Configuring diagnostic settings on resources

You can also configure diagnostic settings on different Azure resources. There are two types of diagnostic logs available in Azure Monitor:

• Tenant logs: These logs consist of all of the tenant-level services that exist outside of an Azure subscription. An example of this is the Azure Active Directory logs.
• Resource logs: These logs consist of all of the data from the resources that are deployed inside an Azure subscription, for example, virtual machines, storage accounts, and network security groups.

The contents of the resource logs are different for every Azure resource. These logs differ from guest OS-level diagnostic logs. To collect OS-level logs, an agent needs to be installed on the virtual machine. The diagnostic logs don't require an agent to be installed; they can be accessed directly from the Azure portal.

The logs that can be accessed are stored inside a storage account and can be used for auditing or manual inspection purposes. You can specify the retention time in days by using the resource diagnostic settings. You can also stream the logs to event hubs to analyze them in Power BI or insert them into a third-party service. These logs can also be analyzed with Azure Monitor. Then, there will be no need to store them in a storage account first.

Enabling diagnostic settings

To enable the diagnostic settings for resources, perform the following steps:

1. Navigate to the Azure portal by opening https://portal.azure.com.
2. Go to the VM again. Make sure that the VM is running, and in the left-hand menu, under Monitoring, select Diagnostic settings.
3. The Diagnostic Settings blade will open up. You will need to select a storage account where the metrics can be stored.

4. Click on the Enable guest-level monitoring button to update the diagnostic settings for the virtual machine:

5. When the settings are updated, you can go to Metrics in the top menu to set the metrics that are collected. The syslog blade is used for setting the minimum log level.
6. New metrics will be available from the metrics blade after enabling diagnostic logging in Azure Monitor. You can analyze them in the same way that we did earlier in this chapter, in the Metrics section.

In the next section, we're going to look at the Azure Log Analytics service, which is now a part of Azure Monitor as well.