The recommended experience to deploy the packs is by using the provided interface. You can also use ARM and Bicep Templates. See section below.
To deploy only packs, click the icon below. The solution must have been deployed before in order to deploy the packs.
The packs are divided into three categories: IaaS, PaaS and Platform. Each pack contains a set of rules and alerts that are deployed to the Log Analytics workspace. The packs also contain Grafana dashboards that are deployed to the Grafana environment.
- IaaS Packs: These packs are designed to monitor VMs and other IaaS resources. They are based on the AMA agent.
- Services Packs: These packs are designed to monitor Azure native services.
The IaaS packs implement monitoring based on the AMA agent. Some packs, like the ADDS pack require the VM Application 'client' to be installed. The client is installed by default in the VMs once targetted by the solution.
This pack leverage the VM Insights rules. It implements the following:
- VMInsights Rule (DCR)
- Alerts (6) - Memory, Disk, Heartbeat, CPU. See details here
- Grafana Dashboards (Windows and Linux)
This pack uses the 'modules/DCRs/dcr-basicWinVM.bicep' bicep template to implement event collection and performance collection rules.
It has around 30 event rule collection items. It also has the following performance counters being collected. See this file for the complete list.
It contains the alerts define in this file.
Note that only the first Virtual SMTP instance has data being collected.
This pack uses the 'modules/DCRs/dcr-basicWinVM.bicep' bicep template to implement event collection and performance collection rules. It has around 50 event rule collection items. It also has the following performance counters being collected. See this file
It contains the alerts define in this file.
This pack contains a single DCR rule that collect Nginx accesslog as well as syslog specific events. It uses the /modules/DCRs/filecollectionSyslogLinux.bicep bicep template.
It implements a single alert regarding nginx service being stopped.
This pack uses the 'modules/DCRs/dcr-basicWinVM.bicep' bicep template to implement event collection and performance collection rules.
It has around 50 event rule collection items. It also has the following performance counters being collected. See this file for the complete list.
It contains the alerts define in this file.
This pack uses the 'modules/DCRs/dcr-basicWinVM.bicep' bicep template to implement event collection and performance collection rules.
TBD
TBD
Storage Account Baseline Alerts
TBD
Azure Load Balancer Baseline Alerts
Application Gateway Baseline Alerts
Automation Accounts Baseline Alerts
DNS Private Zones Baseline Alerts
Each pack is composed of a bicep template that contains the rules and alerts. There is an equivalente ARM template that can be used instead. The ARM template is generated from the bicep template. The ARM template is used by the interface to deploy the packs and, same as bicep template, it can be used to deploy the packs using Azure CLI or PowerShell, in a pipeline for example.