How to install Diagnostic Extension on an multiple Azure IaaS VMs automatically once the VMs are provisioned and running

0
votes

My customer needs to send Windows Event Log Diagnostic Data and perfmon logs to Azure Event Hub from Azure Diagnostic Data as only Azure Diagnostic Extension can send data to Event Hubs . I saw that there is a Policy that one can create in Azure which is "Enable Azure Monitor for VMs" which is in Preview. The link for the same is https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-enable-at-scale-policy?toc=/azure/governance/policy/toc.json&bc=/azure/governance/policy/breadcrumb/toc.json

But i don't see any policy that would install this Diagnostic Extension. So is there any way that i can install this extension on an already existing VM ? I know for installing extension in a new VM you can specify it in the ARM template when you are declaring the VM definition. But what about already running VMs, where this extension is missing. Looking forward for some help on this.

1
azure-eventhubazure-monitoringazure-policy
Isn't this configurable on the portal like adding an EH sink for diagnostics?Serkant Karaca
So if i go to Azure Monitor-->Activity Log-->Diagnostic Settings --> Add Diagnostic Setting and then choose stream to an Event Hub, will it be applicable to all VMs in that particular subscription? Also, is there any way i can exclude any VM or Resource Group in that subscription or that is not possible at all.ThanksPallab
As far as I knew, we cannot directly configure it on all Azure VMs via Azure Portal. We need to configure it one by one via Azure Portal. Besides, we also can implement it via Azure PowerShell. For more details, please refer to docs.microsoft.com/en-us/azure/virtual-machines/extensions/…Jim Xu

1 Answers

0
votes

There is an policy that will audit those that do not. (https://github.com/Azure/azure-policy/tree/master/samples/Monitoring/event-hub-diagnostic-logs-audit) If you want to change existing VMs, you will need to create a deployifnotexist policy.