1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Analyzing Resource Utilization on Azure

Enabling Diagnostic Logs Using the Azure Portal

Start course

This course looks into how to capture log data and metrics from Azure services and feed this information into different locations for processing. We take a look at diagnostic logging, which can help to troubleshoot services and create queries and alerts based on that data. We also look into Azure Adviser, cost consumption reporting, and how we can baseline resources. This is an introduction to these advanced areas of Azure services.

Learning Objectives

  • Understand how to use and configure diagnostic logging for Azure services
  • Gain an understanding of Azure Monitor and how to create and manage alerts
  • Review cost consumption reporting and how to create scheduled reports
  • Investigate different methods for baselining resources

Intended Audience

  • People who want to become Azure cloud architects
  • People preparing for Microsoft’s AZ-303 exam


  • General knowledge of Azure services

For more MS Azure-related training content, visit our Microsoft Azure Training Library.


So, in this resource group, we have our prerequisite destinations for the Diagnostic Logs. We will now return to the Jenkins resource group, and take a look at the Jenkins-NSG. This is attached to the Linux machines. If we go down here to Diagnostic Settings, we get an option to turn on to collect data. So we're going to set up one setting per output. In this case, we'll call this Linux NSG DiagStorage Account. So archive to a storage account. Now, we would like to configure the storage account to be AZUREDIAGDEMO. Select okay and then we want to pick these two logs and their retention setting. So this setting applies to the storage account in terms of the retention. 

If we click save for that, and we return back a screen and refresh, we can now see we have this particular setting and the setting there for storage account, with event hub and Log Analytics not selected. So next we can add the event hub. That's optional, and we'll pick the default policy. Give it a name. And now we can see that one and we'll create one more for Log Analytics, which is the easiest. Just pick the workspace, and that's it. Give it a name: LogOMSDiag. So now we have three different policies set up for diagnostic logging for the NSG. So, the next thing we can do is if we go to the monitor, so you can find this in under services and monitor, and diagnostic settings. So, here we can see these are the different objects within that resource group that we can connect diagnostic settings to diagnostic logging, and in this case, we have it connected to one of the NSGs. 

So if we've also wanted to connect the Windows NSG, click on it from there. So we got to that from monitor. Turn on diagnostic settings, and we'll call this AllInOne. We can create one for diagnostic demo. Stream on events hubs, okay. Configure the event hub again...and Log Analytics. There we go, so now we can see we've enabled diagnostic logging for both NSGs. So what we saw in the NSGs were two different log options. So if we go back and look at what the different settings were within here, there's a network security event and network security group rule counter. So, if we look at the other options we have for a different type of resource - so let's choose the Public IP addresses that are attached to these systems. If we go in here and turn on diagnostic settings, we have a different set of logs and we also have metrics. So this wasn't shown in the last one. The metric counters are numeric n-digit numbers that allow us to track and graph things rather than event-based. So, let's turn on one of these so we can get some other information. Just configure all of them.

 And if we return to the monitor, logging settings have been set up for three resources now. These are address specific resource types. So, if you want to enable guest logging for the machines this is the difference of a resource based monitoring and what we're about to do now is guest logs. So, we'll return to the resource group Jenkins. Type in here so we can easily find it. Then we go to the Linux Virtual Machine to start with and we scroll down to diagnostic settings. Enable guest level monitoring. So, we can now see this is a Linux Machine and we're getting different logs which are Linux specific. And if we look at the metrics, we have processor, memory, network, file system, and disk. You can also choose to do custom. So there are additional, more specific counters, if you want to enable those. In this case, we'll just leave it with the basic.

 And additional SYSLOG levels so you can go to higher levels so you get less information. And then there are additional settings here for the storage account that you have chosen to log that information to. So, let's connect the Windows server where we can go look at the information that we’re collecting. So here's the Windows machine and diagnostic settings. Choose enable guest level monitoring. This takes a while so we'll just pause the video and return once it's complete. And here we can see the job completed. So, we can also go and look at custom and basic performance counters and add additional Windows counters to that list. There are additional logs so you can directly click IIS logs, if you have that installed, in different levels as well. It does understand .NET applications. One thing worth noting is if you're having trouble with the log collection you may need to remove and reinstall the agent. So, you can do that from this screen here.


About the Author

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.