Azure Diagnostics extension overview

Azure Diagnostics extension is an agent in Azure Monitor that collects monitoring data from the guest operating system of Azure compute resources including virtual machines. This article provides an overview of Azure Diagnostics extension, the specific functionality that it supports, and options for installation and configuration.

Note

Azure Diagnostics extension is one of the agents available to collect monitoring data from the guest operating system of compute resources. For a description of the different agents and guidance on selecting the appropriate agents for your requirements, see Overview of the Azure Monitor agents.

Primary scenarios

Use Azure Diagnostics extension if you need to:

Limitations of Azure Diagnostics extension:

  • It can only be used with Azure resources.
  • It has limited ability to send data to Azure Monitor Logs.

Comparison to Log Analytics agent

The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You can choose to use either or both depending on your requirements. For a comparison of the Azure Monitor agents, see Overview of the Azure Monitor agents.

The key differences to consider are:

  • Azure Diagnostics Extension can be used only with Azure virtual machines. The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
  • Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Azure Event Hubs. The Log Analytics agent collects data to Azure Monitor Logs.
  • The Log Analytics agent is required for retired solutions, VM insights, and other services such as Microsoft Defender for Cloud.

Costs

There's no cost for Azure Diagnostics extension, but you might incur charges for the data ingested. Check Azure Monitor pricing for the destination where you're collecting data.

Data collected

The following tables list the data that can be collected by the Windows and Linux diagnostics extension.

Windows diagnostics extension (WAD)

Data source Description
Windows event logs Events from Windows event log.
Performance counters Numerical values measuring performance of different aspects of operating system and workloads.
IIS logs Usage information for IIS websites running on the guest operating system.
Application logs Trace messages written by your application.
.NET EventSource logs Code writing events using the .NET EventSource class.
Manifest-based ETW logs Event tracing for Windows events generated by any process.
Crash dumps (logs) Information about the state of the process if an application crashes.
File-based logs Logs created by your application or service.
Agent diagnostic logs Information about Azure Diagnostics itself.

Linux diagnostics extension (LAD)

Data source Description
Syslog Events sent to the Linux event logging system
Performance counters Numerical values measuring performance of different aspects of operating system and workloads
Log files Entries sent to a file-based log

Data destinations

The Azure Diagnostics extension for both Windows and Linux always collects data into an Azure Storage account. For a list of specific tables and blobs where this data is collected, see Install and configure Azure Diagnostics extension for Windows and Use Azure Diagnostics extension for Linux to monitor metrics and logs.

Configure one or more data sinks to send data to other destinations. The following sections list the sinks available for the Windows and Linux diagnostics extension.

Windows diagnostics extension (WAD)

Destination Description
Azure Monitor Metrics Collect performance data to Azure Monitor Metrics. See Send Guest OS metrics to the Azure Monitor metric database.
Event hubs Use Azure Event Hubs to send data outside of Azure. See Streaming Azure Diagnostics data to Azure Event Hubs.
Azure Storage blobs Write data to blobs in Azure Storage in addition to tables.
Application Insights Collect data from applications running in your VM to Application Insights to integrate with other application monitoring. See Send diagnostic data to Application Insights.

You can also collect WAD data from storage into a Log Analytics workspace to analyze it with Azure Monitor Logs, although the Log Analytics agent is typically used for this functionality. It can send data directly to a Log Analytics workspace and supports solutions and insights that provide more functionality. See Collect Azure diagnostic logs from Azure Storage.

Linux diagnostics extension (LAD)

LAD writes data to tables in Azure Storage. It supports the sinks in the following table.

Destination Description
Event hubs Use Azure Event Hubs to send data outside of Azure.
Azure Storage blobs Write data to blobs in Azure Storage in addition to tables.
Azure Monitor Metrics Install the Telegraf agent in addition to LAD. See Collect custom metrics for a Linux VM with the InfluxData Telegraf agent.

Installation and configuration

The diagnostics extension is implemented as a virtual machine extension in Azure, so it supports the same installation options using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on installing and maintaining virtual machine extensions, see Virtual machine extensions and features for Windows and Virtual machine extensions and features for Linux.

You can also install and configure both the Windows and Linux diagnostics extension in the Azure portal under Diagnostic settings in the Monitoring section of the virtual machine's menu.

See the following articles for information on installing and configuring the diagnostics extension for Windows and Linux:

Other documentation

See the following articles for more information.

Azure Cloud Services (classic) web and worker roles

Azure Service Fabric

Monitor and diagnose services in a local machine development setup

Next steps