Today, our clients set up and handle their Azure digital networks at scale. As their variety of community sources grows, the query of how you can keep connectivity and safety amongst their scale of sources arises. This is the place Microsoft Azure Virtual Network Manager is available in—your one-stop store for managing the connectivity and safety of your community sources at scale (presently in preview). And when clients use Azure Virtual Network Manager, in addition they want visibility into what sort of modifications had been made in order that they’ll audit these occasions, analyze these modifications over time, and debug points alongside the way in which. This functionality is now a actuality—Azure Virtual Network Manager occasion logging is now in preview.
Azure Virtual Network Manager (AVNM) makes use of Azure Monitor for telemetry assortment and evaluation like many different Azure providers. AVNM now supplies occasion logs which you can work together with by way of Azure Monitor’s Log Analytics device within the Azure Portal, in addition to by way of a storage account. You may also ship these logs to an occasion hub or accomplice resolution.
With this preview announcement, Azure Virtual Network Manager will present a log class for community group membership change. In the context of AVNM, community teams are outlined by the person to include digital networks. The membership of a community group might be manually supplied (resembling by deciding on VNetA, VNetB, and VNetC to be part of this community group) in addition to conditionally set by way of Azure Policy (resembling by defining that any digital community inside a sure subscription that accommodates some string in its title will likely be added to this community group). The community group membership change log class tracks when a selected digital community is added to or faraway from a community group. This can be utilized to trace community group membership modifications over time, to seize a snapshot of a selected digital community’s community group membership, and extra.
What attributes are a part of this occasion log class?
This community group membership change class emits one log per community group membership change. So, when a digital community is added to or faraway from a community group, a log is emitted correlating to that single addition or elimination for that exact digital community. If you’re taking a look at considered one of these logs out of your storage account, you’ll see a number of attributes:
| Attribute | Description |
| time | Datetime when the occasion was logged. |
| resourceId | Resource ID of the community supervisor. |
| location | Location of the digital community useful resource. |
| operationName | Operation that resulted within the digital community being added or eliminated. Always the “Microsoft.Network/virtualNetworks/networkGroupMembership/write” operation. |
| class | Category of this log. Always “NetworkGroupMembershipChange.” |
| consequenceType | Indicates profitable or failed operation. |
| correlationId | GUID that may assist relate or debug logs. |
| degree | Always “Info.” |
| properties | Collection of properties of the log. |
Within the properties attribute are a number of nested attributes:
| properties attribute | Description |
| Message | Basic success or failure message. |
| MembershipId | Default membership ID of the digital community. |
| GroupMemberships | Collection of what community teams the digital community belongs to. There could also be a number of “NetworkGroupId” and “Sources” listed inside this property since a digital community can belong to a number of community teams concurrently. |
| MemberResourceId | Resource ID of the digital community that was added to or faraway from a community group. |
Within the GroupMemberships attribute are a number of nested attributes:
| GroupMemberships attribute | Description |
| NetworkGroupId | ID of a community group the digital community belongs to. |
| Sources |
Collection of how the digital community is a member of the community group. |
Within the Sources attribute are a number of nested attributes:
| Sources attribute | Description |
| Type | Denotes whether or not the digital community was added manually (“StaticMembership”) or conditionally by way of Azure Policy (“Policy”). |
| StaticMemberId | If the “Type” worth is “StaticMembership,” this property will seem. |
| PolicyAssignmentId | If the “Type” worth is “Policy,” this property will seem. ID of the Azure Policy project that associates the Azure Policy definition to the community group. |
| PolicyDefinitionId | If the “Type” worth is “Policy,” this property will seem. ID of the Azure Policy definition that accommodates the circumstances for the community group’s membership. |
How do I get began?
The first step you’ll have to take is to arrange your Log Analytics workspace or your storage account, relying on the way you need to eat these occasion logs. You ought to observe that when you’re utilizing a storage account or occasion hub, it’s going to should be in the identical area of the community supervisor you’re accessing logs from. If you’re utilizing a Log Analytics workspace, it may be in any area. The community supervisor you’re accessing the logs of received’t have to belong to the identical subscription as your Log Analytics workspace or storage account, however permissions might limit your capacity to entry logs cross-subscription.
Note that not less than one digital community should be added or faraway from a community group in an effort to generate logs. A log will generate for this occasion a pair minutes later.
Accessing Azure Virtual Network Manager’s occasion logs with Log Analytics
The first step is to navigate to your required community supervisor and choose the Diagnostic settings blade below the Monitoring part. Then you’ll be able to choose Add diagnostic setting and choose the choice to ship the logs to your Log Analytics workspace.
Then you’ll be able to navigate to your Log Analytics workspace instantly by way of your community supervisor by deciding on the Logs blade below the Monitoring part.
Alternatively, it’s also possible to navigate to your Log Analytics workspace within the Azure Portal and choose the Logs blade.
From both place, you’ll be able to run your individual queries in your community supervisor’s emitted logs for community group membership modifications, or it’s also possible to run our preloaded queries. Our preloaded queries can fetch the newest community group membership modifications and failed community group membership modifications.
Accessing Azure Virtual Network Manager’s occasion logs with a storage account
The first step is to once more navigate to your required community supervisor and choose the Diagnostic settings blade below the Monitoring part. Then you’ll be able to choose Add diagnostic setting and choose the choice to archive the logs to your storage account.
Then you’ll be able to navigate to your storage account and choose the Storage browser blade.
Select Blob containers. A blob container will likely be routinely generated as soon as community group membership modifications happen.
Navigate down the blob container’s file path till you attain a JSON file for the datetime specified by that file path.
Download the JSON file to view the uncooked logs for the file path’s datetime.
Learn extra about Azure Virtual Network Manager occasion logging
In just some clicks, you’ve arrange your community supervisor to route occasion logs to your Log Analytics workspace or your storage account. Now, you will get visibility into every prevalence of a digital community coming into or leaving a community group. Additional log classes are within the works, and within the meantime, be happy to take a look at our public documentation for extra on Azure Virtual Network Manager.