In this blog post, we are going to have a quick look at how you can access Azure Log Analytics data using Azure Arc for Servers. The Azure Log Analytics agent was developed for management across virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager. The Windows and Linux agents send collected data from different sources to your Log Analytics workspace in Azure Monitor, as well as any unique logs or metrics as defined in a monitoring solution. When you want to access these logs and run queries against these logs, you will need to have access to the Azure Log Analytics workspace. However, in many cases, you don’t want everyone having access to the full workspace. Azure Arc for Servers provides RBAC access to log data collected by the Log Analytics agent, stored in the Log Analytics workspace the machine is registered.
Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.
How to enable Log Analytics for Azure Arc Enabled Servers
To enable log collection, you will need to install the Microsoft Monitoring Agent (MMA) on your Azure Arc enabled server. You can do this manually for Windows and Linux machines, or you can use the new extension for Azure Arc enabled servers. If you already have the MMA agent installed, you can start using logs in Azure Arc immediately.
After you have installed the agent, it can take a couple of minutes until the log data shows up in the Azure Log Analytics workspace. After the logs are collected in the workspace, you can access them with Azure Arc.
Now you can run queries using the Keyword Query Language (KQL) as you would in the Azure Log Analytics workspace, but limited to the logs for that specific server.
Conclusion
With Azure Arc for Servers, we can use role-based access controls to logs from a specific server running on-prem or at another cloud provider, without having access to all the logs in the log analytics workspace.
You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.
If you have any questions or comments, feel free to leave a comment below.
Tags: Analytics, Arc, Azure, Azure Arc, Azure Monitor, Cloud, Hybrid, Hybrid Cloud, Log, Log Analytics, Logs, Management, Microsoft, MMA, Server, Workspace Last modified: July 13, 2020
I’ve got some on-prem VMs already reporting to Azure Security Center by onboarding them with the Log Analytics agent. I was expecting them to show up in Azure Arc but they don’t :(
Is the LA agent different to the MMA agent? I imagine it is, so I’ll need to also install the MMA agent.
Do you know if I should be concerned about the existing LA agent? Should I remove it or leave it installed? I couldn’t find any specific documentation on it.