OMS Log Analytics: Linux systems management

In a world increasingly heterogeneous and constantly evolving IT is essential to have a tool that can handle hybrid IT architectures and distributed between on-premises and cloud systems public providers. Operations Management Suite is the Microsoft solution, supplied directly from the cloud, able to manage not only Windows systems, But even the major Linux distributions. The potential offered by Microsoft Operations Management Suite in cross platform are substantial and make it the ideal tool to manage and monitor heterogeneous environments.

In this article we'll delve into those that are the main aspects of Linux systems management in Log Analytics (OMS).

The agent who can be installed on major Linux distributions, We carry a complete list of supported Linux operating systems to date:

  • Amazon Linux 2012.09 –> 2015.09
  • CentOS Linux 5, 6 and 7
  • Debian GNU/Linux 6, 7 and 8
  • Oracle Linux 5, 6 and 7
  • Red Hat Enterprise Linux Server 5, 6 and 7
  • Suse Linux Enteprise Server 11 and 12
  • Ubuntu 12.04 LTS, 14.04 LTS, 15.04, 15.10, 16.04 LTS
Figure 1 - Supported Linux distributions in OMS

Figure 1 – Supported Linux distributions in OMS

The agent who for Linux systems was structured modularmene based on open source components already widely established in the open source world. The core of the agent OMS uses the well-known aggregator called FluentD for which there are already hundreds of pluging that leave the possibility of extending the types of data to collect.

The installation of the agent who on Linux machines has the following step:

  1. Downloading or transferring the sample installation bundle on Linux machine. The installation bundle you can get it from the official page of the agent who: https://github.com/Microsoft/OMS-Agent-for-Linux
  2. Surrender of executable bundle:

chmod +x ./xxx.sh

  1. Installing the bundle by using the following syntax:

./xxx.sh –Install-w OMS_Workspace_ID -s OMS_Workspace_Key

The ID of the Workspace and the key you can obtain it by accessing the portal OMS in section Settings – Connected Sources:

Figure 2 - ID and Key of the workspace who

Figure 2 – ID and Key of the workspace who

For more details about the different installation options that I invite you to consult full installation guide.

In the event that the Linux virtual machine on which we want to install the agent who is on Microsoft Azure you can very easily using the Azure VM onboarding Extension. After logging in to the portal Azure simply go under "Log Analytics (OMS)" and select the workspace who to attach the system. By accessing the tile "Data Sources – Virtual Machines"you may see the list of virtual machines and selecting the VM specification is possible to connect:

Figure 3 - Onboarding Linux VM Azure in OMS

Figure 3 – Onboarding Linux VM Azure in OMS

For those who would rather deploy a new virtual machine Ubuntu on Azure with the agent who already set up on your workspace OMS is present the Special ARM (Azure Resource Manager) template ready for use. The full list of available templates you can view it by going to the page Azure Quickstart Templates. If there is no template with the desired characteristics you can create it according to your needs. A good starting point to begin creating template ARM is the following Microsoft: Azure Resource Manager authoring templates.

After the installation of the agent who on a Linux system can collect different types of data that I bring you later.

Syslog

OMS allows you to choose which syslog events gather from native instruments present on Linux which rsyslog and syslog-ng. To do this you must log into who and under "Settings – Data"you can add or remove Syslog facilities, with its degree of severity, you want to collect.

Figure 4 - Syslog facilities settings

Figure 4 – Syslog facilities settings

Syslog events on Linux systems can range from kernel log until the application log and the audit log. An important aspect to consider is that in addition to the Linux server many network devices and applications support the forward Syslog events. This allows us then to configure Syslog forwarding to a single collector that has Linux installed and the agent who collects all of these events in the mighty who Log Analytics Platform, Thanks to which you can make specific searches quickly on different data sources.

Figure 5 - Forward Syslog events

Figure 5 – Forward Syslog events

For example, it might be useful to trap specific events from the firewall and against a particular event configuring an alert with its reporting via e-mail.

Performance data

Log Analytics allows us to monitor our systems in detail, making many performance metrics for core components: System, Processor, Memory and Swap space, Process, Logical Disk (File System) and Physical Disk.

Under "Settings – date" who we find settings Portal Linux Performance Counter where you can configure which performance counter collect, How often and optionally you can also apply filters to be collected only for a subset of specific instance selection (all via regular expression). The complete list of the performance counter that you can collect is available in the official documentation in this section.

Log, Docker inventory data and metrics

Increasingly important use of Docker makes it essential to have a tool like who can track where is the container, their status and you always have detailed information about the daemon Docker. You can also collect performance metrics for containers and hosts (CPU, memory, networks and storage). This is possible if you use Docker version 1.8 or higher.

Alert by Nagios or Zabbix

The agent who can also collect alert coming from the main monitor tools for open source platforms like Nagios (version 3 or higher) and ZABBIX (2. x version). The necessary steps to make this type of integration are:

  • Provide the user omsagent Read permission to the NagiosZabbix log;
  • Modify the configuration of the agent by editing the file conf According to the following specifications:
Figure 6 - Configuration for Nagios and Zabbix

Figure 6 – Configuration for Nagios and Zabbix

  • Restart the daemon omsagent to make the changes to the configuration of the agent.

After completing these steps from the portal who will perform searches (Tile "Log Search") using the following queries:

  • * (Type = Alert) SourceSystem = Nagios” to view all alerts from Nagios
  • “* (Type = Alert) SourceSystem = Zabbix” to view all alerts from Zabbix

Performance metrics of Apache and MySQL

During the installation process the agent OMS if it finds on the MySQL Server machine – Mariadb Server or Apache HTTP Server installs a monitor specific provider.

Regarding MySQL this monitor by connecting to the instance provider is able to collect performance statistics. The only additional configuration required to collect this data is setting specific credentials that will be used by the agent OMS to access MySQL/MariaDB.

To allow a who collect data of Apache HTTP Server performance you need to load specific Apache module using the following command:

sudo/opt/microsoft/apache-cimprov/bin/apache_config.sh-c

For more details about the installation of the agent who on your Linux systems I invite you to consult official documentation.

Conclusions

Operations Management Suite provides unique potential today of its kind in the management and monitor of open source systems based environments. Being a solution directly delivered from the cloud, among the many advantages is the constant and rapid extension of the capabilities and potential of.

For more details about the installation of the agent who on your Linux systems I invite you to consult official documentation. I remind you that you can try the OMS for free.

Please follow and like us: