| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Networking Analytics solution in Log Analytics | Microsoft Docs |
You can use the Azure Networking Analytics solution in Log Analytics to review Azure network security group logs and Azure Application Gateway logs. |
log-analytics |
richrundmsft |
ewinner |
66a3b8a1-6c55-4533-9538-cad60c18f28b |
log-analytics |
na |
na |
na |
article |
02/09/2017 |
richrund |
Log Analytics offers the following solutions for monitoring your networks:
- Network Performance Monitor (NPM) to
- Monitor the health of your network
- Azure Application Gateway analytics to review
- Azure Application Gateway logs
- Azure Application Gateway metrics
- Azure Network Security Group analytics to review
- Azure Network Security Group logs
The Network Performance Monitor management solution is a network monitoring solution, that monitors the health, availability and reachability of networks. It is used to monitor connectivity between:
- Public cloud and on-premises
- Data centers and user locations (branch offices)
- Subnets hosting various tiers of a multi-tiered application.
For more information, see Network Performance Monitor.
To use the solutions:
- Add the management solution to Log Analytics, and
- Enable diagnostics to direct the diagnostics to a Log Analytics workspace. It is not necessary to write the logs to Azure Blob storage.
You can enable diagnostics and the corresponding solution for either one or both of Application Gateway and Networking Security Groups.
If you do not enable diagnostic logging for a particular resource type, but install the solution, the dashboard blades for that resource are blank and display an error message.
Note
In January 2017, the supported way of sending logs from Application Gateways and Network Security Groups to Log Analytics changed. If you see the Azure Networking Analytics (deprecated) solution, refer to migrating from the old Networking Analytics solution for steps you need to follow.
The Azure Application Gateway analytics and the Network Security Group analytics management solutions collect diagnostics logs directly from Azure Application Gateways and Network Security Groups. It is not necessary to write the logs to Azure Blob storage and no agent is required for data collection.
The following table shows data collection methods and other details about how data is collected for Azure Application Gateway analytics and the Network Security Group analytics.
| Platform | Direct agent | Systems Center Operations Manager agent | Azure | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|
| Azure | • | when logged |
The following logs are supported for Application Gateways:
- ApplicationGatewayAccessLog
- ApplicationGatewayPerformanceLog
- ApplicationGatewayFirewallLog
The following metrics are supported for Application Gateways:
- 5 minute throughput
Use the following instructions to install and configure the Azure Application Gateway analytics solution:
- Enable the Azure Application Gateway analytics solution from Azure marketplace or by using the process described in Add Log Analytics solutions from the Solutions Gallery.
- Enable diagnostics logging for the Application Gateways you want to monitor.
-
In the Azure portal, navigate to the Application Gateway resource to monitor
-
Select Diagnostics logs to open the following page
-
Click Turn on diagnostics to open the following page
-
To turn on diagnostics, click On under Status
-
Click the checkbox for Send to Log Analytics
-
Select an existing Log Analytics workspace, or create a workspace
-
Click the checkbox under Log for each of the log types to collect
-
Click Save to enable the logging of diagnostics to Log Analytics
The following PowerShell script provides an example of how to enable diagnostic logging for application gateways.
$workspaceId = "/subscriptions/d2e37fee-1234-40b2-5678-0b2199de3b50/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/rollingbaskets"
$gateway = Get-AzureRmApplicationGateway -Name 'ContosoGateway'
Set-AzureRmDiagnosticSetting -ResourceId $gateway.ResourceId -WorkspaceId $workspaceId -Enabled $true
After you click the Azure Application Gateway analytics tile on the Overview, you can view summaries of your logs and then drill in to details for the following categories:
- Application Gateway Access logs
- Client and server errors for Application Gateway access logs
- Requests per hour for each Application Gateway
- Failed requests per hour for each Application Gateway
- Errors by user agent for Application Gateways
- Application Gateway performance
- Host health for Application Gateway
- Maximum and 95th percentile for Application Gateway failed requests
On the Azure Application Gateway analytics dashboard, review the summary information in one of the blades, and then click one to view detailed information on the log search page.
On any of the log search pages, you can view results by time, detailed results, and your log search history. You can also filter by facets to narrow the results.
The following logs are supported for network security groups:
- NetworkSecurityGroupEvent
- NetworkSecurityGroupRuleCounter
Use the following instructions to install and configure the Azure Networking Analytics solution:
- Enable the Azure Network Security Group analytics solution from Azure marketplace or by using the process described in Add Log Analytics solutions from the Solutions Gallery.
- Enable diagnostics logging for the Network Security Group resources you want to monitor.
-
In the Azure portal, navigate to the Network Security Group resource to monitor
-
Select Diagnostics logs to open the following page
-
Click Turn on diagnostics to open the following page
-
To turn on diagnostics, click On under Status
-
Click the checkbox for Send to Log Analytics
-
Select an existing Log Analytics workspace, or create a workspace
-
Click the checkbox under Log for each of the log types to collect
-
Click Save to enable the logging of diagnostics to Log Analytics
The following PowerShell script provides an example of how to enable diagnostic logging for network security groups
$workspaceId = "/subscriptions/d2e37fee-1234-40b2-5678-0b2199de3b50/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/rollingbaskets"
$nsg = Get-AzureRmNetworkSecurityGroup -Name 'ContosoNSG'
Set-AzureRmDiagnosticSetting -ResourceId $nsg.ResourceId -WorkspaceId $workspaceId -Enabled $trueAfter you click the Azure Network Security Group analytics tile on the Overview, you can view summaries of your logs and then drill in to details for the following categories:
- Network security group blocked flows
- Network security group rules with blocked flows
- MAC addresses with blocked flows
- Network security group allowed flows
- Network security group rules with allowed flows
- MAC addresses with allowed flows
On the Azure Network Security Group analytics dashboard, review the summary information in one of the blades, and then click one to view detailed information on the log search page.
On any of the log search pages, you can view results by time, detailed results, and your log search history. You can also filter by facets to narrow the results.
In January 2017, the supported way of sending logs from Azure Application Gateways and Azure Network Security Groups to Log Analytics changed. These changes provide the following advantages:
- Logs are written directly to Log Analytics without the need to use a storage account
- Less latency from the time when logs are generated to them being available in Log Analytics
- Fewer configuration steps
- A common format for all types of Azure diagnostics
To use the updated solutions:
- Configure diagnostics to be sent directly to Log Analytics from Azure Application Gateways
- Configure diagnostics to be sent directly to Log Analytics from Azure Network Security Groups
- Enable the Azure Application Gateway Analytics and the Azure Network Security Group Analytics solution by using the process described in Add Log Analytics solutions from the Solutions Gallery
- Update any saved queries, dashboards, or alerts to use the new data type
-
Type is to AzureDiagnostics. You can use the ResourceType to filter to Azure networking logs.
Instead of: Use: Type=NetworkApplicationgateways OperationName=ApplicationGatewayAccessType=AzureDiagnostics ResourceType=APPLICATIONGATEWAYS OperationName=ApplicationGatewayAccessType=NetworkApplicationgateways OperationName=ApplicationGatewayPerformanceType=AzureDiagnostics ResourceType=APPLICATIONGATEWAYS OperationName=ApplicationGatewayPerformanceType=NetworkSecuritygroupsType=AzureDiagnostics ResourceType=NETWORKSECURITYGROUPS -
For any field that has a suffix of _s, _d, or _g in the name, change the first character to lower case
-
For any field that has a suffix of _o in name, the data is split into individual fields based on the nested field names.
- Remove the Azure Networking Analytics (Deprecated) solution.
- If you are using PowerShell, use
Set-AzureOperationalInsightsIntelligencePack -ResourceGroupName <resource group that the workspace is in> -WorkspaceName <name of the log analytics workspace> -IntelligencePackName "AzureNetwork" -Enabled $false
Data collected before the change is not visible in the new solution. You can continue to query for this data using the old Type and field names.
[!INCLUDE log-analytics-troubleshoot-azure-diagnostics]
- Use Log searches in Log Analytics to view detailed Azure diagnostics data.