Module 6 : Monitoring Azure
Écosystème Azure Monitor
+----------------------------------------------------------+
| AZURE MONITOR |
+----------------------------------------------------------+
| |
| Sources de données: |
| +-- Applications (App Insights) |
| +-- Systemes d'exploitation (VM Insights) |
| +-- Ressources Azure (Metrics, Logs) |
| +-- Subscriptions (Activity Log) |
| +-- Tenant (Azure AD Logs) |
| |
| Stockage: |
| +-- Metrics (base temporelle) |
| +-- Logs (Log Analytics Workspace) |
| |
| Actions: |
| +-- Alertes |
| +-- Dashboards |
| +-- Workbooks |
| +-- Autoscale |
| |
+----------------------------------------------------------+
Log Analytics Workspace
Log Analytics est le repository central pour tous les logs Azure :
- Stockage des logs de diagnostic
- Requêtes KQL (Kusto Query Language)
- Retention configurable
- Integration avec les alertes
# Créer un Log Analytics Workspace (PowerShell)
az monitor log-analytics workspace create --workspace-name law-folab-dev --resource-group rg-folab-dev --location westeurope --retention-time 90 --tags Project=FOLAB Env=Dev
# Voir les workspaces existants
az monitor log-analytics workspace list --resource-group rg-folab-dev --output tableVersion Bash (cliquez pour afficher)
# Créer un Log Analytics Workspace
az monitor log-analytics workspace create \
--workspace-name law-folab-dev \
--resource-group rg-folab-dev \
--location westeurope \
--retention-time 90 \
--tags Project=FOLAB Env=Dev
# Voir les workspaces existants
az monitor log-analytics workspace list \
--resource-group rg-folab-dev \
--output tableDiagnostics Settings (PowerShell)
Configurer l'envoi des logs vers Log Analytics :
# Activer les diagnostics sur un Storage Account
az monitor diagnostic-settings create --name "diag-storage" --resource "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Storage/storageAccounts/stfolabdev001" --workspace law-folab-dev --logs '[{\"category\":\"StorageRead\",\"enabled\":true},{\"category\":\"StorageWrite\",\"enabled\":true},{\"category\":\"StorageDelete\",\"enabled\":true}]' --metrics '[{\"category\":\"Transaction\",\"enabled\":true}]'
# Activer les diagnostics sur Synapse
az monitor diagnostic-settings create --name "diag-synapse" --resource "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Synapse/workspaces/syn-folab-dev" --workspace law-folab-dev --logs '[{\"category\":\"SynapseRbacOperations\",\"enabled\":true},{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":true}]'Version Bash (cliquez pour afficher)
# Activer les diagnostics sur un Storage Account
az monitor diagnostic-settings create \
--name "diag-storage" \
--resource "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Storage/storageAccounts/stfolabdev001" \
--workspace law-folab-dev \
--logs '[{"category":"StorageRead","enabled":true},{"category":"StorageWrite","enabled":true},{"category":"StorageDelete","enabled":true}]' \
--metrics '[{"category":"Transaction","enabled":true}]'
# Activer les diagnostics sur Synapse
az monitor diagnostic-settings create \
--name "diag-synapse" \
--resource "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Synapse/workspaces/syn-folab-dev" \
--workspace law-folab-dev \
--logs '[{"category":"SynapseRbacOperations","enabled":true},{"category":"SQLSecurityAuditEvents","enabled":true}]'Requêtes KQL (Kusto)
Exemples de requêtes utiles :
// Activites récentes sur le Resource Group
AzureActivity
| where ResourceGroup == "rg-folab-dev"
| where TimeGenerated > ago(24h)
| project TimeGenerated, OperationName, Caller, ActivityStatus
| order by TimeGenerated desc
| take 50
// Erreurs de stockage
StorageBlobLogs
| where TimeGenerated > ago(1h)
| where StatusCode >= 400
| summarize count() by StatusCode, OperationName
| order by count_ desc
// Requêtes SQL les plus lentes (Synapse)
SynapseSqlPoolExecRequests
| where TimeGenerated > ago(24h)
| where Status == "Completed"
| top 20 by TotalElapsedTimeMs desc
| project TimeGenerated, Command, TotalElapsedTimeMs, RowCount
// Connexions échouées
SigninLogs
| where TimeGenerated > ago(7d)
| where ResultType != 0
| summarize FailedCount=count() by UserPrincipalName, ResultDescription
| order by FailedCount descAlertes (PowerShell)
# Créer une alerte sur une métrique (CPU > 80%)
az monitor metrics alert create --name "alert-high-cpu" --resource-group rg-folab-dev --scopes "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Compute/virtualMachines/vm-folab" --condition "avg Percentage CPU > 80" --window-size 5m --evaluation-frequency 1m --action-group "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Insights/actionGroups/ag-folab-ops"
# Créer un Action Group (notifications)
az monitor action-group create --name ag-folab-ops --resource-group rg-folab-dev --short-name FolabOps --email-receiver name="DataTeam" email="data-team@mycompany.com"Version Bash (cliquez pour afficher)
# Créer une alerte sur une métrique (CPU > 80%)
az monitor metrics alert create \
--name "alert-high-cpu" \
--resource-group rg-folab-dev \
--scopes "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Compute/virtualMachines/vm-folab" \
--condition "avg Percentage CPU > 80" \
--window-size 5m \
--evaluation-frequency 1m \
--action-group "/subscriptions/{sub}/resourceGroups/rg-folab-dev/providers/Microsoft.Insights/actionGroups/ag-folab-ops"
# Créer un Action Group (notifications)
az monitor action-group create \
--name ag-folab-ops \
--resource-group rg-folab-dev \
--short-name FolabOps \
--email-receiver name="DataTeam" email="data-team@mycompany.com"Alertes recommandées
| Ressource | Métrique | Seuil |
|---|---|---|
| Storage | Used Capacity | > 80% |
| Synapse SQL Pool | DWU Used Percent | > 90% |
| Synapse SQL Pool | Connections Failed | > 5 |
| Data Factory | Pipeline Failed Runs | > 0 |
Dashboards et Workbooks (PowerShell)
# Créer un dashboard partage
az portal dashboard create --name "dashboard-folab-ops" --resource-group rg-folab-dev --input-path @dashboard-template.json
# Les Workbooks sont créés via le Portal
# Ils permettent des rapports interactifs avec KQLVersion Bash (cliquez pour afficher)
# Créer un dashboard partage
az portal dashboard create \
--name "dashboard-folab-ops" \
--resource-group rg-folab-dev \
--input-path @dashboard-template.json
# Les Workbooks sont créés via le Portal
# Ils permettent des rapports interactifs avec KQLActivity Log (PowerShell)
L'Activity Log enregistre toutes les opérations de controle :
# Voir les opérations récentes
az monitor activity-log list --resource-group rg-folab-dev --start-time 2025-01-01 --output table
# Filtrer par type d'operation
az monitor activity-log list --resource-group rg-folab-dev --status Failed --output tableVersion Bash (cliquez pour afficher)
# Voir les opérations récentes
az monitor activity-log list \
--resource-group rg-folab-dev \
--start-time 2025-01-01 \
--output table
# Filtrer par type d'operation
az monitor activity-log list \
--resource-group rg-folab-dev \
--status Failed \
--output table
Bonnes pratiques monitoring :
- Un Log Analytics Workspace par environnement
- Activer les diagnostics sur toutes les ressources critiques
- Configurer des alertes proactives
- Définir des retention policies appropriées
- Créer des dashboards pour les opérations quotidiennes