Migrating Log Analytics agent (MMA/OMS) to Azure Monitor agent (AMA)
Azure Monitor Agent (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Azure Monitor Agent replaces all of Azure Monitor’s legacy monitoring agents.
Benefits :
To add AMA to any VM’s or VMSS level it’s required to create a DCE (Data Collection Endpoint) & DCR (Data Collection Rule) .
DCE : A data collection endpoint includes components required to ingest data into Azure Monitor and send configuration files to Azure Monitor Agent.
DCR : Azure Monitor data collection is configured using a data collection rule (DCR). A DCR defines the details of a particular data collection scenario including what data should be collected, how to potentially transform that data, and where to send that data. A single DCR can be used with multiple monitored resources, giving you a consistent method to configure a variety of monitoring scenarios.
For More detailed Info about DCE & DCR Plz refer below reference links.
USECASE:
Let’s say your ORG using Log Analytics agents (i.e. Now it’s Legacy platform) are collected the all Linux | windows workloads related logs (i.e. VM Insights , IIS etc..) under VM’s | VMSS ( Virtual machines scale sets). To collect those logs we supposed to installed OMS extension within VMSS.
Now it’s time to migrate that OMS to AMA by following below steps. we can migrate using different automation scripts. Now I can explore you to do using AZURE REST API’s. You can use these API’s you can automate your entire ORG level VMSS within a different subscriptions .
NOTE: I’m using Linux platform (i.e. Ubuntu 20+).
- Go to VMSS make it Instances down to zero.
Note: This step is optional. We need to make this migration with out downgrading instances also. we need to apply below changes VMSS instances level also.
2. Identify the OMS extension name by using Type ( i.e. OmsAgentForLinux) & Publisher (i.e. Microsoft.EnterpriseCloud.Monitoring)
3. Remove the OMS extension by using extension name.
4. Add AMA Extension y using Type ( i.e. AzureMonitorLinuxAgent) & Publisher (i.e. Microsoft.Azure.Monitor)
5. Create a DCE within a Private network.
6. Add a AMPLS (Azure Monitor Private Link Scope) to DCE.
7. Create a DCR with a required data streams with a proper counter specifiers . if you want to enable Service MAP stream with a DependencyAgent extension also.
8. Associate respective DCR into corresponding VMSS or VM’s.
9. Associate respective DCE into corresponding VMSS or VM’s.
10. Scale up your Instances in VMSS level
11. Check the Heartbeat by going into your configured LAW ( Log Analytics Workspace).
If AMA installed means you’ll get Category column value is always Azure Monitor Agent.
Go to your LAW then you can validate the how many Linux workstations are pointed to AMA.
Now you can use the AZURE Monitor service for your Insights & customized dashboards etc.…
NOTE: Best recommendation is maintaining VMSS, LAW, DCE, DCR in same region.
For more information
POSTMAN COLLECTION :
Ref:
- https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
- https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-endpoint-overview?tabs=portal
- https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview
- https://learn.microsoft.com/en-us/rest/api/monitor/data-collection-rules/create?tabs=HTTP
