| title | description | services | documentationcenter | author | manager | editor | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Forward Azure Automation DSC reporting data to OMS Log Analytics | Microsoft Docs |
This article demonstrates how to send Desired State Configuration (DSC) reporting data to Microsoft Operations Management Suite Log Analytics to deliver additional insight and management. |
automation |
eslesar |
carmonm |
tysonn |
automation |
na |
article |
na |
infrastructure-services |
05/24/2017 |
eslesar |
Automation can send DSC node status data to your Microsoft Operations Management Suite (OMS) Log Analytics workspace.
Compliance status is visible in the Azure portal, or with PowerShell, for nodes and for individual DSC resources in node configurations.
With Log Analytics you can:
- Get compliance information for managed nodes and individual resources
- Trigger an email or alert based on compliance status
- Write advanced queries across your managed nodes
- Correlate compliance status across Automation accounts
- Visualize your node compliance history over time
To start sending your Automation DSC reports to Log Analytics, you need:
- The November 2016 or later release of Azure PowerShell (v2.3.0).
- An Azure Automation account. For more information, see Getting Started with Azure Automation
- A Log Analytics workspace with an Automation & Control service offering. For more information, see Get started with Log Analytics.
- At least one Azure Automation DSC node. For more information, see Onboarding machines for management by Azure Automation DSC
To begin importing data from Azure Automation DSC into Log Analytics, complete the following steps:
- Log in to your Azure account in PowerShell. See Log in with Azure PowerShell
- Get the ResourceId of your automation account by running the following PowerShell command: (if you have more than one automation account, choose the ResourceID for the account you want to configure).
# Find the ResourceId for the Automation Account
Find-AzureRmResource -ResourceType "Microsoft.Automation/automationAccounts"- Get the ResourceId of your Log Analytics workspace by running the following PowerShell command: (if you have more than one workspace, choose the ResourceID for the workspace you want to configure).
# Find the ResourceId for the Log Analytics workspace
Find-AzureRmResource -ResourceType "Microsoft.OperationalInsights/workspaces"- Run the following PowerShell command, replacing
<AutomationResourceId>and<WorkspaceResourceId>with the ResourceId values from each of the previous steps:
Set-AzureRmDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $true -Categories "DscNodeStatus"If you want to stop importing data from Azure Automation DSC into Log Analytics, run the following PowerShell command.
Set-AzureRmDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Categories "DscNodeStatus"After you set up integration with Log Analytics for your Automation DSC data, a Log search button will appear on the DSC Nodes blade of your automation account. Click the Log Search button to view the logs for DSC node data.
The Log Search blade opens, and you see a DscNodeStatusData operation for each DSC node, and a DscResourceStatusData operation for each DSC resource called in the Node configuration applied to that node.
The DscResourceStatusData operation contains error information for any DSC resources that failed.
Click each operation in the list to see the data for that operation.
You can also view the logs by [searching in Log Analytics.
See Find data using log searches.
Type the following query to find your DSC logs:
Type=AzureDiagnostics ResourceProvider="MICROSOFT.AUTOMATION" Category = "DscNodeStatus"
You can also narrow the query by the operation name. For example: `Type=AzureDiagnostics ResourceProvider="MICROSOFT.AUTOMATION" Category = "DscNodeStatus" OperationName = "DscNodeStatusData"
One of our top customer requests is for the ability to send an email or a text when something goes wrong with a DSC configuration.
To create an alert rule, you start by creating a log search for the DSC report records that should invoke the alert. Click the Alert button to create and configure the alert rule.
- From the Log Analytics Overview page, click Log Search.
- Create a log search query for your alert by typing the following search into the query field:
Type=AzureDiagnostics Category=DscNodeStatus NodeName_s=DSCTEST1 OperationName=DscNodeStatusData ResultType=Failed
If you have set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account.
Automation account name can be derived from the Resource field in the search of DscNodeStatusData.
- To open the Add Alert Rule screen, click Alert at the top of the page. For more information on the options to configure the alert, see Alerts in Log Analytics.
One advantage of using Log Analytics is that you can search for failed checks across nodes. To find all instances of DSC resources that failed.
- From the Log Analytics Overview page, click Log Search.
- Create a log search query for your alert by typing the following search into the query field:
Type=AzureDiagnostics Category=DscNodeStatus OperationName=DscResourceStatusData ResultType=Failed
Finally, you may want to visualize your DSC node status history over time.
You can use this query to search for the status of your DSC node status over time.
Type=AzureDiagnostics ResourceProvider="MICROSOFT.AUTOMATION" Category=DscNodeStatus NOT(ResultType="started") | measure Count() by ResultType interval 1hour
This will display a chart of the node status over time.
Diagnostics from Azure Automation creates two categories of records in Log Analytics.
| Property | Description |
|---|---|
| TimeGenerated | Date and time when the compliance check ran. |
| OperationName | DscNodeStatusData |
| ResultType | Whether the node is compliant. |
| NodeName_s | The name of the managed node. |
| NodeComplianceStatus_s | Whether the node is compliant. |
| DscReportStatus | Whether the compliance check ran successfully. |
| ConfigurationMode | How the configuration is applied to the node. Possible values are "ApplyOnly","ApplyandMonitior", and "ApplyandAutoCorrect".
|
| HostName_s | The name of the managed node. |
| IPAddress | The IPv4 address of the managed node. |
| Category | DscNodeStatus |
| Resource | The name of the Azure Automation account. |
| Tenant_g | GUID that identifies the tenant for the Caller. |
| NodeId_g | GUID that identifies the managed node. |
| DscReportId_g | GUID that identifies the report. |
| LastSeenTime_t | Date and time when the report was last viewed. |
| ReportStartTime_t | Date and time when the report was started. |
| ReportEndTime_t | Date and time when the report completed. |
| NumberOfResources_d | The number of DSC resources called in the configuration applied to the node. |
| SourceSystem | How Log Analytics collected the data. Always Azure for Azure diagnostics. |
| ResourceId | Specifies the Azure Automation account. |
| ResultDescription | The description for this operation. |
| SubscriptionId | The Azure subscription Id (GUID) for the Automation account. |
| ResourceGroup | Name of the resource group for the Automation account. |
| ResourceProvider | MICROSOFT.AUTOMATION |
| ResourceType | AUTOMATIONACCOUNTS |
| CorrelationId | GUID that is the Correlation Id of the compliance report. |
| Property | Description |
|---|---|
| TimeGenerated | Date and time when the compliance check ran. |
| OperationName | DscResourceStatusData |
| ResultType | Whether the resource is compliant. |
| NodeName_s | The name of the managed node. |
| Category | DscNodeStatus |
| Resource | The name of the Azure Automation account. |
| Tenant_g | GUID that identifies the tenant for the Caller. |
| NodeId_g | GUID that identifies the managed node. |
| DscReportId_g | GUID that identifies the report. |
| DscResourceId_s | The name of the DSC resource instance. |
| DscResourceName_s | The name of the DSC resource. |
| DscResourceStatus_s | Whether the DSC resource is in compliance. |
| DscModuleName_s | The name of the PowerShell module that contains the DSC resource. |
| DscModuleVersion_s | The version of the PowerShell module that contains the DSC resource. |
| DscConfigurationName_s | The name of the configuration applied to the node. |
| ErrorCode_s | The error code if the resource failed. |
| ErrorMessage_s | The error message if the resource failed. |
| DscResourceDuration_d | The time, in seconds, that the DSC resource ran. |
| SourceSystem | How Log Analytics collected the data. Always Azure for Azure diagnostics. |
| ResourceId | Specifies the Azure Automation account. |
| ResultDescription | The description for this operation. |
| SubscriptionId | The Azure subscription Id (GUID) for the Automation account. |
| ResourceGroup | Name of the resource group for the Automation account. |
| ResourceProvider | MICROSOFT.AUTOMATION |
| ResourceType | AUTOMATIONACCOUNTS |
| CorrelationId | GUID that is the Correlation Id of the compliance report. |
By sending your Automation DSC data to Log Analytics, you can get better insight into the status of your Automation DSC nodes by:
- Setting up alerts to notify you when there is an issue
- Using custom views and search queries to visualize your runbook results, runbook job status, and other related key indicators or metrics.
Log Analytics provides greater operational visibility to your Automation DSC data and can help address incidents more quickly.
- To learn more about how to construct different search queries and review the Automation DSC logs with Log Analytics, see Log searches in Log Analytics
- To learn more about using Azure Automation DSC, see Getting started with Azure Automation DSC
- To learn more about OMS Log Analytics and data collection sources, see Collecting Azure storage data in Log Analytics overview