic settings. Also,
I leave the storage accounts that selected, and I'll go ahead and click on enable guest level monitoring, and this is going to install on as your diagnostic agent on this virtual machines. If I go ahead and click on that option, so that's now been successfully enabled. If I click on that option, you can see that it successfully updated that.
So why can then do is they can quiet and configure the settings for what will be collected so I can griet and scored. So these likes the performance counter. They'll be collected
the lock's they'll be collected. What a crash Tom should be collected on. Once I have it configured, our I want is I can go ahead and click on Save. So he has a somebody off the activities that we completed in this demonstration who started out by configuring. And I just have yourself a lot but then reviewed
the metrics and activity locks in the your Pato after wheat icon for Got a Metric based
a lot in *** Monitor. And finally, I enabled facades lock collection for to azure resources, first free content of registry using diagnostic settings and then for veteran machine using an agent installation. Thanks very much for watching and I'll see you in the next lesson.
Up Next