有没有办法为微软监控代理指定目标日志文件来监听和从代码中获取日志?
Is there a way to specify target log files for microsoft monitoring agent to listen and pick up the logs from code?
我正在考虑使用 Microsoft 监控代理从系统上的日志文件中收集一些日志记录并将它们发送到日志分析工作区。
有没有一种方法可以指定代理将收听的目标文件(自定义日志文件)并将日志直接流式传输到 azure 工作区。
我知道这可以通过 azure 门户在工作区中添加一个额外的数据源来完成(如此 link https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs 指定)。
我正在寻找一种从 c# code/powershell 脚本配置这些数据源的方法。(可能是 api 或我不知道的 sdk)。
添加自定义日志使用 New-AzOperationalInsightsCustomLogDataSource。
这是其他 powershell 命令行开关,可以方便地查询和创建 LogAnalytics 数据源。
get-azoperationalinsightsdatasource
New-AzOperationalInsightsApplicationInsightsDataSource
New-AzOperationalInsightsAzureActivityLogDataSource
New-AzOperationalInsightsComputerGroup
New-AzOperationalInsightsCustomLogDataSource
New-AzOperationalInsightsLinuxPerformanceObjectDataSource
New-AzOperationalInsightsLinuxSyslogDataSource
New-AzOperationalInsightsSavedSearch
New-AzOperationalInsightsStorageInsight
New-AzOperationalInsightsWindowsEventDataSource
New-AzOperationalInsightsWindowsPerformanceCounterDataSource
还可以找到日志分析 Rest API 的 link,它可以很容易地与 C# 代码一起使用。
https://docs.microsoft.com/en-us/rest/api/loganalytics/
https://docs.microsoft.com/en-us/rest/api/loganalytics/datasources/createorupdate
Powershell
要收集的自定义日志
Link : https://docs.microsoft.com/en-us/azure/azure-monitor/platform/powershell-workspace-configuration
$CustomLog = @"
{
"customLogName": "sampleCustomLog1",
"description": "Example custom log datasource",
"inputs": [
{
"location": {
"fileSystemLocations": {
"windowsFileTypeLogPaths": [ "e:\iis5\*.log" ],
"linuxFileTypeLogPaths": [ "/var/logs" ]
}
},
"recordDelimiter": {
"regexDelimiter": {
"pattern": "\n",
"matchIndex": 0,
"matchIndexSpecified": true,
"numberedGroup": null
}
}
}
],
"extractions": [
{
"extractionName": "TimeGenerated",
"extractionType": "DateTime",
"extractionProperties": {
"dateTimeExtraction": {
"regex": null,
"joinStringRegex": null
}
}
}
]
}
"@
# Custom Logs
New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -CustomLogRawJson "$CustomLog" -Name "Example Custom Log Collection"
- ARM 模板
自定义日志的 Arm 模板格式如下。详见linkhttps://docs.microsoft.com/en-us/azure/azure-monitor/platform/template-workspace-configuration
{
"apiVersion": "2015-11-01-preview",
"type": "dataSources",
"name": "[concat(parameters('workspaceName'), parameters('customlogName'))]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"kind": "CustomLog",
"properties": {
"customLogName": "[parameters('customlogName')]",
"description": "this is a description",
"extractions": [
{
"extractionName": "TimeGenerated",
"extractionProperties": {
"dateTimeExtraction": {
"regex": [
{
"matchIndex": 0,
"numberdGroup": null,
"pattern": "((\d{2})|(\d{4}))-([0-1]\d)-(([0-3]\d)|(\d))\s((\d)|([0-1]\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]"
}
]
}
},
"extractionType": "DateTime"
}
],
"inputs": [
{
"location": {
"fileSystemLocations": {
"linuxFileTypeLogPaths": null,
"windowsFileTypeLogPaths": [
"[concat('c:\Windows\Logs\',parameters('customlogName'))]"
]
}
},
"recordDelimiter": {
"regexDelimiter": {
"matchIndex": 0,
"numberdGroup": null,
"pattern": "(^.*((\d{2})|(\d{4}))-([0-1]\d)-(([0-3]\d)|(\d))\s((\d)|([0-1]\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9].*$)"
}
}
}
]
}
}
我正在考虑使用 Microsoft 监控代理从系统上的日志文件中收集一些日志记录并将它们发送到日志分析工作区。 有没有一种方法可以指定代理将收听的目标文件(自定义日志文件)并将日志直接流式传输到 azure 工作区。 我知道这可以通过 azure 门户在工作区中添加一个额外的数据源来完成(如此 link https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs 指定)。 我正在寻找一种从 c# code/powershell 脚本配置这些数据源的方法。(可能是 api 或我不知道的 sdk)。
添加自定义日志使用 New-AzOperationalInsightsCustomLogDataSource。
这是其他 powershell 命令行开关,可以方便地查询和创建 LogAnalytics 数据源。
get-azoperationalinsightsdatasource
New-AzOperationalInsightsApplicationInsightsDataSource
New-AzOperationalInsightsAzureActivityLogDataSource
New-AzOperationalInsightsComputerGroup
New-AzOperationalInsightsCustomLogDataSource
New-AzOperationalInsightsLinuxPerformanceObjectDataSource
New-AzOperationalInsightsLinuxSyslogDataSource
New-AzOperationalInsightsSavedSearch
New-AzOperationalInsightsStorageInsight
New-AzOperationalInsightsWindowsEventDataSource
New-AzOperationalInsightsWindowsPerformanceCounterDataSource
还可以找到日志分析 Rest API 的 link,它可以很容易地与 C# 代码一起使用。
https://docs.microsoft.com/en-us/rest/api/loganalytics/ https://docs.microsoft.com/en-us/rest/api/loganalytics/datasources/createorupdate
Powershell
要收集的自定义日志
Link : https://docs.microsoft.com/en-us/azure/azure-monitor/platform/powershell-workspace-configuration
$CustomLog = @"
{
"customLogName": "sampleCustomLog1",
"description": "Example custom log datasource",
"inputs": [
{
"location": {
"fileSystemLocations": {
"windowsFileTypeLogPaths": [ "e:\iis5\*.log" ],
"linuxFileTypeLogPaths": [ "/var/logs" ]
}
},
"recordDelimiter": {
"regexDelimiter": {
"pattern": "\n",
"matchIndex": 0,
"matchIndexSpecified": true,
"numberedGroup": null
}
}
}
],
"extractions": [
{
"extractionName": "TimeGenerated",
"extractionType": "DateTime",
"extractionProperties": {
"dateTimeExtraction": {
"regex": null,
"joinStringRegex": null
}
}
}
]
}
"@
# Custom Logs
New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -CustomLogRawJson "$CustomLog" -Name "Example Custom Log Collection"
- ARM 模板
自定义日志的 Arm 模板格式如下。详见linkhttps://docs.microsoft.com/en-us/azure/azure-monitor/platform/template-workspace-configuration
{
"apiVersion": "2015-11-01-preview",
"type": "dataSources",
"name": "[concat(parameters('workspaceName'), parameters('customlogName'))]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"kind": "CustomLog",
"properties": {
"customLogName": "[parameters('customlogName')]",
"description": "this is a description",
"extractions": [
{
"extractionName": "TimeGenerated",
"extractionProperties": {
"dateTimeExtraction": {
"regex": [
{
"matchIndex": 0,
"numberdGroup": null,
"pattern": "((\d{2})|(\d{4}))-([0-1]\d)-(([0-3]\d)|(\d))\s((\d)|([0-1]\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]"
}
]
}
},
"extractionType": "DateTime"
}
],
"inputs": [
{
"location": {
"fileSystemLocations": {
"linuxFileTypeLogPaths": null,
"windowsFileTypeLogPaths": [
"[concat('c:\Windows\Logs\',parameters('customlogName'))]"
]
}
},
"recordDelimiter": {
"regexDelimiter": {
"matchIndex": 0,
"numberdGroup": null,
"pattern": "(^.*((\d{2})|(\d{4}))-([0-1]\d)-(([0-3]\d)|(\d))\s((\d)|([0-1]\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9].*$)"
}
}
}
]
}
}