Collect data from Linux computers hosted in your environment

Azure Log Analytics can collect data directly from your physical or virtual Linux computers and other resources in your environment into a single repository for detailed analysis and correlation. This quickstart shows you how to configure and collect data from your Linux computer with a few easy steps. For Azure Linux VMs, see the following topic Collect data about Azure Virtual Machines.

To understand the network and system requirements to deploy the Linux agent, review Collect data from your environment with Azure Log Analytics.

If you don't have an Azure subscription, create a free account before you begin.

Log in to Azure portal

Log in to the Azure portal at https://portal.azure.com.

Create a workspace

  1. In the Azure portal, click More services found on the lower left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics.

    Azure portal

  2. Click Create, and then select choices for the following items:

    • Provide a name for the new OMS Workspace, such as DefaultLAWorkspace.
    • Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
    • For Resource Group, select an existing resource group that contains one or more Azure virtual machines.
    • Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available in.
    • You can choose from three different pricing tiers in Log Analytics, but for this quickstart you are going to select the free tier. For additional information about the particular tiers, see Log Analytics Pricing Details.

      Create Log Analytics resource blade

  3. After providing the required information on the OMS Workspace pane, click OK.

While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.

Obtain workspace ID and key

Before installing the OMS agent for Linux, you need the workspace ID and key for your Log Analytics workspace. This information is required by the agent wrapper script to properly configure the agent and ensure it can successfully communicate with Log Analytics.

  1. In the Azure portal, click More services found on the lower left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics.
  2. In your list of Log Analytics workspaces, select DefaultLAWorkspace created earlier.
  3. Select Advanced settings.

    Log Analytics Advance Settings

  4. Select Connected Sources, and then select Linux Servers.
  5. The value to the right of Workspace ID and Primary Key. Copy and paste both into your favorite editor.

Install the agent for Linux

The following steps configure setup of the agent for Log Analytics in Azure and Azure Government cloud.

Note

The OMS agent for Linux cannot be configured to report to more than one Log Analytics workspace.

  1. To configure the Linux computer to connect to Log Analytics, run the following command providing the workspace ID and primary key copied earlier. This command downloads the agent, validates its checksum, and installs it.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
    
  2. To configure the Linux computer to connect to Log Analytics in Azure Government cloud, run the following command providing the workspace ID and primary key copied earlier. This command downloads the agent, validates its checksum, and installs it.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY> -d opinsights.azure.us
    

Configure agent to communicate with a proxy server

Perform the following steps if your Linux computers need to communicate through a proxy server to Log Analytics. The proxy configuration value has the following syntax [protocol://][user:password@]proxyhost[:port].

  1. Edit the file /etc/opt/microsoft/omsagent/proxy.conf by running the following commands and change the values to your specific settings.

    proxyconf="https://proxyuser:proxypassword@proxyserver01:30443"
    sudo echo $proxyconf >>/etc/opt/microsoft/omsagent/proxy.conf
    sudo chown omsagent:omiusers /etc/opt/microsoft/omsagent/proxy.conf 
    
  2. Restart the agent by running the following command:

    sudo /opt/microsoft/omsagent/bin/service_control restart [<workspace id>]
    

Collect event and performance data

Log Analytics can collect events from the Linux Syslog and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected. Follow these steps to configure collection of events from the Linux Syslog, and several common performance counters to start with.

  1. Select Syslog.
  2. You add an event log by typing in the name of the log. Type Syslog and then click the plus sign +.
  3. In the table, uncheck the severities Info, Notice and Debug.
  4. Click Save at the top of the page to save the configuration.
  5. Select Linux Performance Data to enable collection of performance counters on a Windows computer.
  6. When you first configure Linux Performance counters for a new Log Analytics workspace, you are given the option to quickly create several common counters. They are listed with a checkbox next to each.

    Default Windows performance counters selected.

    Click Add the selected performance counters. They are added and preset with a ten second collection sample interval.
  7. Click Save at the top of the page to save the configuration.

View data collected

Now that you have enabled data collection, lets run a simple log search example to see some data from the target computer.

  1. In the Azure portal, navigate to Log Analytics and select the workspace created earlier.
  2. Click the Log Search tile and on the Log Search pane, in the query field type Perf and then hit enter or click the search button to the right of the query field.

    Log Analytics log search query example

    For example, the query in the following image returned 735 Performance records.

    Log Analytics log search result

Clean up resources

When no longer needed, you can remove the agent from the Linux computer and delete the Log Analytics workspace.

To remove the agent, perform the following steps.

  1. Download the the Linux agent universal script to the computer.
  2. Run the bundle .sh file w the --purge argument on the computer, which completely removes the agent and its configuration.

    sudo sh ./omsagent-<version>.universal.x64.sh --purge

To delete the workspace, select the Log Analytics workspace you created earlier and on the resource page click Delete.

Delete Log Analytics resource

Next steps

Now that you are collecting operational and performance data from your on-premises Linux computer, you can easily begin exploring, analyzing, and taking action on data that you collect for free.

To learn how to view and analyze the data, continue to the tutorial.