監視發佈的 APIMonitor published APIs

您可以使用 Azure 監視器來視覺化、查詢、路由、封存及針對來自 Azure 資源的度量或記錄採取行動。With Azure Monitor, you can visualize, query, route, archive, and take actions on the metrics or logs coming from Azure resources.

在本教學課程中,您了解如何:In this tutorial, you learn how to:

  • 檢視活動記錄View activity logs
  • 檢視診斷記錄View diagnostic logs
  • 檢視 API 的計量View metrics of your API
  • 在 API 收到未經授權的呼叫時,設定警示規則Set up an alert rule when your API gets unauthorized calls

下列影片示範如何使用 Azure 監視器來監視 API 管理。The following video shows how to monitor API Management using Azure Monitor.

必要條件Prerequisites

可用性Availability

重要

這項功能可用於 API 管理的進階標準基本開發人員層。This feature is available in the Premium, Standard, Basic and Developer tiers of API Management.

檢視 API 的計量View metrics of your APIs

API 管理會每分鐘發出計量,讓您近乎即時地了解 API 的狀態和健康情況。API Management emits metrics every minute, giving you near real-time visibility into the state and health of your APIs. 以下是一些可用計量的摘要:Following is a summary of some of the available metrics:

  • 容量 (預覽):協助您決定是否升級/降級 APIM 服務。Capacity (preview): helps you make decisions about upgrading/downgrading your APIM services. 計量每分鐘發出,並反映提出報告時的閘道容量。The metric is emitted per minute and reflects the gateway capacity at the time of reporting. 計量的範圍為 0 到 100,是根據 CPU 和記憶體使用率等閘道資源計算而來。The metric ranges from 0-100 calculated based on gateway resources such as CPU and memory utilization.
  • 閘道要求總數︰該期間內的 API 要求數目。Total Gateway Requests: the number of API requests in the period.
  • 成功的閘道要求︰收到 HTTP 成功回應碼的 API 要求數目,這些回應碼包括 304、307 和任何小於 301 的代碼 (例如 200)。Successful Gateway Requests: the number of API requests that received successful HTTP response codes including 304, 307, and anything smaller than 301 (for example, 200).
  • 失敗的閘道要求︰收到 HTTP 錯誤回應碼的 API 要求數目,這些回應碼包括 400 和任何大於 500 的代碼。Failed Gateway Requests: the number of API requests that received erroneous HTTP response codes including 400, and anything larger than 500.
  • 未經授權閘道器要求︰收到 401、403 和 429 HTTP 回應碼的 API 要求數目。Unauthorized Gateway Requests: the number of API requests that received HTTP response codes including 401, 403, and 429.
  • 其他閘道要求︰所收到的 HTTP 回應碼不屬於上述任何類別 (例如 418) 的 API 要求數目。Other Gateway Requests: the number of API requests that received HTTP response codes that do not belong to any of the preceding categories (for example, 418).

計量圖表

存取計量:To access metrics:

  1. 從靠近頁面底部的功能表中,選取 [計量]。Select Metrics from the menu near the bottom of the page.

    metrics

  2. 從下拉式清單中,選取您想了解的計量。From the drop-down, select metrics you are interested in. 例如,成功的閘道器要求For example, Successful Gateway Requests. 您也可以將更多計量新增至圖表。You can also add more metrics to the chart.

  3. 圖表會顯示成功 API 呼叫的總數。The chart shows the total number of successful API calls.

針對未經授權的要求設定警示規則Set up an alert rule for unauthorized request

您可以進行設定來收到以計量和活動記錄為基礎的警示。You can configure to receive alerts based on metrics and activity logs. Azure 監視器可讓您將警示設定為在觸發時執行下列動作︰Azure Monitor allows you to configure an alert to do the following when it triggers:

  • 傳送電子郵件通知Send an email notification
  • 呼叫 WebhookCall a webhook
  • 叫用 Azure 邏輯應用程式Invoke an Azure Logic App

設定警示:To configure alerts:

  1. 從靠近頁面底部的功能表列中選取 [警示]。Select Alerts from the menu bar near the bottom of the page.

    alerts

  2. 按一下此警示的 [新警示規則]。Click on a New alert rule for this alert.

  3. 按一下 [新增條件]。Click on Add condition.

  4. 在 [訊號類型] 下拉式清單中選取 [計量]。Select Metrics in the Signal type drop down.

  5. 選取 [未經授權的閘道要求] 作為要監視的訊號。Select Unauthorized Gateway Request as the signal to monitor.

    alerts

  6. 在 [設定訊號邏輯] 檢視中,指定應觸發警示的閾值,然後按一下 [完成]。In the Configure signal logic view, specify a threshold after which the alert should be triggered and click Done.

    alerts

  7. 選取現有動作群組或建立新的群組。Select an existing Action Group or create a new one. 在下列範例中,系統會傳送電子郵件給系統管理員。In the example below, an email will be sent to the admins.

    alerts

  8. 提供警示規則的名稱和描述,並選擇嚴重性層級。Provide a name, description of the alert rule and choose the severity level.

  9. 按 [建立警示規則]。Press Create alert rule.

  10. 現在,嘗試呼叫沒有 API 金鑰的會議 API。Now, try to call the Conference API without an API key. 系統會觸發警示並傳送電子郵件送給系統管理員。The alert will be triggered and email will be sent to the admins.

活動記錄Activity Logs

活動記錄可讓您深入了解 API 管理服務上所執行的作業。Activity logs provide insight into the operations that were performed on your API Management services. 您可以使用活動記錄來判斷 API 管理服務上所執行之任何寫入作業 (PUT、POST、DELETE) 的「內容、對象和時間」。Using activity logs, you can determine the "what, who, and when" for any write operations (PUT, POST, DELETE) taken on your API Management services.

注意

活動記錄不會納入讀取 (GET) 作業,也不會納入透過 Azure 入口網站或原始管理 API 所執行的作業。Activity logs do not include read (GET) operations or operations performed in the Azure portal or using the original Management APIs.

您可以在 API 管理服務中存取活動記錄,或在 Azure 監視器中存取所有 Azure 資源的記錄。You can access activity logs in your API Management service, or access logs of all your Azure resources in Azure Monitor.

活動記錄

檢視活動記錄:To view activity logs:

  1. 選取您的 APIM 服務執行個體。Select your APIM service instance.

  2. 按一下 [活動記錄]。Click Activity log.

    活動記錄

  3. 選取所需的篩選範圍,然後按一下 [套用]。Select desired filtering scope and click Apply.

診斷記錄Diagnostic Logs

診斷記錄可提供豐富的作業與錯誤資訊,這些資訊對於稽核和疑難排解用途來說很重要。Diagnostic logs provide rich information about operations and errors that are important for auditing as well as troubleshooting purposes. 診斷記錄與活動記錄不同。Diagnostics logs differ from activity logs. 活動記錄可讓您深入了解 Azure 資源上所執行的作業。Activity logs provide insights into the operations that were performed on your Azure resources. 診斷記錄能讓您了解資源執行的作業。Diagnostics logs provide insight into operations that your resource performed.

若要設定診斷記錄:To configure diagnostic logs:

  1. 選取您的 APIM 服務執行個體。Select your APIM service instance.

  2. 按一下 [診斷設定]。Click Diagnostic settings.

    診斷記錄

  3. 按一下 [開啟診斷]。Click Turn on diagnostics. 您可以將診斷記錄連同計量封存至儲存體帳戶、將其串流至事件中樞,或將其傳送至 Azure 監視器記錄。You can archive diagnostic logs along with metrics to a storage account, stream them to an Event Hub, or send them to Azure Monitor logs.

API 管理目前提供關於個別 API 要求的診斷記錄 (每小時提供一批),且每個要求項目都有下列結構描述︰API Management currently provides diagnostics logs (batched hourly) about individual API request with each entry having the following schema:

{  
    "isRequestSuccess" : "",
    "time": "",
    "operationName": "",
    "category": "",
    "durationMs": ,
    "callerIpAddress": "",
    "correlationId": "",
    "location": "",
    "httpStatusCodeCategory": "",
    "resourceId": "",
    "properties": {   
        "method": "", 
        "url": "", 
        "clientProtocol": "", 
        "responseCode": , 
        "backendMethod": "", 
        "backendUrl": "", 
        "backendResponseCode": ,
        "backendProtocol": "",  
        "requestSize": , 
        "responseSize": , 
        "cache": "", 
        "cacheTime": "", 
        "backendTime": , 
        "clientTime": , 
        "apiId": "",
        "operationId": "", 
        "productId": "", 
        "userId": "", 
        "apimSubscriptionId": "", 
        "backendId": "",
        "lastError": { 
            "elapsed" : "", 
            "source" : "", 
            "scope" : "", 
            "section" : "" ,
            "reason" : "", 
            "message" : ""
        } 
    }      
}  
屬性Property 類型Type 說明Description
isRequestSuccessisRequestSuccess 布林值boolean 如果已完成 HTTP 要求,但回應狀態碼在 2xx 或 3xx 範圍內,則為 trueTrue if the HTTP request completed with response status code within 2xx or 3xx range
timetime date-timedate-time 閘道接收 HTTP 要求的時間戳記Timestamp of receiving the HTTP request by the gateway
operationNameoperationName 字串string 常數值 'Microsoft.ApiManagement/GatewayLogs'Constant value 'Microsoft.ApiManagement/GatewayLogs'
categorycategory 字串string 常數值 'GatewayLogs'Constant value 'GatewayLogs'
durationMsdurationMs integerinteger 從閘道收到要求直到傳入完整回應時的毫秒數Number of milliseconds from the moment gateway received request until the moment response sent in full
callerIpAddresscallerIpAddress 字串string 立即閘道呼叫端的 IP 位址 (可以是中繼項目)IP address of immediate Gateway caller (can be an intermediary)
correlationIdcorrelationId 字串string API 管理所指派的唯一 http 要求識別碼Unique http request identifier assigned by API Management
locationlocation 字串string 處理要求的閘道所在的 Azure 區域名稱Name of the Azure region where the Gateway that processed the request was located
httpStatusCodeCategoryhttpStatusCodeCategory 字串string HTTP 回應狀態碼的類別:成功 (301 或更小或 304 或 307)、未經授權 (401、403、429)、錯誤 (400,介於 500 與 600 之間)、其他Category of http response status code: Successful (301 or less or 304 or 307), Unauthorized (401, 403, 429), Erroneous (400, between 500 and 600), Other
resourceIdresourceId 字串string API 管理資源的識別碼 /SUBSCRIPTIONS/<subscription>/RESOURCEGROUPS/<resource-group>/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/<name>ID of the API Management resource /SUBSCRIPTIONS/<subscription>/RESOURCEGROUPS/<resource-group>/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/<name>
propertiesproperties 物件object 目前要求的屬性Properties of the current request
methodmethod 字串string 連入要求的 HTTP 方法HTTP method of the incoming request
urlurl 字串string 連入要求的 URLURL of the incoming request
clientProtocolclientProtocol 字串string 連入要求的 HTTP 通訊協定版本HTTP protocol version of the incoming request
responseCoderesponseCode integerinteger 傳送至用戶端之 HTTP 回應的狀態碼Status code of the HTTP response sent to a client
backendMethodbackendMethod 字串string 傳送至後端之要求的 HTTP 方法HTTP method of the request sent to a backend
backendUrlbackendUrl 字串string 傳送至後端之要求的 URLURL of the request sent to a backend
backendResponseCodebackendResponseCode integerinteger 從後端接收之 HTTP 回應的代碼Code of the HTTP response received from a backend
backendProtocolbackendProtocol 字串string 傳送至後端之要求的 HTTP 通訊協定版本HTTP protocol version of the request sent to a backend
requestSizerequestSize integerinteger 在要求處理期間從用戶端接收的位元組數目Number of bytes received from a client during request processing
responseSizeresponseSize integerinteger 在要求處理期間傳送至用戶端的位元組數目Number of bytes sent to a client during request processing
cachecache 字串string 要求處理中 API 管理快取參與的狀態 (亦即,命中、錯過、無)Status of API Management cache involvement in request processing (i.e., hit, miss, none)
cacheTimecacheTime integerinteger 整體 API 管理快取 IO (連線、傳送及接收位元組) 所耗費的毫秒數Number of milliseconds spent on overall API Management cache IO (connecting, sending, and receiving bytes)
backendTimebackendTime integerinteger 整體後端 IO (連線、傳送及接收位元組) 所耗費的毫秒數Number of milliseconds spent on overall backend IO (connecting, sending and receiving bytes)
clientTimeclientTime integerinteger 整體用戶端 IO (連線、傳送及接收位元組) 所耗費的毫秒數Number of milliseconds spent on overall client IO (connecting, sending and receiving bytes)
apiIdapiId 字串string 目前要求的 API 實體識別碼API entity identifier for current request
operationIdoperationId 字串string 目前要求的作業實體識別碼Operation entity identifier for current request
productIdproductId 字串string 目前要求的產品實體識別碼Product entity identifier for current request
userIduserId 字串string 目前要求的使用者實體識別碼User entity identifier for current request
apimSubscriptionIdapimSubscriptionId 字串string 目前要求的訂用帳戶實體識別碼Subscription entity identifier for current request
backendIdbackendId 字串string 目前要求的後端實體識別碼Backend entity identifier for current request
LastErrorLastError 物件object 上次要求處理錯誤Last request processing error
elapsedelapsed integerinteger 從閘道收到要求直到發生錯誤時所經過的毫秒數Number of milliseconds elapsed since Gateway received request the moment the error occurred
sourcesource 字串string 導致錯誤的原則或處理內部處理常式名稱Name of the policy or processing internal handler caused the error
scopescope 字串string 包含導致錯誤之原則的原則文件範圍Scope of the policy document containing the policy that caused the error
sectionsection 字串string 包含導致錯誤之原則的原則文件區段Section of the policy document containing the policy that caused the error
reasonreason 字串string 錯誤原因Error reason
messagemessage 字串string 錯誤訊息Error message

後續步驟Next steps

在本教學課程中,您已了解如何:In this tutorial, you learned how to:

  • 檢視活動記錄View activity logs
  • 檢視診斷記錄View diagnostic logs
  • 檢視 API 的計量View metrics of your API
  • 在 API 收到未經授權的呼叫時,設定警示規則Set up an alert rule when your API gets unauthorized calls

前進到下一個教學課程:Advance to the next tutorial: