From 1fd1a2f580a828f0e842f12b7d8a404225f2bef3 Mon Sep 17 00:00:00 2001 From: Brian Wren Date: Wed, 18 Sep 2024 17:33:54 -0700 Subject: [PATCH 1/5] Fixes to AgentSettings DCR --- .../agents/azure-monitor-agent-manage.md | 29 +++++++------------ 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/articles/azure-monitor/agents/azure-monitor-agent-manage.md b/articles/azure-monitor/agents/azure-monitor-agent-manage.md index f50ae0dd26..5933e3e636 100644 --- a/articles/azure-monitor/agents/azure-monitor-agent-manage.md +++ b/articles/azure-monitor/agents/azure-monitor-agent-manage.md @@ -358,14 +358,14 @@ N/A ## Configure (Preview) -[Data Collection Rules (DCRs)](../essentials/data-collection-rule-overview.md) serve as a management tool for Azure Monitor Agent (AMA) on your machine. The AgentSettings DCR can be used to configure AMA parameters like `DisQuotaInMb`, ensuring your agent is tailored to your specific monitoring needs. +[Data Collection Rules (DCRs)](../essentials/data-collection-rule-overview.md) serve as a management tool for Azure Monitor Agent (AMA) on your machine. The `AgentSettings` DCR can be used to configure certain AMA parameters to configure the agent to your specific monitoring needs. > [!NOTE] -> Important considerations to keep in mind when working with the AgentSettings DCR: +> Important considerations to keep in mind when working with the `AgentSettings` DCR: > -> * The AgentSettings DCR can only be configured via template deployment. -> * AgentSettings is always it's own DCR and can't be added an existing one. -> * For proper functionality, both the machine and the AgentSettings DCR must be located in the same region. +> * The `AgentSettings` DCR can currently only be configured using ARM templates. +> * `AgentSettings` must be a single DCR with no other settings. +> * The virtual machine and the `AgentSettings` DCR must be located in the same region. ### Supported parameters @@ -373,8 +373,8 @@ The AgentSettings DCR currently supports configuring the following parameters: | Parameter | Description | Valid values | | --------- | ----------- | ----------- | -| `MaxDiskQuotaInMB` | Defines the amount of disk space used by the Azure Monitor Agent log files and cache. | 1000-50000 (in MB) | -| `TimeReceivedForForwardedEvents` | Changes WEF column in the Sentinel WEF table to use TimeReceived instead of TimeGenerated data | 0 or 1 | +| `MaxDiskQuotaInMB` | Defines the amount of disk space used by the Azure Monitor Agent log files and cache. | 1000-100000 (in MB) | +| `UseTimeReceivedForForwardedEvents` | Changes WEF column in the Sentinel WEF table to use TimeReceived instead of TimeGenerated data | 0 or 1 | ### Setting up AgentSettings DCR @@ -384,11 +384,11 @@ Currently not supported. #### [PowerShell](#tab/azure-powershell) -N/A +Currently not supported. #### [Azure CLI](#tab/azure-cli) -N/A +Currently not supported. #### [Resource Manager template](#tab/azure-resource-manager) @@ -447,12 +447,6 @@ N/A "description": "The name of the virtual machine." } }, - "associationName": { - "type": "string", - "metadata": { - "description": "The name of the association." - } - }, "dataCollectionRuleId": { "type": "string", "metadata": { @@ -465,7 +459,7 @@ N/A "type": "Microsoft.Insights/dataCollectionRuleAssociations", "apiVersion": "2021-09-01-preview", "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('vmName'))]", - "name": "[parameters('associationName')]", + "name": "agentSettings", "properties": { "description": "Association of data collection rule. Deleting this association will break the data collection for this virtual machine.", "dataCollectionRuleId": "[parameters('dataCollectionRuleId')]" @@ -485,9 +479,6 @@ N/A "vmName": { "value": "my-azure-vm" }, - "associationName": { - "value": "my-windows-vm-my-dcr" - }, "dataCollectionRuleId": { "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group/providers/microsoft.insights/datacollectionrules/my-dcr" } From 7fc8c7fed4bae1820c2fe55355f6942958899252 Mon Sep 17 00:00:00 2001 From: Brian Wren Date: Fri, 20 Sep 2024 05:48:32 -0700 Subject: [PATCH 2/5] disk quota values --- articles/azure-monitor/agents/azure-monitor-agent-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/azure-monitor/agents/azure-monitor-agent-manage.md b/articles/azure-monitor/agents/azure-monitor-agent-manage.md index 5933e3e636..0ff833a226 100644 --- a/articles/azure-monitor/agents/azure-monitor-agent-manage.md +++ b/articles/azure-monitor/agents/azure-monitor-agent-manage.md @@ -373,7 +373,7 @@ The AgentSettings DCR currently supports configuring the following parameters: | Parameter | Description | Valid values | | --------- | ----------- | ----------- | -| `MaxDiskQuotaInMB` | Defines the amount of disk space used by the Azure Monitor Agent log files and cache. | 1000-100000 (in MB) | +| `MaxDiskQuotaInMB` | Defines the amount of disk space used (in MB) by the Azure Monitor Agent log files and cache. | Linux: 1025-51199
Windows: 4000-51199 | | `UseTimeReceivedForForwardedEvents` | Changes WEF column in the Sentinel WEF table to use TimeReceived instead of TimeGenerated data | 0 or 1 | ### Setting up AgentSettings DCR From 6e713e6fe8d40fb1d3bff7d1b6348ac7bd0d6589 Mon Sep 17 00:00:00 2001 From: Brian Wren Date: Fri, 20 Sep 2024 12:30:07 -0700 Subject: [PATCH 3/5] Learn Editor: Update data-collection-endpoint-overview.md --- .../essentials/data-collection-endpoint-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/azure-monitor/essentials/data-collection-endpoint-overview.md b/articles/azure-monitor/essentials/data-collection-endpoint-overview.md index fd0447590f..f037a81936 100644 --- a/articles/azure-monitor/essentials/data-collection-endpoint-overview.md +++ b/articles/azure-monitor/essentials/data-collection-endpoint-overview.md @@ -15,7 +15,7 @@ ms.reviwer: nikeist A data collection endpoint (DCE) is a connection where data sources send collected data for processing and ingestion into Azure Monitor. This article provides an overview of data collection endpoints and explains how to create and set them up based on your deployment. ## When is a DCE required? -Prior to March 31, 2024, a DCE was required for all data collection scenarios using a DCR that required an endpoint. Any DCR created after this date includes its own endpoints for logs and metrics. The URL for these endpoints can be found in the [`logsIngestion` and `metricsIngestion`](./data-collection-rule-structure.md#endpoints) properties of the DCR. These endpoints can be used instead of a DCE for any direct ingestion scenarios. +Prior to March 31, 2024, a DCE was required for all data collection scenarios using a DCR that required an endpoint. DCRs for supported scenarios created after this date include their own endpoints for logs and metrics. The URL for these endpoints can be found in the [`logsIngestion` and `metricsIngestion`](./data-collection-rule-structure.md#endpoints) properties of the DCR. These endpoints can be used instead of a DCE for any direct ingestion scenarios. Endpoints cannot be added to an existing DCR, but you can keep using any existing DCRs with existing DCEs. If you want to move to a DCR endpoint, then you must create a new DCR to replace the existing one. A DCR with endpoints can also use a DCE. In this case, you can choose whether to use the DCE or the DCR endpoints for each of the clients that use the DCR. From 23609ea3aba2e1122710843e61205ad44b30f8b0 Mon Sep 17 00:00:00 2001 From: Brian Wren Date: Fri, 20 Sep 2024 12:54:22 -0700 Subject: [PATCH 4/5] Learn Editor: Update data-collection-endpoint-overview.md From 526c42270f0d0466d808f1cc9d6a9016454af47a Mon Sep 17 00:00:00 2001 From: Brian Wren Date: Fri, 20 Sep 2024 14:27:34 -0700 Subject: [PATCH 5/5] Container insights legacy authentication --- .../containers/container-insights-authentication.md | 7 ++++--- .../containers/kubernetes-monitoring-enable.md | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/articles/azure-monitor/containers/container-insights-authentication.md b/articles/azure-monitor/containers/container-insights-authentication.md index 5f5724ab8f..5f090e010e 100644 --- a/articles/azure-monitor/containers/container-insights-authentication.md +++ b/articles/azure-monitor/containers/container-insights-authentication.md @@ -1,5 +1,5 @@ --- -title: Configure agent authentication for the Container Insights agent +title: Legacy authentication for Container Insights description: This article describes how to configure authentication for the containerized agent used by Container insights. ms.topic: conceptual ms.custom: devx-track-azurecli @@ -81,8 +81,9 @@ AKS clusters must first disable monitoring and then upgrade to managed identity. --- -## Timeline -Any new clusters being created or being onboarded now default to Managed Identity authentication. However, existing clusters with legacy solution-based authentication are still supported. +## Enable legacy authentication +If you require legacy authentication, see [Enable Container insights](kubernetes-monitoring-enable.md#enable-container-insights) which has examples of different options for enabling Container insights. + ## Next steps If you experience issues when you upgrade the agent, review the [troubleshooting guide](container-insights-troubleshoot.md) for support. diff --git a/articles/azure-monitor/containers/kubernetes-monitoring-enable.md b/articles/azure-monitor/containers/kubernetes-monitoring-enable.md index da0bed6ea8..4132743201 100644 --- a/articles/azure-monitor/containers/kubernetes-monitoring-enable.md +++ b/articles/azure-monitor/containers/kubernetes-monitoring-enable.md @@ -365,6 +365,9 @@ az aks enable-addons --addon monitoring --name --resource-group < ### Use existing Log Analytics workspace az aks enable-addons --addon monitoring --name --resource-group --workspace-resource-id + +### Use legacy authentication +az aks enable-addons --addon monitoring --name --resource-group --workspace-resource-id --enable-msi-auth-for-monitoring false ``` **Example**