Azure Monitor Architektur
Azure-Ressourcen
↓ Metriken + Logs
Azure Monitor
├── Log Analytics Workspace (Logs-Abfragen per KQL)
├── Metrics Explorer (Metriken visualisieren)
├── Alerts (Warnungen bei Schwellenwerten)
├── Workbooks (interaktive Dashboards)
└── Application Insights (App-Performance)
Log Analytics Workspace erstellen
az monitor log-analytics workspace create \
--workspace-name law-firma-prod \
--resource-group rg-firma-prod \
--location germanywestcentral \
--sku PerGB2018 # Pay-per-GB (Standard)
VM Insights aktivieren
# Azure Monitor Agent auf VM installieren
az vm extension set \
--name AzureMonitorWindowsAgent \
--publisher Microsoft.Azure.Monitor \
--vm-name vm-server01 \
--resource-group rg-firma-prod
# Data Collection Rule erstellen (verbindet VM mit Workspace)
az monitor data-collection rule create \
--name dcr-vms \
--resource-group rg-firma-prod \
--location germanywestcentral \
--log-analytics '{"workspaceResourceId": "/subscriptions/.../law-firma-prod"}'
KQL – Kusto Query Language Grundlagen
Log Analytics nutzt KQL für Abfragen:
// Alle Events der letzten 24 Stunden
Event
| where TimeGenerated > ago(24h)
| limit 100
// Windows-Ereignisse – nur Fehler und Warnungen
Event
| where EventLevelName in ("Error", "Warning")
| where TimeGenerated > ago(1h)
| project TimeGenerated, Computer, EventLog, EventLevelName, RenderedDescription
| sort by TimeGenerated desc
// CPU-Auslastung je VM (letzte Stunde)
Perf
| where ObjectName == "Processor"
| where CounterName == "% Processor Time"
| where TimeGenerated > ago(1h)
| summarize avg(CounterValue) by Computer, bin(TimeGenerated, 5m)
| render timechart
// Failed Logon Attempts (Security)
SecurityEvent
| where EventID == 4625
| where TimeGenerated > ago(24h)
| summarize count() by TargetAccount, IpAddress
| sort by count_ desc
// Disk-Auslastung > 90%
Perf
| where CounterName == "% Free Space"
| where CounterValue < 10
| summarize LastValue=max(CounterValue) by Computer, InstanceName
Alerts konfigurieren
# Alert: Hohe CPU-Auslastung
az monitor metrics alert create \
--name alert-high-cpu \
--resource-group rg-firma-prod \
--scopes /subscriptions/<ID>/resourceGroups/rg-firma-prod/providers/Microsoft.Compute/virtualMachines/vm-server01 \
--condition "avg Percentage CPU > 85" \
--window-size 5m \
--evaluation-frequency 1m \
--severity 2 \
--action /subscriptions/<ID>/resourceGroups/rg-firma-prod/providers/microsoft.insights/actionGroups/ag-it-team
# Action Group für E-Mail-Benachrichtigungen
az monitor action-group create \
--name ag-it-team \
--resource-group rg-firma-prod \
--short-name IT-Team \
--action email admin "[email protected]"
Dashboards und Workbooks
Azure Portal → Monitor → Workbooks → New:
Workbooks kombinieren KQL-Abfragen, Metriken und Text in interaktive Dashboards. Ideal für monatliche IT-Reports.
Vorgefertigte Workbooks: VM Insights, Security Center Overview, Cost Management.
Application Insights (App-Performance)
# Application Insights Ressource erstellen
az monitor app-insights component create \
--app appinsights-firma \
--resource-group rg-firma-prod \
--location germanywestcentral \
--workspace /subscriptions/.../law-firma-prod
# Instrumentation Key auslesen
az monitor app-insights component show \
--app appinsights-firma \
--query instrumentationKey -o tsv
In Node.js:
const appInsights = require('applicationinsights')
appInsights.setup('<INSTRUMENTATION_KEY>').start()
Kosten
Log Analytics: ~2,30 €/GB (erste 5 GB/Monat kostenlos).
Alerts: Erste 1.000 Alerts/Monat kostenlos.
FAQ
Wie lange werden Logs in Log Analytics aufbewahrt?
Standard: 30 Tage kostenlos. Erweiterbar bis 730 Tage (~0,12 €/GB/Monat).
Kann ich On-Premises-Server überwachen?
Ja, per Azure Monitor Agent auf On-Premises-Servern (Direct-Gateway oder über Log Analytics Gateway).
Fazit
Azure Monitor + Log Analytics ist das zentrale Überwachungs-Werkzeug für alle Azure-Infrastrukturen. Wer proaktiv warnt spart nachts Notfalleinsätze.
Azure-Monitoring für KMU in Heidelberg, Mannheim und der Rhein-Neckar-Region. Beratung anfragen.