Log Analytics: How Operational Management Suite keeps customers safe and secure on Azure

Brian Christopher Harrison

November 15th, 20160 0

This is my last post in this series where we have been talking about the Operational Management Suite (OMS) within Azure Government and how it can make customers feel safe & secure. In the previous posts we focused on the Azure Backup, Azure Site Recovery, and Azure Automation services that help make up the suite. Now I want to spend some time and talk about my favorite of the services, which is Log Analytics.

This is not to say that the other three services are not important or exciting, it is just that I feel that Azure Government customers can see much more value from Log Analytics and the information that it can provide. It is also the one service within the suite that will help drive improvements and efficiencies within your systems and applications.

What is it?

So what exactly is the Azure Log Analytics service? In short, it is a shared service within Azure that provides a single dashboard view of search queries that have been performed against multiple types of Log Files that are generated by your Servers, VMs, Appliances, and Applications. The Log Files are generated and sent to an Azure Storage Account where the Cortana Intelligence engine indexes the files and performs any number of search queries against them to provide in-depth knowledge, recommendations, and insights about what is happening within all of the defined resources. The dashboard then displays this data in a meaningful way to the users. NOTE: Just like with the other services within the suite, this functionality will work for both On-Prem and Cloud based resources.

What are these Log Files of which you speak?

Most of you should definitely be aware that Servers, VMs, Appliances, and Applications all produce Log Files of some kind and most of them without us having to do any special configuration. Some of these Log Files are very OS and system specific, such as Event Logs and SysLogs. Some of them are more tied to the overall performance of a given resource, such as Performance Counters. There are also many different types of Logs that are specific to a piece of software or application, like SQL Server and Active Directory. Lastly, your developers are creating Logs that are specific to the applications that they are building.

The Log Analytics engine combines all the data from the Log Files that you configure for collection, please see image below, with Azure specific information that we gather for you automatically and then we make that data available to you in a rich and meaningful way. All you have to pay for is the Log File storage costs. Once you have configured exactly which Log Files are important to you using the Data page within Log Analytics, your Servers and VMs will begin sending these Log Files to an Azure Storage Account that was setup when you created the Log Analytics workspace. These Log Files are sent over using an Agent that gets deployed onto your VMs or Servers. The frequency of which the Agent sends these files is such that the data being transmitted is very small, especially considering that we are compressing the data before it is actually sent thereby reducing any performance requirements on your resources to actually leverage this service.

NOTE: In addition to the logs that are generated by the Servers, VMs, Appliances, and Applications and then sent to the Default Storage Account through the OMS Agent, you also have the ability to specify additional Storage Accounts as connection points for the Log Analytics service. This allows for existing logs that you might already have be made available within the service for analysis and search queries.

What will I learn from Log Analytics?

This is a loaded question, but it is one that every customer has asked me in someway shape or form. Of course, the answer is always going to be “It Depends on what you want to learn”. That being said, the amount of information that we provide you about your Servers and VMs out of the box is huge and very in depth. The information is displayed in topics or groupings based on certain types of queries. These topics can then be clicked on to see more in depth information about that particular topic and what our Log Analytics engine has found based on the queries that are tied to that topic. In the image above, I start by looking at the System Update Assessment solution or topic, which gives me information about Servers or VMs that do not have all of the OS patches and fixes that are required. I then drill down into that topic by simply clicking on the tile within the dashboard. By doing that, I am now able to see not only much more detailed data about my Servers or VMs and which ones are showing as being out date, but I can actually drill down into a specific line item within the displayed blades to get even more detailed information such as a list of exactly which updates are missing. This final area of Log Analytics is the most powerful, as it is the Log Query section which is where you can build your own queries to get data about your Servers and VMs that is most relevant to you, not just what we think is relevant. As you can see in the image above, we provide you with the query that we used to generate our dashboard so that you have a place to start and there is a very rich Query Syntax that you can leverage. Within the Log Query page, you can save your queries and make them available to users as tiles to be displayed within the dashboard or you can save them and make them part of a more complete solution about a completely new topic or category of Log Analysis using the new Solution Designer.

Finally

As I am sure you can imagine, I have only scratched the surface with respect to Log Analytics and the other services that make up OMS. That is especially true with respect to Automation and Log Analytics. However, I hope that you can now see the value of not just the services and suite, but also the value of leveraging Azure Government to help with the operational management of both your On-Prem and Cloud based resources.

Please keep one thing in mind, there is no other Cloud provider out there that has all of these services and certainly no one that has them in such an integrated fashion. Most importantly, there is no one that can that their services work for both On-Prem and Cloud based resources. Microsoft Azure Government can definitely make you feel comfortable that your IaaS based resources are being taken care of and that you have visibility into exactly how. All in all, you should feel safe & secure with Azure Government when leveraging OMS.