Skip to content

Azure Log Analytics Agent

Jump to bottom
rjbrache edited this page Apr 29, 2021 · 2 revisions

Deploying Log Analytics Agent

Security policies may be in place which require "monitoring" of your Azure VMs. Simply enabling "Auto provisioning" of the Log Analytics Agent via Security Center does not deploy the agent in all scenarios. (See Link for specifics.) Azure Kubernetes Service (AKS) is a prime example as it utilizes scale sets.

Manual deployment (via Azure Portal)

The steps below speak to scale sets but, the steps can be applied when manually deploying to any VM.

  1. Navigate as follows...
    Home > Monitor > Virtual Machines
  2. Under the Get Started "tab", Left Click on the Not Monitored (#) "tab" (just below the listed filters)
  3. Expand the appropriate resource group and Left Click on Enable
    This will bring up an Azure Monitor Insights Onboarding page.
  4. Again, Left Click on Enable
    You'll be asked to select where you'd like to store the collected data.
  5. If you don't have preference, leave the default values. Again, Left Click on Enable
    You'll see a progress message in the upper right corner and a blue action indicator.
    The Azure Monitor Insights Onboarding page will close when completed.
  6. Left Click on Refresh
    When enabling for scale sets (and possibly in other scenarios), you will see Enabling - Need instances upgrade (Why?)

You've now configured the scale set to install the agent but, you need to restart the VMs already running. To restart the VMs...

  1. Search for "scale sets" (no quotes) in the Azure Search bar.
  2. Select Virtual Machine scale sets under the found Services
  3. Left Click on the appropriate node pool
  4. Select Instances from the left hand menu
  5. Check/Select the desired VMs
  6. Select Upgrade then Left Click Yes
    You'll see a progress message in the upper right corner and a blue action indicator.
    When completed you should see Provisioning State as Completed and Latest model as Yes for all VMs.

Other possible deployment options

via Azure Policy
via ARM Template
via Power Shell (Note this PS script requires a Workspace key.)

At the time of this writing, there is no CLI flag/option to enable monitoring of a VM.

Clone this wiki locally