Overview of Azure Monitor agents

Virtual machines and other compute resources require an agent to collect monitoring data required to measure the performance and availability of their guest operating system and workloads. There are many legacy agents that exist today for this purpose, that will all be eventually replaced by the new consolidated Azure Monitor agent. This article describes both the legacy agents as well as the new Azure Monitor agent.

The general recommendation is to use the Azure Monitor agent if you are not bound by these limitations, as it consolidates the features of all the legacy agents listed below and provides these additional benefits.
If you do require the limitations today, you may continue using the other legacy agents listed below until August 2024. Learn more

Summary of agents

The following tables provide a quick comparison of the telemetry agents for Windows and Linux. Further detail on each is provided in the section below.

Windows agents

Azure Monitor agent Diagnostics
extension (WAD)
Log Analytics
agent
Dependency
agent
Environments supported Azure
Other cloud (Azure Arc)
On-premises (Azure Arc)
Windows Client OS (preview)
Azure Azure
Other cloud
On-premises
Azure
Other cloud
On-premises
Agent requirements None None None Requires Log Analytics agent
Data collected Event Logs
Performance
File based logs (preview)
Event Logs
ETW events
Performance
File based logs
IIS logs
.NET app logs
Crash dumps
Agent diagnostics logs
Event Logs
Performance
File based logs
IIS logs
Insights and solutions
Other services
Process dependencies
Network connection metrics
Data sent to Azure Monitor Logs
Azure Monitor Metrics1
Azure Storage
Azure Monitor Metrics
Event Hub
Azure Monitor Logs Azure Monitor Logs
(through Log Analytics agent)
Services and
features
supported
Log Analytics
Metrics explorer
Microsoft Sentinel (view scope)
Metrics explorer VM insights
Log Analytics
Azure Automation
Microsoft Defender for Cloud
Microsoft Sentinel
VM insights
Service Map

Linux agents

Azure Monitor agent Diagnostics
extension (LAD)
Telegraf
agent
Log Analytics
agent
Dependency
agent
Environments supported Azure
Other cloud (Azure Arc)
On-premises (Azure Arc)
Azure Azure
Other cloud
On-premises
Azure
Other cloud
On-premises
Azure
Other cloud
On-premises
Agent requirements None None None None Requires Log Analytics agent
Data collected Syslog
Performance
File based logs (preview)
Syslog
Performance
Performance Syslog
Performance
Process dependencies
Network connection metrics
Data sent to Azure Monitor Logs
Azure Monitor Metrics1
Azure Storage
Event Hub
Azure Monitor Metrics Azure Monitor Logs Azure Monitor Logs
(through Log Analytics agent)
Services and
features
supported
Log Analytics
Metrics explorer
Microsoft Sentinel (view scope)
Metrics explorer VM insights
Log Analytics
Azure Automation
Microsoft Defender for Cloud
Microsoft Sentinel
VM insights
Service Map

1 Click here to review other limitations of using Azure Monitor Metrics. On Linux, using Azure Monitor Metrics as the only destination is supported in v.1.10.9.0 or higher.

Azure Monitor agent

The Azure Monitor agent is meant to replace the Log Analytics agent, Azure Diagnostic extension and Telegraf agent for both Windows and Linux machines. It can send data to both Azure Monitor Logs and Azure Monitor Metrics and uses Data Collection Rules (DCR) which provide a more scalable method of configuring data collection and destinations for each agent.

Use the Azure Monitor agent to gain these benefits:

  • Collect guest logs and metrics from any machine in Azure, in other clouds, or on-premises. (Azure Arc-enabled servers required for machines outside of Azure.)
  • Cost savings:
    • Granular targeting via Data Collection Rules to collect specific data types from specific machines, as compared to the "all or nothing" mode that Log Analytics agent supports
    • Use XPath queries to filter Windows events that get collected. This helps further reduce ingestion and storage costs.
  • Centrally configure collection for different sets of data from different sets of VMs.
  • Simplified management of data collection: Send data from Windows and Linux VMs to multiple Log Analytics workspaces (i.e. "multi-homing") and/or other supported destinations. Additionally, every action across the data collection lifecycle, from onboarding to deployment to updates, is significantly easier, scalable, and centralized (in Azure) using data collection rules
  • Management of dependent solutions or services: The Azure Monitor agent uses a new method of handling extensibility that's more transparent and controllable than management packs and Linux plug-ins in the legacy Log Analytics agents. Moreover this management experience is identical for machines in Azure or on-premises/other clouds via Azure Arc, at no added cost.
  • Security and performance - For authentication and security, it uses Managed Identity (for virtual machines) and AAD device tokens (for clients) which are both much more secure and ‘hack proof’ than certificates or workspace keys that legacy agents use. This agent performs better at higher EPS (events per second upload rate) compared to legacy agents.
  • Manage data collection configuration centrally, using data collection rules and use Azure Resource Manager (ARM) templates or policies for management overall.
  • Send data to Azure Monitor Logs and Azure Monitor Metrics (preview) for analysis with Azure Monitor.
  • Use Windows event filtering or multi-homing for logs on Windows and Linux.

When compared with the legacy agents, the Azure Monitor Agent has these limitations currently.

Log Analytics agent

Warning

The Log Analytics agents are on a deprecation path and will no longer be supported after August 31, 2024.

The legacy Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises machines. It sends data to a Log Analytics workspace. The Log Analytics agent is the same agent used by System Center Operations Manager, and you can multihome agent computers to communicate with your management group and Azure Monitor simultaneously. This agent is also required by certain insights in Azure Monitor and other services in Azure.

Note

The Log Analytics agent for Windows is often referred to as Microsoft Monitoring Agent (MMA). The Log Analytics agent for Linux is often referred to as OMS agent.

Use the Log Analytics agent if you need to:

Limitations of the Log Analytics agent include:

  • Cannot send data to Azure Monitor Metrics, Azure Storage, or Azure Event Hubs.
  • Difficult to configure unique monitoring definitions for individual agents.
  • Difficult to manage at scale since each virtual machine has a unique configuration.

Azure diagnostics extension

The Azure Diagnostics extension collects monitoring data from the guest operating system and workloads of Azure virtual machines and other compute resources. It primarily collects data into Azure Storage but also allows you to define data sinks to also send data to other destinations such as Azure Monitor Metrics and Azure Event Hubs.

Use Azure diagnostic extension if you need to:

Limitations of Azure diagnostics extension include:

  • Can only be used with Azure resources.
  • Limited ability to send data to Azure Monitor Logs.

Telegraf agent

The InfluxData Telegraf agent is used to collect performance data from Linux computers to Azure Monitor Metrics.

Use Telegraf agent if you need to:

Dependency agent

The Dependency agent collects discovered data about processes running on the machine and external process dependencies.

Use the Dependency agent if you need to:

Consider the following when using the Dependency agent:

  • The Dependency agent requires the Log Analytics agent to be installed on the same machine.
  • On Linux computers, the Log Analytics agent must be installed before the Azure Diagnostic Extension.
  • On both the Windows and Linux versions of the Dependency Agent, data collection is done using a user-space service and a kernel driver.

Virtual machine extensions

The Azure Monitor agent is only available as a virtual machine extension. The Log Analytics extension for Windows and Linux install the Log Analytics agent on Azure virtual machines. The Azure Monitor Dependency extension for Windows and Linux install the Dependency agent on Azure virtual machines. These are the same agents described above but allow you to manage them through virtual machine extensions. You should use extensions to install and manage the agents whenever possible.

On hybrid machines, use Azure Arc-enabled servers to deploy the Azure Monitor agent, Log Analytics and Azure Monitor Dependency VM extensions.

Supported operating systems

The following tables list the operating systems that are supported by the Azure Monitor agents. See the documentation for each agent for unique considerations and for the installation process. See Telegraf documentation for its supported operating systems. All operating systems are assumed to be x64. x86 is not supported for any operating system.

Windows

Operating system Azure Monitor agent Log Analytics agent Dependency agent Diagnostics extension
Windows Server 2022 X
Windows Server 2022 Core X
Windows Server 2019 X X X X
Windows Server 2019 Core X
Windows Server 2016 X X X X
Windows Server 2016 Core X X
Windows Server 2012 R2 X X X X
Windows Server 2012 X X X X
Windows Server 2008 R2 SP1 X X X X
Windows Server 2008 R2 X
Windows Server 2008 SP2 X
Windows 11 client OS X2
Windows 10 1803 (RS4) and higher X2
Windows 10 Enterprise
(including multi-session) and Pro
(Server scenarios only1)
X X X X
Windows 8 Enterprise and Pro
(Server scenarios only1)
X X
Windows 7 SP1
(Server scenarios only1)
X X
Azure Stack HCI X

1 Running the OS on server hardware, i.e. machines that are always connected, always turned on, and not running other workloads (PC, office, browser, etc.) 2 Using the Azure Monitor agent client installer (preview)

Linux

Note

For Dependency Agent, please additionally check for supported kernel versions. See "Dependency agent Linux kernel support" table below for details

Operating system Azure Monitor agent 1 Log Analytics agent 1 Dependency agent Diagnostics extension 2
AlmaLinux X X
Amazon Linux 2017.09 X
Amazon Linux 2 X
CentOS Linux 8 X 3 X X
CentOS Linux 7 X X X X
CentOS Linux 6 X
CentOS Linux 6.5+ X X X
Debian 10 1 X
Debian 9 X X x X
Debian 8 X X
Debian 7 X
OpenSUSE 13.1+ X
Oracle Linux 8 X 3 X
Oracle Linux 7 X X X
Oracle Linux 6 X
Oracle Linux 6.4+ X X
Red Hat Enterprise Linux Server 8.1, 8.2, 8.3, 8.4 X 3 X X
Red Hat Enterprise Linux Server 8 X 3 X X
Red Hat Enterprise Linux Server 7 X X X X
Red Hat Enterprise Linux Server 6 X X
Red Hat Enterprise Linux Server 6.7+ X X X
Rocky Linux X X
SUSE Linux Enterprise Server 15.2 X 3
SUSE Linux Enterprise Server 15.1 X 3 X
SUSE Linux Enterprise Server 15 SP1 X X X
SUSE Linux Enterprise Server 15 X X X
SUSE Linux Enterprise Server 12 SP5 X X X X
SUSE Linux Enterprise Server 12 X X X X
Ubuntu 22.04 LTS X
Ubuntu 20.04 LTS X X X X 4
Ubuntu 18.04 LTS X X X X
Ubuntu 16.04 LTS X X X X
Ubuntu 14.04 LTS X X

1 Requires Python (2 or 3) to be installed on the machine.

3 Known issue collecting Syslog events in versions prior to 1.9.0.

4 Not all kernel versions are supported, check supported kernel versions below.

Dependency agent Linux kernel support

Since the Dependency agent works at the kernel level, support is also dependent on the kernel version. As of Dependency agent version 9.10.* the agent supports * kernels. The following table lists the major and minor Linux OS release and supported kernel versions for the Dependency agent.

Distribution OS version Kernel version
Red Hat Linux 8 8.5 4.18.0-348.*el8_5.x86_644.18.0-348.*el8.x86_64
8.4 4.18.0-305.*el8.x86_64, 4.18.0-305.*el8_4.x86_64
8.3 4.18.0-240.*el8_3.x86_64
8.2 4.18.0-193.*el8_2.x86_64
8.1 4.18.0-147.*el8_1.x86_64
8.0 4.18.0-80.*el8.x86_64
4.18.0-80.*el8_0.x86_64
Red Hat Linux 7 7.9 3.10.0-1160
7.8 3.10.0-1136
7.7 3.10.0-1062
7.6 3.10.0-957
7.5 3.10.0-862
7.4 3.10.0-693
Red Hat Linux 6 6.10 2.6.32-754
6.9 2.6.32-696
CentOS Linux 8 8.5 4.18.0-348.*el8_5.x86_644.18.0-348.*el8.x86_64
8.4 4.18.0-305.*el8.x86_64, 4.18.0-305.*el8_4.x86_64
8.3 4.18.0-240.*el8_3.x86_64
8.2 4.18.0-193.*el8_2.x86_64
8.1 4.18.0-147.*el8_1.x86_64
8.0 4.18.0-80.*el8.x86_64
4.18.0-80.*el8_0.x86_64
CentOS Linux 7 7.9 3.10.0-1160
7.8 3.10.0-1136
7.7 3.10.0-1062
CentOS Linux 6 6.10 2.6.32-754.3.5
2.6.32-696.30.1
6.9 2.6.32-696.30.1
2.6.32-696.18.7
Ubuntu Server 20.04 5.8
5.4*
18.04 5.3.0-1020
5.0 (includes Azure-tuned kernel)
4.18*
4.15*
16.04.3 4.15.*
16.04 4.13.*
4.11.*
4.10.*
4.8.*
4.4.*
SUSE Linux 12 Enterprise Server 12 SP5 4.12.14-122.*-default, 4.12.14-16.*-azure
12 SP4 4.12.* (includes Azure-tuned kernel)
12 SP3 4.4.*
12 SP2 4.4.*
SUSE Linux 15 Enterprise Server 15 SP1 4.12.14-197.*-default, 4.12.14-8.*-azure
15 4.12.14-150.*-default
Debian 9 4.9

Next steps

Get more details on each of the agents at the following: