Azure Diagnostics extension overview

Azure Diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system of Azure compute resources including virtual machines. This article provides an overview of Azure Diagnostics extension including specific functionality that it supports and options for installation and configuration.

Note

Azure Diagnostics extension is one of the agents available to collect monitoring data from the guest operating system of compute resources. See Overview of the Azure Monitor agents for a description of the different agents and guidance on selecting the appropriate agents for your requirements.

Comparison to Log Analytics agent

The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements. See Overview of the Azure Monitor agents for a detailed comparison of the Azure Monitor agents.

The key differences to consider are:

  • Azure Diagnostics Extension can be used only with Azure virtual machines. The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
  • Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Event Hubs. The Log Analytics agent collects data to Azure Monitor Logs.
  • The Log Analytics agent is required for solutions, Azure Monitor for VMs, and other services such as Azure Security Center.

Costs

There is no cost for Azure Diagnostic Extension, but you may incur charges for the data ingested. Check Azure Monitor pricing for the destination where you're collecting data.

Data collected

The following tables list the data that can be collected by the Windows and Linux diagnostics extension.

Windows diagnostics extension (WAD)

Data Source Description
Windows Event logs Events from Windows event log.
Performance counters Numerical values measuring performance of different aspects of operating system and workloads.
IIS Logs Usage information for IIS web sites running on the guest operating system.
Application logs Trace messages written by your application.
.NET EventSource logs Code writing events using the .NET EventSource class
Manifest based ETW logs Event Tracing for Windows events generated by any process.
Crash dumps (logs) Information about the state of the process if an application crashes.
File based logs Logs created by your application or service.
Agent diagnostic logs Information about Azure Diagnostics itself.

Linux diagnostics extension (LAD)

Data Source Description
Syslog Events sent to the Linux event logging system.
Performance counters Numerical values measuring performance of different aspects of operating system and workloads.
Log files Entries sent to a file based log.

Data destinations

The Azure Diagnostic extension for both Windows and Linux always collect data into an Azure Storage account. See Install and configure Windows Azure diagnostics extension (WAD) and Use Linux Diagnostic Extension to monitor metrics and logs for a list of specific tables and blobs where this data is collected.

Configure one or more data sinks to send data to other additional destinations. The following sections list the sinks available for the Windows and Linux diagnostics extension.

Windows diagnostics extension (WAD)

Destination Description
Azure Monitor Metrics Collect performance data to Azure Monitor Metrics. See Send Guest OS metrics to the Azure Monitor metric database.
Event hubs Use Azure Event Hubs to send data outside of Azure. See Streaming Azure Diagnostics data to Event Hubs
Azure Storage blobs Write to data to blobs in Azure Storage in addition to tables.
Application Insights Collect data from applications running in your VM to Application Insights to integrate with other application monitoring. See Send diagnostic data to Application Insights.

You can also collect WAD data from storage into a Log Analytics workspace to analyze it with Azure Monitor Logs although the Log Analytics agent is typically used for this functionality. It can send data directly to a Log Analytics workspace and supports solutions and insights that provide additional functionality. See Collect Azure diagnostic logs from Azure Storage.

Linux diagnostics extension (LAD)

LAD writes data to tables in Azure Storage. It supports the sinks in the following table.

Destination Description
Event hubs Use Azure Event Hubs to send data outside of Azure.
Azure Storage blobs Write to data to blobs in Azure Storage in addition to tables.
Azure Monitor Metrics Install the Telegraf agent in addition to LAD. See Collect custom metrics for a Linux VM with the InfluxData Telegraf agent.

Installation and configuration

The Diagnostic extension is implemented as a virtual machine extension in Azure, so it supports the same installation options using Resource Manager templates, PowerShell, and CLI. See Virtual machine extensions and features for Windows and Virtual machine extensions and features for Linux for general details on installing and maintaining virtual machine extensions.

You can also install and configure both the Windows and Linux diagnostic extension in the Azure portal under Diagnostic settings in the Monitoring section of the virtual machine's menu.

See the following articles for details on installing and configuring the diagnostics extension for Windows and Linux.

Other documentation

Azure Cloud Service (classic) Web and Worker Roles

Azure Service Fabric

Next steps