Overview of the Azure monitoring agents
Microsoft Azure provides multiple ways to collect different types of data from virtual machines running Microsoft Windows and Linux hosted in Azure, your datacenter, or other cloud providers. The three types of agents available to monitor a VM are:
- Azure Diagnostics extensions
- Log Analytics Agent for Linux and Windows
- Dependency agent
This article describes the differences between them and their capabilities in order for you to determine which one will support your IT service management or general monitoring requirements.
Azure Diagnostic extension
The Azure Diagnostics extension (commonly referred to as the Windows Azure Diagnostic (WAD) or Linux Azure Diagnostic (LAD) extension), which has been provided for Azure Cloud Services since it became generally available in 2010, is an agent that delivers simple collection of diagnostic data from an Azure compute resource like a VM, and persist it to Azure storage. Once in storage, you chose to view with one of several available tools, such as Server Explorer in Visual Studio and Azure Storage Explorer.
You can choose to collect:
- A predefined set of operating system performance counters and event logs, or you can specify which to collect.
- All requests and/or failed requests to an IIS web server
- .NET app tracing output logs
- Event tracing for Windows (ETW) events
- Collect log events from syslog
- Crash dumps
The Azure Diagnostics agent should be used when you want to:
- Archive logs and metrics to Azure storage
- Integrate monitoring data with third-party tools. These tools use a variety of methods including querying the storage account, forwarded to Event Hubs, or querying with the Azure Monitoring REST API
- Upload data to Azure Monitor to create metric charts in the Azure portal or create near real-time metric alerts.
- Autoscale virtual machine scale sets and Classic Cloud Services based on guest OS metrics.
- Investigate VM boot issues with Boot Diagnostics.
- Understand how your applications are performing and proactively identifies issues affecting them with Application Insights.
- Configure Log Analytics to import metrics and log data collected from Cloud Services, classic VMs, and Service Fabric nodes stored in an Azure storage account.
Log Analytics agent
For advanced monitoring where you need to do more than collect metrics and a subset of logs, the Log Analytics agent for Windows and Linux is required. The Log Analytics agent was developed for comprehensive management across on-premises physical and virtual machines, computers monitored by System Center Operations Manager, and VMs in hosted in other clouds. The Windows and Linux agents connect to a Log Analytics workspace to collect both monitoring solution-based data as well as custom data sources that you configure.
As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.
The Log Analytics agent should be used when you want to:
- Collect data from a variety of sources both within Azure, other cloud providers, and on-premises resources.
- Using one of the Azure Monitor monitoring solutions such as Azure Monitor for VMs, Azure Monitor for containers, etc.
- Use one of the other Azure management services such as Azure Security Center, Azure Automation, etc.
Previously, several Azure services were bundled as the Operations Management Suite, and as a result the Log Analytics agent is shared across services including Azure Security Center and Azure Automation. This includes the full set of features they offer, delivering comprehensive management of your Azure VMs through their lifecycle. Some examples of this are:
- Azure Automation Update management of operating system updates.
- Azure Automation Desired State Configuration to maintain consistent configuration state.
- Track configuration changes with Azure Automation Change Tracking and Inventory.
- Azure services such as Application Insights and Azure Security Center, which natively store their data directly in Log Analytics.
The Dependency agent was developed as part of the Service Map solution, which was originally developed externally from Microsoft. Service Map and Azure Monitor for VMs requires a Dependency Agent on Windows and Linux virtual machines and it integrates with the Log Analytics agent to collects discovered data about processes running on the virtual machine and external process dependencies. It stores this data in Log Analytics and visualizes the discovered interconnected components.
You may need some combination of these agents to monitor your VM. The agents can be installed side by side as Azure extensions, however on Linux, the Log Analytics agent must be installed first or else installation will fail.
- See Overview of the Log Analytics agent to review requirements and supported methods to deploy the agent to machines hosted in Azure, in your datacenter, or other cloud environment.