Forum Discussion

Qusai_Ismail's avatar
Qusai_Ismail
Brass Contributor
Jan 09, 2024

Microsoft Monitor Agent offline buffer

Hello,

 

I need to ask about the buffer size and time of the azure monitor agent when it's installed in Linux machine to work as Log collector agent for Microsoft sentinel, regarding the case when internet down and logs need to be buffered before forwarded.

Is there any official document that mention that feature.

 

BR

configuration

1 Reply

  • a-rapsomanikis's avatar
    a-rapsomanikis
    Copper Contributor
    Feb 12, 2025

    Hi Qusai_Ismail,

    Might be a bit late but the AMA currently has a 10GB buffer. The time which the agent can be offline and buffer those logs, relies solely on the Events Per Second that are received. Less events = more time, more events = less time.

    With an estimation of your event size and the events per second, you are able to roughly determine for how long the AMA can handle and outage.

    Additionally, Microsoft is working on a feature to expand the buffer from 10GB to 50GB via an AgentSetting DCR. Unfortunately, it's still in preview and currently not functioning properly.

    You can find the relevant documentation here: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-resource-manager#configure-preview

     

    Kind regards,
    Alexandros

Resources