Tutorial: Monitor and update a Linux virtual machine in Azure

To ensure your virtual machines (VMs) in Azure are running correctly, you can review boot diagnostics, performance metrics and manage package updates. In this tutorial, you learn how to:

  • Enable boot diagnostics on the VM
  • View boot diagnostics
  • View host metrics
  • Enable diagnostics extension on the VM
  • View VM metrics
  • Create alerts based on diagnostic metrics
  • Manage package updates
  • Monitor changes and inventory
  • Set up advanced monitoring

Open Azure Cloud Shell

Azure Cloud Shell is a free, interactive shell that you can use to run the steps in this article. Common Azure tools are preinstalled and configured in Cloud Shell for you to use with your account. Just select the Copy button to copy the code, paste it in Cloud Shell, and then press Enter to run it. There are a few ways to open Cloud Shell:

Select Try It in the upper-right corner of a code block. Cloud Shell in this article
Open Cloud Shell in your browser. https://shell.azure.com/bash
Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal. Cloud Shell in the portal

If you choose to install and use the CLI locally, this tutorial requires that you are running the Azure CLI version 2.0.30 or later. Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.

Create VM

To see diagnostics and metrics in action, you need a VM. First, create a resource group with az group create. The following example creates a resource group named myResourceGroupMonitor in the eastus location.

az group create --name myResourceGroupMonitor --location eastus

Now create a VM with az vm create. The following example creates a VM named myVM and generates SSH keys if they do not already exist in ~/.ssh/:

az vm create \
  --resource-group myResourceGroupMonitor \
  --name myVM \
  --image UbuntuLTS \
  --admin-username azureuser \
  --generate-ssh-keys

Enable boot diagnostics

As Linux VMs boot, the boot diagnostic extension captures boot output and stores it in Azure storage. This data can be used to troubleshoot VM boot issues. Boot diagnostics are not automatically enabled when you create a Linux VM using the Azure CLI.

Before enabling boot diagnostics, a storage account needs to be created for storing boot logs. Storage accounts must have a globally unique name, be between 3 and 24 characters, and must contain only numbers and lowercase letters. Create a storage account with the az storage account create command. In this example, a random string is used to create a unique storage account name.

storageacct=mydiagdata$RANDOM

az storage account create \
  --resource-group myResourceGroupMonitor \
  --name $storageacct \
  --sku Standard_LRS \
  --location eastus

When enabling boot diagnostics, the URI to the blob storage container is needed. The following command queries the storage account to return this URI. The URI value is stored in a variable names bloburi, which is used in the next step.

bloburi=$(az storage account show --resource-group myResourceGroupMonitor --name $storageacct --query 'primaryEndpoints.blob' -o tsv)

Now enable boot diagnostics with az vm boot-diagnostics enable. The --storage value is the blob URI collected in the previous step.

az vm boot-diagnostics enable \
  --resource-group myResourceGroupMonitor \
  --name myVM \
  --storage $bloburi

View boot diagnostics

When boot diagnostics are enabled, each time you stop and start the VM, information about the boot process is written to a log file. For this example, first deallocate the VM with the az vm deallocate command as follows:

az vm deallocate --resource-group myResourceGroupMonitor --name myVM

Now start the VM with the az vm start command as follows:

az vm start --resource-group myResourceGroupMonitor --name myVM

You can get the boot diagnostic data for myVM with the az vm boot-diagnostics get-boot-log command as follows:

az vm boot-diagnostics get-boot-log --resource-group myResourceGroupMonitor --name myVM

View host metrics

A Linux VM has a dedicated host in Azure that it interacts with. Metrics are automatically collected for the host and can be viewed in the Azure portal as follows:

  1. In the Azure portal, select Resource Groups, choose myResourceGroupMonitor, and then select myVM in the resource list.
  2. To see how the host VM is performing, select Metrics on the VM window, then choose any of the [Host] metrics under Available metrics.

    View host metrics

Install diagnostics extension

The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM. You can view these performance metrics and create alerts based on how the VM performs. The diagnostic extension is installed through the Azure portal as follows:

  1. In the Azure portal, choose Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. Select Diagnosis settings. In the Pick a storage account drop-down menu, if not already selected, choose the mydiagdata[1234] account created in the previous section.
  3. Select the Enable guest-level monitoring button.

    View diagnostic metrics

View VM metrics

You can view the VM metrics in the same way that you viewed the host VM metrics:

  1. In the Azure portal, choose Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. To see how the VM is performing, select Metrics on the VM window, and then select any of the [Guest] diagnostics metrics under Available metrics.

    View VM metrics

Create alerts

You can create alerts based on specific performance metrics. Alerts can be used to notify you when average CPU usage exceeds a certain threshold or available free disk space drops below a certain amount, for example. Alerts are displayed in the Azure portal or can be sent via email. You can also trigger Azure Automation runbooks or Azure Logic Apps in response to alerts being generated.

The following example creates an alert for average CPU usage.

  1. In the Azure portal, select Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. Select Alerts (classic), then choose to Add metric alert (classic) across the top of the alerts window.
  3. Provide a Name for your alert, such as myAlertRule
  4. To trigger an alert when CPU percentage exceeds 1.0 for five minutes, leave all the other defaults selected.
  5. Optionally, check the box for Email owners, contributors, and readers to send email notification. The default action is to present a notification in the portal.
  6. Select the OK button.

Manage package updates

Update management allows you to manage updates and patches for your Azure Linux VMs. Directly from your VM, you can quickly assess the status of available updates, schedule installation of required updates, and review deployment results to verify updates were applied successfully to the VM.

For pricing information, see Automation pricing for Update management

Enable Update management

Enable Update management for your VM:

  1. On the left-hand side of the screen, select Virtual machines.
  2. From the list, select a VM.
  3. On the VM screen, in the Operations section, select Update management. The Enable Update Management screen opens.

Validation is performed to determine if Update management is enabled for this VM. The validation includes checks for a Log Analytics workspace and linked Automation account, and if the solution is in the workspace.

A Log Analytics workspace is used to collect data that is generated by features and services such as Update management. The workspace provides a single location to review and analyze data from multiple sources. To perform additional actions on VMs that require updates, Azure Automation allows you to run runbooks against VMs, such as download and apply updates.

The validation process also checks to see if the VM is provisioned with the Microsoft Monitoring Agent (MMA) and Automation hybrid runbook worker. This agent is used to communicate with the VM and obtain information about the update status.

Choose the Log analytics workspace and automation account and select Enable to enable the solution. The solution takes up to 15 minutes to enable.

If any of the following prerequisites were found to be missing during onboarding, they're automatically added:

The Update Management screen opens. Configure the location, Log analytics workspace and Automation account to use and select Enable. If the fields are grayed out, that means another automation solution is enabled for the VM and the same workspace and Automation account must be used.

Enable Update management solution

Enabling the solution can take up to 15 minutes. During this time, you shouldn't close the browser window. After the solution is enabled, information about missing updates on the VM flows to Log Analytics. It can take between 30 minutes and 6 hours for the data to be available for analysis.

View update assessment

After Update management is enabled, the Update management screen appears. After the evaluation of updates is complete, you see a list of missing updates on the Missing updates tab.

View update status

Schedule an update deployment

To install updates, schedule a deployment that follows your release schedule and service window. You can choose which update types to include in the deployment. For example, you can include critical or security updates and exclude update rollups.

To schedule a new Update Deployment for the VM, select Schedule update deployment at the top of the Update management screen. In the New update deployment screen, specify the following information:

  • Name - Provide a unique name to identify the update deployment.
  • Update classification - Select the types of software the update deployment included in the deployment. The classification types are:
    • Critical and security updates
    • Other updates
  • Updates to Exclude - You can provide a list of package names that should be skipped during the update deployment. Package names support wildcards (such as, *kernal*).

    Update Schedule Settings screen

  • Schedule settings - You can either accept the default date and time, which is 30 minutes after current time, or specify a different time. You can also specify whether the deployment occurs once or set up a recurring schedule. Select the Recurring option under Recurrence to set up a recurring schedule.

    Update Schedule Settings screen

  • Maintenance window (minutes) - Specify the period of time you want the update deployment to occur within. This helps ensure changes are performed within your defined service windows.

After you have completed configuring the schedule, select Create button and you return to the status dashboard. Notice that the Scheduled table shows the deployment schedule you created.

Warning

For updates that require a reboot, the VM is restarted automatically.

View results of an update deployment

After the scheduled deployment starts, you can see the status for that deployment on the Update deployments tab on the Update management screen. If it is currently running, it's status shows as In progress. After it completes, if successful, it changes to Succeeded. If there is a failure with one or more updates in the deployment, the status is Partially failed. Select the completed update deployment to see the dashboard for that update deployment.

Update Deployment status dashboard for specific deployment

In Update results tile is a summary of the total number of updates and deployment results on the VM. In the table to the right is a detailed breakdown of each update and the installation results, which could be one of the following values:

  • Not attempted - the update was not installed because there was insufficient time available based on the maintenance window duration defined.
  • Succeeded - the update succeeded
  • Failed - the update failed

Select All logs to see all log entries that the deployment created.

Select the Output tile to see job stream of the runbook responsible for managing the update deployment on the target VM.

Select Errors to see detailed information about any errors from the deployment.

Monitor changes and inventory

You can collect and view inventory for software, files, Linux daemons, Windows Services, and Windows Registry keys on your computers. Tracking the configurations of your machines can help you pinpoint operational issues across your environment and better understand the state of your machines.

Enable Change and Inventory management

Enable Change and Inventory management for your VM:

  1. On the left-hand side of the screen, select Virtual machines.
  2. From the list, select a VM.
  3. On the VM screen, in the Operations section, select Inventory or Change tracking. The Enable Change Tracking and Inventory screen opens.

Configure the location, Log analytics workspace and Automation account to use and select Enable. If the fields are grayed out, that means another automation solution is enabled for the VM and the same workspace and Automation account must be used. Even though the solutions are separate on the menu, they are the same solution. Enabling one enables both for your VM.

Enable Change and Inventory tracking

After the solution has been enabled, it may take some time while inventory is being collected on the VM before data appears.

Track changes

On your VM, select Change Tracking under OPERATIONS. Select Edit Settings, the Change Tracking page is displayed. Select the type of setting you want to track and then select + Add to configure the settings. The available option Linux is Linux Files

For detailed information on Change Tracking see, Troubleshoot changes on a VM

View inventory

On your VM, select Inventory under OPERATIONS. On the Software tab, there is a table list the software that had been found. The high-level details for each software record are viewable in the table. These details include the software name, version, publisher, last refreshed time.

View inventory

Monitor Activity logs and changes

From the Change tracking page on your VM, select Manage Activity Log Connection. This task opens the Azure Activity log page. Select Connect to connect Change tracking to the Azure activity log for your VM.

With this setting enabled, navigate to the Overview page for your VM and select Stop to stop your VM. When prompted, select Yes to stop the VM. When it is deallocated, select Start to restart your VM.

Stopping and starting a VM logs an event in its activity log. Navigate back to the Change tracking page. Select the Events tab at the bottom of the page. After a while, the events shown in the chart and the table. Each event can be selected to view detailed information on the event.

View changes in the activity log

The chart shows changes that have occurred over time. After you have added an Activity Log connection, the line graph at the top displays Azure Activity Log events. Each row of bar graphs represents a different trackable Change type. These types are Linux daemons, files, and software. The change tab shows the details for the changes shown in the visualization in descending order of time that the change occurred (most recent first).

Advanced monitoring

You can do more advanced monitoring of your VM by using the solutions like Update Management and Change and Inventory provided by Azure Automation.

When you have access to the Log Analytics workspace, you can find the workspace key and workspace identifier by selecting Advanced settings under SETTINGS. Replace <workspace-key> and <workspace-id> with the values for from your Log Analytics workspace and then you can use az vm extension set to add the extension to the VM:

az vm extension set \
  --resource-group myResourceGroupMonitor \
  --vm-name myVM \
  --name OmsAgentForLinux \
  --publisher Microsoft.EnterpriseCloud.Monitoring \
  --version 1.3 \
  --protected-settings '{"workspaceKey": "<workspace-key>"}' \
  --settings '{"workspaceId": "<workspace-id>"}'

After a few minutes, you should see the new VM in the Log Analytics workspace.

Log Analytics

Next steps

In this tutorial, you configured, reviewed, and managed updates for a VM. You learned how to:

  • Enable boot diagnostics on the VM
  • View boot diagnostics
  • View host metrics
  • Enable diagnostics extension on the VM
  • View VM metrics
  • Create alerts based on diagnostic metrics
  • Manage package updates
  • Monitor changes and inventory
  • Set up advanced monitoring

Advance to the next tutorial to learn about Azure Security Center.