Finding Diagnostic Logs for Azure Services

ARM, Azure, Azure Monitor, Azure Operational Insights Preview, Azure Resource Manager, Log Analytics, Log Analytics, Microsoft, Operational Insights 2 Minutes

For the last a couple of years many Azure services has started to produce diagnostic logs and metrics. These two allows you to monitor and troubleshoot the Azure Services. Unfortunately still there are some services that are missing those. To pull diagnostic logs and metrics Azure Monitor has capability called Diagnostic settings which allows you to place them on Azure Storage, Event Hub or Log Analytics. Microsoft has done a good job to document many of diagnostic logs available but still I find some services that haven’t be documented. Luckily there is a way to find what diagnostic logs are available for a service (resource) and this blog post will focus on that.

After some digging I’ve found that there is ARM API call that returns the available diagnostic logs. Keep in mind that the call will only return the diagnostic logs but not the schema for them but once you have the names of those logs you can configure diagnostic settings and send them to Log Analytics or storage account to see what information will be send. From the example below I am looking for the logs available for Recovery Services vault. I use armclient tool but you can use any other tool that can query the ARM API as long as you provide the right web request.

PS C:\WINDOWS\system32> ARMClient.exe get "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourceGroups/asr/providers/Microsoft.RecoveryServices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories?api-version=2017-05-01-preview"
{
  "value": [
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureBackupReport",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureBackupReport",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryJobs",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryJobs",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryEvents",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryEvents",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryReplicatedItems",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryReplicatedItems",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryReplicationStats",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryReplicationStats",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryRecoveryPoints",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryRecoveryPoints",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryReplicationDataUploadRate",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryReplicationDataUploadRate",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    },
    {
      "id": "/subscriptions/3c1c78a4-4064-4522-94c4-e0428165922e/resourcegroups/asr/providers/microsoft.recoveryservices/vaults/stan5/providers/microsoft.insights/diagnosticSettingsCategories/AzureSiteRecoveryProtectedDiskDataChurn",
      "type": "microsoft.insights/diagnosticSettingsCategories",
      "name": "AzureSiteRecoveryProtectedDiskDataChurn",
      "location": null,
      "kind": null,
      "tags": null,
      "properties": {
        "categoryType": "Logs"
      },
      "identity": null
    }
  ]
}
Azure Diagnostic Logs

I hope this small tip was useful for you.

Published by Stanislav Zhelyazkov

Stanislav Zhelyazkov has been working in IT since 2007. Stanislav has started his IT career as a Help Desk Specialist in 2007 while studying Informatics in the University of Ruse. He also worked in HP Enterprise Services (now known as DXC), maintaining large corporate IT infrastructures for clients in Holland, Switzerland and Germany and was involved in a Private Cloud project based on MS Hyper-V and System Center. He was also in the role of Principal Consultant in Lumagate developing and consulting companies on Azure, OMS, management and Private clouds. Currently he is Cloud Infrastructure Engineer at Sentia Denmark. Stanislav is active community member at MSDN forums providing answers on Azure. His blogposts can be found at www.cloudadministrator.net or www.systemcentercentral.com.

Published

One thought on “Finding Diagnostic Logs for Azure Services

  1. Pingback: System Center Aralık 2018 Bülten – Sertaç Topal

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.