Samuel Ojo

Posted on Jan 8

Deploy and configure Azure Monitor

#azure #architecture #cloud

Azure Monitor Series

Ever wondered how to keep your Azure resources healthy and your applications running smoothly? Azure Monitor is the ultimate observability solution for the cloud. With real-time metrics, logs, and intelligent alerts, Azure Monitor empowers you to detect issues before they impact users and optimize performance effortlessly. In this guide, we’ll walk through how to deploy and configure Azure Monitor step by step, so you can gain full visibility into your cloud environment.

Prepare your bring-your-own-subscription (BYOS)
This set of lab exercises assumes that you have global administrator permissions to an Azure subscription.

[!NOTE] This set of exercises assumes that you choose to deploy in the East US Region, but you can change this to another region if you choose. Just remember that each time you see East US mentioned in these instructions you will need to substitute the region you have chosen.

In the Azure Portal Search Bar, enter Resource Groups and select Resource groups from the list of results.

On the Resource Groups page, select Create.

On the Create a Resource Group page, select your subscription and enter the name rg-alpha. Set the region to East US, choose Review + Create, and then choose Create.

Create App Log Examiners security group
In this exercise, you create an Entra ID security group.

1.In the Azure Portal Search Bar, enter Azure Active Directory (or Entra ID) from the list of results.

2.On the Default Directory page, select Groups.

3.On the Groups page, choose New Group.
4.On the New Group page, provide the values in the following table and choose Create.
Property - Value
Group type - Security
Group name - App Log Examiners
Group description - App Log Examiners

Deploy and configure WS-VM1
In this exercise, you deploy and configure a Windows Server virtual machine.

1.In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results.

2.On the Virtual Machines page, choose Create and select Azure Virtual Machine.

3.On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create.

4.Review the settings and select Create.

5.Wait for the deployment to complete. Once deployment completes choose Go to resource.

6.On the WS-VM1 properties page, choose Networking.
7.On the Networking page, select the RDP rule.
8.On the RDP rule space, change the Source to My IP address and choose Save.

This restricts incoming RDP connections to the IP address you’re currently using.

9.On the Networking page, choose Add inbound port rule.

10.On the Add inbound security rule page, configure the following settings and choose Add.

11.On the WS-VM1 page, choose Connect.

12.Under Native RDP, choose Select.
13.On the Native RDP page, choose Download RDP file and then open the file. Opening the RDP file opens the Remote Desktop Connection dialog box.

14.On the Windows Security dialog box, choose More Choices and then choose Use a different account.
15.Enter the username as .\prime and the password as the secure password you chose in Step 3, and choose OK.

16.When signed into the Windows Server virtual machine, right-click on the Start hint and then choose Windows PowerShell (Admin).

17.At the elevated command prompt, type the following command and press Enter. Install-WindowsFeature Web-Server -IncludeAllSubFeature -IncludeManagementTools

18.When the installation completes run the following command to change to the web server root directory. cd c:\inetpub\wwwroot\

19.Run the following command. Wget https://raw.githubusercontent.com/Azure-Samples/html-docs-hello-world/master/index.html -OutFile index.html

Deploy and configure LX-VM2
In this exercise you deploy and configure a Linux virtual machine.

1.In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results.

2.On the Virtual Machines page, choose Create and select Azure Virtual Machine.

3.On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create.

4.Review the information and choose Create.

5.After the VM deploys, open the VM properties page and choose Extensions + Applications under Settings.

6.Choose Add and select the Network Watcher Agent for Linux. Choose Next and then choose Review and Create. Choose Create.

!Network Watcher Agent for Linux](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jye9v2wnihybvfsmbk8s.png)

[!NOTE] The installation and configuration of the OmsAgentForLinux extension will be performed in Exercise 2 after the Log Analytics workspace is created.

Deploy a web app with an SQL Database
1.Ensure that you’re signed into the Azure Portal.

2.In your browser, open a new browser tab and navigate to https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/web-app-sql-database

3.On the GitHub page, choose Deploy to Azure.

4.A new tab opens. If necessary, re-sign into Azure with the account that has Global Administrator privileges.
5.On the Basics page, select Edit template.

6.In the template editor, delete the contents of lines 158 to 174 inclusive and delete the “,” on line 157. Choose Save.

7.On the Basics page, provide the following information and choose Next.

8.Review the information presented and select Create.

9.After the deployment completes, choose Go to resource group.

Deploy a Linux web app
1.Ensure that you’re signed into the Azure Portal.
2.In your browser, open a new browser tab and navigate to https://learn.microsoft.com/en-us/samples/azure/azure-quickstart-templates/webapp-basic-linux/

3.On the GitHub page, choose Deploy to Azure.

4.On the Basics page, provide the following information and choose Next.

5.Review the information and choose Create.

This marks the end of Prepare your bring-your-own-subscription (BYOS)

Next>>>
Exercise 1: Deploy Log Analytics

Skilling tasks

Create a Log Analytics workspace
Configure Log Analytics data retention and archive policies
Enable access to a Log Analytics workspace

Exercise instructions

Create a Log Analytics workspace

1.In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.

2.On the Log Analytics workspaces page, choose Create.

3.On the Basics page of the Create Log Analytics workspace wizard, provide the following information and choose Review + Create.

4.Review the information and choose Create.

Install and configure the Log Analytics agent on Linux-VM2

1.In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results.
2.On the Virtual Machines page, select Linux-VM2.
3.On the Linux-VM2 page, choose Extensions + Applications under Settings.

4.Choose Add and select the Log Analytics agent for Linux (also known as OmsAgentForLinux). Choose Next.
5.For the Workspace ID and Workspace Key, navigate to LogAnalytics1 > Settings > Agents in a separate browser tab or window.
6.Copy the Workspace ID and Primary Key from the LogAnalytics1 workspace.
7.Return to the Linux-VM2 extension installation page and paste the Workspace ID and Workspace Key. Choose Review and Create, and then choose Create.
8.After the installation completes, on the Linux-VM2 Extensions + Applications page, select the AzureNetworkWatcherExtension.
9.On the extension details page, ensure that Enable automatic upgrade is set to Yes. If not, enable it and choose Save.
10.Return to the Extensions + Applications page and select the OmsAgentForLinux extension.
11.On the extension details page, ensure that Enable automatic upgrade is set to Yes. If not, enable it and choose Save.

[!NOTE] No 4 - 11 is currently not available on Azure Portal, I Could only see Network Watcher Agent for Linux.

Configure Log Analytics data retention and archive policies

1.In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.
2.On the Log Analytics workspaces page, choose LogAnalytics1.

3.On the Log Analytics workspace page for LogAnalytics1, choose Usage and estimated costs.

4.Select Data Retention and set the slider to 60 days. Choose OK.

5.On the Log Analytics workspace page for LogAnalytics1, choose Usage and estimated costs.

6.Select Daily cap. Choose On. Set the daily cap to 10 GB and choose OK.

Enable access to a **Log Analytics workspace**

1.In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.

2.On the Log Analytics workspaces page, choose LogAnalytics1.

3.Select Access control (IAM).

4.Choose Add and then choose Add role assignment.

5.On the list of roles, select Log Analytics Reader and choose Next.

6.On the Members page, choose Select Members and choose the App Log Examiners security group. Choose Select.

7.On the Members space, choose Review + Assign.

Next>>>
Exercise 2: Monitor web apps

Skilling tasks

Enable Application Insights
Disable logging for .NET core snapshot debugger
Configure web app HTTP logs to be written to a Log Analytics workspace
Configure SQL Insights data to be written to a Log Analytics workspace
Enable file and configuration change tracking for web apps

Exercise instructions

Enable Application Insights

4.On the Application Insights page, choose Turn On Application Insights.

5.On the Application Insights page, ensure that Create a new resource is selected and that the Log Analytics Workspace is set to LogAnalytics1 and choose Apply.
6.On the Apply monitoring settings dialog, choose Yes.

Disable logging for .NET core snapshot debugger

1.In the Azure Portal Search Bar, enter rg-alpha and select rg-alpha from the list of results.
2.From the list of items in the resource group, choose App Services for the Web App with an SQL Database.
3.Under Monitoring choose Application Insights**.
4.Under **Instrument your application, choose .NET Core and then set the Snapshot Debugger setting to Off. Choose Apply.
5.On the Apply Monitoring Settings dialog box, choose Yes.

.NET Core settings seem not to be available for the version of Azure Portal

Configure web app HTTP logs to be written to a Log Analytics workspace

4.On the Diagnostic settings page, select + Add diagnostic settings.

5.On the Diagnostic settings page, choose the following and select Save.

Configure SQL Insights data to be written to a Log Analytics workspace

1.In the Azure Portal Search Bar, enter rg-alpha and select rg-alpha from the list of results.
2.From the list of items in the resource group, choose the sample SQL database.
3.Under Monitoring, choose Diagnostic settings.
4.On the Diagnostic settings page, choose Add diagnostic setting.

5.On the Diagnostic setting page, provide the following information and choose Save.

Next>>>

Exercise 3: Monitoring compute and networking services.

Skilling tasks

Create a data collection endpoint
Create a data collection rule
Add an IIS log collection to an existing data collection rule
Configure Network Connection Monitor for a Linux IaaS virtual machine

Exercise instructions

Create a data collection endpoint

1.In the Azure Portal Search Bar, enter Monitor and select Monitor from the list of results.

2.In the Monitor page, under Settings, choose Data Collection Endpoints.
3.On the Data Collection Endpoints page, choose Create.

4.On the Create Data Collection Endpoint page, provide the following settings and then choose Review + Create.

5.Review the settings and choose Create.

Create a data collection rule

1.In the Azure Portal Search Bar, enter Monitor and select Monitor from the list of results.
2.In the Monitor page, under Settings, choose Data Collection Rules.
3.On the Data Collection Rules page, choose Create.

4.On the Create Data Collection Rule page, configure the following settings and choose Next.

5.On the Resources page, choose Add Resources.
6.On the Select a scope page, enable the WS-VM1 checkbox and choose Apply.
7.On the Create Data Collection Rule page, choose Next.

8.On the Collect and Deliver page, choose Add data source.
9.On the Add data source page, select Windows Event Logs. In the Application category enable the Critical and Error categories. In the Security category, choose the Audit Failure category. In the System category, enable the Critical and Error categories.
10.Choose Next.

11.On the Destination page, configure the following settings:

12.Choose Add data source.

13.Choose Review + Create and then choose Create.

Add an IIS log collection to an existing data collection rule

4.Under Configuration, choose Data Sources.
5.On the Data Sources page, choose Add.
6.On the Add Data Source page, select IIS Logs.
7.Choose Next.

8.On the Destination page, configure the following settings:

9.Choose Add data source.

Configure Network Connection Monitor for a Linux IaaS virtual machine

1.In the Azure Portal Search Bar, enter Network Watcher and select Network Watcher from the list of results.

2.Under Monitoring, choose Connection Monitor.
3.On the Connection Monitor page, choose Create.

4.On the Basics page of the Create Connection Monitor wizard, provide the following information and choose Next.

5.On the Add test group details page, enter the name LinuxIPTest and choose Add sources.

6.On the Add Sources page, select Azure Endpoints and set the type to Virtual machines. Select Subnet and then enable the Linux-VM checkbox. Choose Add Endpoints.

7.Choose Add Test Configuration.

8.On the Add Test Configuration page, enter the name DefaultHTTP and then choose Add Test Configuration.

9.Choose Add Destinations. Select Azure Endpoints and set the type to Virtual machines. Select Subnet and then enable the WS-VM1 checkbox. Select Add Endpoints.

10.Choose Add Test Group.

11.Choose Review and Create and then choose Create.

Next>>>

Exercise 4: Configuring alerts

Skilling tasks

Create an action group to send an email
Create an alert for virtual machine CPU utilization

Exercise instructions

Create an action group to send an email

1.In the Azure Portal Search Bar, enter Monitor and select Monitor from the list of results.
2.Select Alerts in the navigation menu.
3.Choose Action Groups.

4.On the Action Groups page, choose Create.

5.On the Basics page of the Create Action Group wizard, configure the following settings and choose Next.

6.On the Notifications page, set the notification type to Email/SMS message/Push/Voice and the Name to NotificationEmail. Choose the Edit (pencil) icon.
7.On the Email/SMS message/Push/Voice enable the email checkbox and enter the address prime@fabrikam.com. Choose OK.

8.Choose Review and Create. Choose Create.

Create an alert for virtual machine CPU utilization

1.In the Azure Portal Search Bar, enter rg-alpha and select rg-alpha from the list of results.
2.From the list of items in the resource group, choose Linux-VM2.
3.On the Linux-VM2 properties page, choose Alerts under Monitoring.
4.On the Alerts page, choose Create and then choose Alert rule.

5.On the Condition page of the Create an Alert Rule wizard, set the Signal name to Percentage CPU. Use the default settings and choose Next.

6.On the Actions page, choose Select Action Group.
7.On the Select Action Groups page, choose NotifyCPU and choose Select.

8.On the Details page enter the Alert rule name HighCPU. Choose Review and Create and then choose Create.

Clean up subscription
To clean up the subscription, delete resource group rg-alpha and delete the App Log Examiners security group.

Conclusion

Azure Monitor isn’t just a tool, it’s your cloud’s command center. By deploying and configuring it properly, you unlock actionable insights, proactive alerts, and performance optimization that keep your applications resilient and your users happy. Ready to take your monitoring game to the next level? Start implementing Azure Monitor today and experience the power of intelligent observability.

Thanks for reading, see you in the next one

DEV Community

Deploy and configure Azure Monitor

Top comments (0)