Forum Discussion

fkh090's avatar
fkh090
Copper Contributor
May 24, 2023

Azure Monitor Agent & Log Analytics Agent. I am confused

Dear Community.

I have the following Questions. Please help to explain.

 

Questions:

1. The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. If you use the Log Analytics agent to ingest data to Azure Monitor, migrate to the new Azure Monitor agent prior to that date. 

  • Does Microsoft recommend migrating to Azure Monitor Agent as soon as possible?

2. You might also see the Log Analytics agent referred to as Microsoft Monitoring Agent (MMA).

  • Does It mean,  Log Analytics agent =  Microsoft Monitoring Agent (MMA)?

3. Windows client installer of the Azure Monitor Agent supports latest Windows machines only that are Azure AD joined or hybrid Azure AD joined. So It can not access Log Analytics Agent directly as Log Analytics agent if we have non-Azure Windows Vms or Physical Windows Clients. Because: The Data Collection rules can only target the Azure AD tenant scope, i.e. all DCRs associated to the tenant (via Monitored Object) will apply to all Windows client machines within that tenant with the agent installed using this client installer. Granular targeting using DCRs is not supported for Windows client devices yet.

 

  • Does It mean that Azure Monitor Object is still not a good idea for a non-Azure Windows Client environment? (ACR excluded) 
  • Does It mean that the logs exported from Windows Client to Log Analytics Workspaces using DCRs - don't use direct Internet access?
  • Is Azure Monitor Agent will work if it runs on my Azure AD Hybrid Joined Windows PCs which don't have a direct Internet connection?

 

4. The Log Analytics gateway supports:

  • Windows computers on which either the Azure Monitor Agent or the legacy Microsoft Monitoring Agent is directly connected to a Log Analytics workspace in Azure Monitor.
  • Both the source and the gateway server must be running the same agent. --- "You can't stream events from a server running Azure Monitor agent through a server running the gateway with the Log Analytics agent." --- I don't understand It.

 

  • Does It mean that Log Analytics Gateway can run only on ACR-enabled servers If there is no installed Log Analytics Agent?
  • Or Log Analytics Gateway can stream the Logs only from Log Analytics Agents Installed Windows Pcs?
  • If yes why then there is a Guide that explains "Configure the Azure Monitor agent to communicate using Log Analytics gateway"?

 

 

4.1. Configure the Azure Monitor agent to communicate using Log Analytics gateway

 

  • Add the configuration endpoint URL to fetch data collection rules to the allowlist for the gateway
  • Add-OMSGatewayAllowedHost -Host global.handler.control.monitor.azure.com
  • Add-OMSGatewayAllowedHost -Host <gateway-server-region-name>.handler.control.monitor.azure.com

 

  • (If using private links on the agent, you must also add the dce endpoints)
  • Add the data ingestion endpoint URL to the allowlist for the gateway

 

  • Add-OMSGatewayAllowedHost -Host <log-analytics-workspace-id>.ods.opinsights.azure.com
  • Restart the OMS Gateway service to apply the changes
    Stop-Service -Name <gateway-name>
    Start-Service -Name <gateway-name>

Should I run the upper commands on Gateway Server?

Bing Chat Says that:

Yes, these commands are for configuring the gateway server where you have installed the Azure Monitor agent1.

Azure Monitor Agent collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Azure Monitor Agent replaces all of Azure Monitor’s legacy monitoring agents2.

  • fkh090 

     

    1) Does Microsoft recommend migrating to Azure Monitor Agent as soon as possible?

    "The Log Analytics agent will be retired on August 31, 2024. After this date, Microsoft will no longer provide any support for the Log Analytics agent. If you're currently using the Log Analytics agent with Azure Monitor or other supported features and services, start planning your migration to Azure Monitor Agent by using the information in this article."

    Migrate from legacy agents to Azure Monitor Agent - Azure Monitor | Microsoft Learn

     

    2) Does It mean, Log Analytics agent = Microsoft Monitoring Agent (MMA)?

    You might also see the Log Analytics agent referred to as Microsoft Monitoring Agent (MMA).

     
    3) Does It mean that Azure Monitor Object is still not a good idea for a non-Azure Windows Client environment? (ACR excluded)
    Data Collection Rules target Azure objects, therefore non-Azure Windows Client are not able to be targetted.
    Does It mean that the logs exported from Windows Client to Log Analytics Workspaces using DCRs - don't use direct Internet access?
    See answer above
    Is Azure Monitor Agent will work if it runs on my Azure AD Hybrid Joined Windows PCs which don't have a direct Internet connection?
    Azure Arc Machines are supported for Data Collection Rules: Data collection rules in Azure Monitor - Azure Monitor | Microsoft Learn
    An internet connectivity (direct or trough a gateway) is required to collect the Logs/Performance.
     
    4) Does It mean that Log Analytics Gateway can run only on ACR-enabled servers If there is no installed Log Analytics Agent?
    Not sure what the ACR enabled server is.
    Or Log Analytics Gateway can stream the Logs only from Log Analytics Agents Installed Windows Pcs?
    The Log Analytics Gateway acts as a proxy. see:
    Connect computers by using the Log Analytics gateway - Azure Monitor | Microsoft Learn
    If yes why then there is a Guide that explains "Configure the Azure Monitor agent to communicate using Log Analytics gateway"?
    • Windows computers on which either the Azure Monitor Agent or the legacy Microsoft Monitoring Agent is directly connected to a Log Analytics workspace in Azure Monitor. Both the source and the gateway server must be running the same agent. You can't stream events from a server running Azure Monitor agent through a server running the gateway with the Log Analytics agent.
    • Linux computers on which either the Azure Monitor Agent or the legacy Log Analytics agent for Linux is directly connected to a Log Analytics workspace in Azure Monitor.
    It's a prerequisite: 
    "An Azure Monitor agent installed with data collection rule(s) configured, or the Log Analytics agent for Windows configured to report to the same workspace as the agents that communicate through the gateway"
    "To configure the Azure Monitor agent (installed on the gateway server) to use the gateway to upload data for Windows or Linux"

     

    4.1. Configure the Azure Monitor agent to communicate using Log Analytics gateway

    Should I run the upper commands on Gateway Server?

    Yes: To configure the Azure Monitor agent (installed on the gateway server) to use the gateway to upload data for Windows or Linux.

Resources