Azure Monitor logs for Azure Standard Load Balancer

You can use different types of Azure Monitor logs to manage and troubleshoot Azure Standard Load Balancer. Logs can be streamed to an event hub or a Log Analytics workspace. You can extract all logs from Azure Blob Storage and view them in tools like Excel and Power BI.

The types of logs are:

  • Activity logs: You can view all activity being submitted to your Azure subscriptions, along with their status. For more information, see View activity logs to monitor actions on resources. Activity logs are enabled by default and can be viewed in the Azure portal. These logs are available for both Azure Basic Load Balancer and Standard Load Balancer.
  • Standard Load Balancer metrics: You can use this log to query the metrics exported as logs for Standard Load Balancer. These logs are available only for Standard Load Balancer.

Important

Health probe and Load Balancer alert event logs are not currently functional and are listed in the known issues for Azure Load Balancer.

Important

Logs are available only for resources deployed in the Azure Resource Manager deployment model. You can't use logs for resources in the classic deployment model. For more information about the deployment models, see Understanding Resource Manager deployment and classic deployment.

Enable logging

Activity logging is automatically enabled for every Resource Manager resource. Enable event and health probe logging to start collecting the data available through those logs. Use the following steps:

  1. Sign in to the Azure portal. If you don't already have a load balancer, create a load balancer before you continue.

  2. In the portal, select Resource groups.

  3. Select <resource-group-name> where your load balancer is.

  4. Select your load balancer.

  5. Select Activity log > Diagnostic settings.

  6. In the Diagnostics settings pane, under Diagnostics settings, select + Add diagnostic setting.

  7. In the Diagnostics settings creation pane, enter myLBDiagnostics in the Name box.

  8. You have three options for the Diagnostics settings. You can choose one, two, or all three and configure each for your requirements:

    • Archive to a storage account. You'll need a storage account already created for this process. To create a storage account, see Create a storage account.

      1. Select the Archive to a storage account check box.
      2. Select Configure to open the Select a storage account pane.
      3. In the Subscription drop-down list, select the subscription where your storage account was created.
      4. In the Storage account drop-down list, select the name of your storage account.
      5. Select OK.
    • Stream to an event hub. You'll need an event hub already created for this process. To create an event hub, see Quickstart: Create an event hub by using the Azure portal.

      1. Select the Stream to an event hub check box.
      2. Select Configure to open the Select event hub pane.
      3. In the Subscription drop-down list, select the subscription where your event hub was created.
      4. In the Select event hub namespace drop-down list, select the namespace.
      5. In the Select event hub policy name drop-down list, select the name.
      6. Select OK.
    • Send to Log Analytics. You'll need to already have a log analytics workspace created and configured for this process. To create a Log Analytics workspace, see Create a Log Analytics workspace in the Azure portal.

      1. Select the Send to Log Analytics check box.
      2. In the Subscription drop-down list, select the subscription where your Log Analytics workspace is.
      3. In the Log Analytics Workspace drop-down list, select the workspace.
  9. In the METRIC section of the Diagnostics settings pane, select the AllMetrics check box.

  10. Verify that everything looks correct, and then select Save at the top of the Diagnostic settings creation pane.

View and analyze the activity log

The activity log is generated by default. You can configure it to be exported on a subscription level by following instructions in this article. Learn more about these logs by reading the View activity logs to monitor actions on resources article.

You can view and analyze activity log data by using either of the following methods:

  • Azure tools: Retrieve information from the activity log through Azure PowerShell, the Azure CLI, the Azure REST API, or the Azure portal. The Audit operations with Resource Manager article provides step-by-step instructions for each method.
  • Power BI: If you don't already have a Power BI account, you can try it for free. By using the Azure Audit Logs integration for Power BI, you can analyze your data with preconfigured dashboards. Or you can customize views to suit your requirements.

View and analyze metrics as logs

By using the export functionality in Azure Monitor, you can export your Load Balancer metrics. These metrics will generate a log entry for each one-minute sampling interval.

Metrics-to-logs export is enabled on a per-resource level. To enable these logs:

  1. Go to the Diagnostic Settings pane.
  2. Filter by resource group, and then select the Load Balancer instance that you want to enable metrics export for.
  3. When the diagnostic settings page for Load Balancer is up, select AllMetrics to export eligible metrics as logs.

For metric export limitations, see the Limitations section of this article.

After you enable AllMetrics in the diagnostic settings of Standard Load Balancer, if you're using an event hub or Log Analytics workspace, these logs will be populated in the AzureMonitor table.

If you're exporting to storage, connect to your storage account and retrieve the JSON log entries for event and health probe logs. After you download the JSON files, you can convert them to CSV and view them in Excel, Power BI, or any other data visualization tool.

Tip

If you're familiar with Visual Studio and basic concepts of changing values for constants and variables in C#, you can use the log converter tools available from GitHub.

Stream to an event hub

When diagnostic information is streamed to an event hub, you can use it for centralized log analysis in a partner SIEM tool with Azure Monitor integration. For more information, see Stream Azure monitoring data to an event hub.

Send to Log Analytics

You can send diagnostic information for resources in Azure directly to a Log Analytics workspace. In that workspace, you can run complex queries against the information for troubleshooting and analysis. For more information, see Collect Azure resource logs in a Log Analytics workspace in Azure Monitor.

Limitations

The metrics-to-logs export feature for Azure Load Balancer has the following limitations:

  • Metrics are currently displayed through internal names when exported as logs. You can find the mapping in the below table.
  • The dimensionality of metrics is not preserved. For example, with metrics such as DipAvailability (health probe status), you won't be able to split or view by back-end IP address.
  • Metrics for used SNAT ports and allocated SNAT ports aren't currently available for export as logs.

Next steps