Managing and Monitoring Linux with OMS Microsoft Ignite 2016 11/2/2017 5:38 PM Managing and Monitoring Linux with OMS OPEN312 Alessandro Cardoso Microsoft Secure Infrastructure Architect Asia Pacific, Greater China, India & Japan © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft LINUX https://www.microsoft.com/en-us/openness/default.aspx https://azure.microsoft.com/en-us/blog/ocp-2016-building-on-community-driven-innovation/

Linux drives 29% of all Azure VM Hours Today! Azure is an Open Cloud Bring your own framework! Linux drives 29% of all Azure VM Hours Today! Dozens of .NET & PHP CMS and Web applications Any Framework Any Application RedHat, Ubuntu, SUSE, OpenSUSE, CentOS & Oracle EL + hundreds on VM Depot Via cross-platform & native code approaches Any Device or Operating System Any Data

What if you could? Transform the way you manage IT Respond proactively to business needs Achieve true management anywhere Standardized, automated processes and configurations Fast, cost-effective innovation with developer empowerment Maintain a simple unified management view with control

Operations Management Suite (OMS) Here comes Operations Management Suite (OMS)

What is in OMS? Log analytics (Operational Insights) Microsoft Ignite 2015 11/2/2017 5:38 PM What is in OMS? Log analytics (Operational Insights) Backup & Recovery (Azure Backup & ASR) IT Automation (Azure Automation) Security & Compliance (Operational Insights) Effortless log collection Integrated fast search and queries with custom dashboard Integrated cloud backup Seamless disaster recovery and workload migration Hybrid runbook worker Graphical workbook authoring and automation DSC Malware assessment Security posture and system update assessment With OMS capabilities customers can… Spot problems fast Protect data easily Automate tasks quick Recognize threat early extending System Center capabilities, as an all-in-one management solution! © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Fast Implementation, Extensible, Dashboards Speed Setup within minutes Search billions of records Evolving daily Open and Flexible Connects to existing tools API, API, API Fast Implementation, Extensible, Dashboards Simple Built into Azure platform Reduced management infrastructure Cohesive solutions

Private clouds (Azure Stack, Hyper-V, VMware, OpenStack) Operations Management Suite Simplified guest and workload management anywhere in any platform Operations Management Suite Azure Windows Server (VM) Linux (VM) Amazon Web Services Windows Server (VM) Linux (VM) Private clouds (Azure Stack, Hyper-V, VMware, OpenStack) Window Server (VM) Linux (VM)

Many Services, One Dashboard

11/2/2017 Solution Offers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 11/2/2017 Monitoring Linux Workloads © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Collect and manage data from Linux computers Collect and act on Linux-generated data. Adding data collected from Linux to the OMS allows to manage hybrid IT environment. This can help you view all your management data in a single management portal, reducing the need to monitor it using many different systems. Currently, you can collect the following types of data from Linux computers: Performance metrics Syslog events Alerts from Nagios and Zabbix Docker container performance metrics, inventory and logs Supported Linux versions Amazon Linux 2012.09 – 2015.09 (x86/x64) CentOS 5, 6 and 7 (x86/x64) Debian GNU/Linux 6, 7, 8 (x86/x64) Oracle Linux 5, 6 and 7 (x86/x64) Red Hat Enterprise Linux Server 5, 6 and 7 (x86/x64) SUSE Linux Enterprise Server 11, and 12 (x86/x64) Ubuntu Server 12.04 LTS & 14.04 LTS (x86/x64 https://technet.microsoft.com/en-us/library/mt622052.aspx

Windows Server Management Marketing OMS Workspace And Onboarding your Linux Azure VM into OMS Windows Server Management Marketing 11/2/2017 DEMO © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 11/2/2017 Accessing the Linux data © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitoring the Server Is there a Heart beat? Syslog omsagent Linux Server Syslog omsagent Perf and Syslog OS Performance What’s changed

Monitoring the Stack – LAMP Is the process up? Linux Server Apache HTTP Server Apache OMI omsagent What’s the Perf statsd PHP, Perl, or Python MySQL Server MySQL OMI App Logs

MongoDB – App Process Linux Server Linux Server mongostat MongoDB exec omsagent MongoDB cmds Perf In_tail MongoDB Logs Logs

Real World Example Customer X “We have a number of Linux Proxy Servers running Squid and we need a centralized tool that can not only monitor our Windows Servers but our Linux and the services on top of it. Currently there is no Squid Proxy extension on OMS.” How can I monitor workloads running on Linux? Customers are running not only Windows applications and services but a number of Linux Servers with apps and services that also requires monitoring

Windows Server Management Marketing 11/2/2017 Extending Monitoring © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Different Ways to Connect 11/2/2017 Windows agents Log Analytics SCOM OMS Custom View Log Search Linux / FluentD Monitor REST Collection API  Alerts a sample list of log/metrics that OMS collects: Custom Application/Infra logs Windows event logs Window performance counters Security Event Logs IIS Logs ETW logs Azure Diagnostics Wire Data Firewall Logs Linux Syslog Linux system metrics JSON doc O365 Activity Events SaaS services O365 Azure Storage / Azure Diagnostics OMS Workspace Event Hub Log Stash Different Ways to Connect © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitoring SQUID

Windows Server Management Marketing 11/2/2017 How did I get to OMS to monitor Squid? Well, …. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

1. Finding the Regular Expression By investigating the squid log on /var/log/squid/access.log you will find something like the below: 1479696836.902    134 10.1.1.4 TCP_MISS/301 488 open http://cnn.com/ – HIER_DIRECT/151.101.0.73 – 1479696848.110    242 10.1.1.4 TCP_MISS/400 486 open http://www.sydney.com/ – HIER_DIRECT/54.253.253.77 text/html 1479696860.004    407 10.1.1.4 TCP_MISS/301 636 open http://www.7news.com.au/ – HIER_DIRECT/203.84.217.229 text/html  REGEX =/(?<eventtime>(\d+))\.\d+\s+(?<duration>(\d+))\s+(?<sourceip>(\d+\.\d+\.\d+\.\d+))\s+(?<cache>(\w+))\/(?<status>(\d+))\s+(?<bytes>(\d+)\s+)(?<response>(\w+)\s+)(?<url>([^\s]+))\s+(?<user>(\w+|\-))\s+(?<method>(\S+.\S+))/

2. Coding … def parse(line) To parse the Squid access.log I wrote a small piece of code in Ruby on Rails: … def parse(line) begin REGEX.match(line) { |match| data[‘Host’] = OMS::Common.get_hostname data[‘Duration’] = match[‘duration’].to_i() data[‘SourceIP’] = match[‘sourceip’] data[‘cache’] = match[‘cache’] data[‘bytes’] = match[‘bytes’].to_i()

Microsoft Ignite 2016 11/2/2017 5:38 PM 3. Config Create a squid.conf for OMS passing the path for the log to the SquidLogParser and tagging it as oms.api.Squid. By doing this, you will end up with a number of custom fields in OMS for the LOG TYPE Squid_CL © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Speaker name Microsoft Ignite 2016 11/2/2017 5:38 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Apendix Speaker name Microsoft Ignite 2016 11/2/2017 5:38 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Operations Management Suite Simplified guest and workload management anywhere Many more to come…. Operations Management Suite Deliver IT insights Log analytics Fast integrated search Custom dashboard Champion security and compliance Malware assessment Security posture System update assessment Improve operational efficiency Workflow & DSC Graphical & PowerShell authoring Protect and extend your datacenter Backup Disaster recovery Migration

11/2/2017 Solution Offers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Log Analytics Linux extension in Azure Feature description Inclusive of Windows virtual machines running in Azure, Linux virtual machines can also enable OMS Log Analytics to import its machine data via Azure portal without accessing the machine itself. This will easily enable existing and newly created virtual machines to onboard on OMS Log Analytics.

App for Windows Phone, iOS, and Android Management anywhere, anytime Stay on top of your on-premises and cloud infrastructure from anywhere, anytime with the Microsoft Operations Management suite mobile app for Windows Phone, iOS, and Android. Gain 360° view of all your workloads and servers on the go. http://www.microsoft.com/en-us/server-cloud/operations-management-suite/mobile-apps.aspx

Connecting your Linux Azure VM

Continue your Ignite learning path 11/2/2017 5:38 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/ Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/ Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Thank you Chat with me in the Speaker Lounge 11/2/2017 5:38 PM Thank you Chat with me in the Speaker Lounge © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.