4 min. Read
Windows Control Center (WAC) is a flexible, locally deployed, browser-based management environment and solution. It includes key tools for troubleshooting, configuring, managing, and maintaining Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server and more.
Microsoft announced several Azure integration services Windows Control Center, like Azure backup, Sync Azure files, Azure network adapter, Azure site recovery and more. Check the following document a complete list of Azure integration services.
In this blog post, I’ll show you how to collect events Windows Control Center generates Azure Log Analytics workspace.
The conditions are very simple as follows:
- Make sure you are running Windows Control Center (WAC) version 1809.5 or later.
- Create an Azure Log Analytics workspace. See the following article to see how to create a log analytics workspace in Azure.
- Install Microsoft Monitoring Agent Windows Control Center.
- Collect Windows Control Center event logs.
Once Windows Control Center has been deployed in your environment, you are ready to get started.
Before you can install the Microsoft Monitoring Agent for Windows, you must obtain it workspace ID and key Log Analytics workspace. The Setup Wizard needs this information to properly configure the agent and ensure that it can communicate successfully with Log Analytics.
- Open Azure portal, click All services can be found in the upper left corner. Write in the resource list Log analysis. When you start typing, the list is filtered based on your input. choose Log analysis.
- Select the workspace you created earlier from your Log Analytics workspace list. choose Advanced settings.
- choose Combined sourcesand then select Windows servers. Copy the value Workspace ID and Master key as shown in the following screenshot, you will use them in the next step. In this example, I don’t have any Windows computers connected yet.
Click and on the same steel Download Windows Agent (64-bit).
- Run MMASetup-AMD64.exe Install the agent on the Windows Control Center computer.
- Its Welcome click Next. Its License Terms page, read the license, and then click I. Agree.
- Its Destination folder page, you can change or keep the default installation folder and then click Next.
- Its Agent configuration options page, select Connect the agent to Azure Log Analytics and then click Next.
- Its Azure Log Analytics page, paste Workspace ID and Workspace key (Master key), which you copied from the previous step. If your computer should report to the Azure Government cloud service log analytics workspace, click U.S. Government of Azure from the Azure Cloud drop-down list. In this example we use Azure-mainos.
- If your computer needs to connect to Log Analytics through a proxy server, click Advanced and enter the proxy URL and port number. If your proxy server requires authentication, enter your user name and password to authenticate with the proxy server, and then click Next.
- Its Ready to install page, review your selection, and then click Install.
- Its Microsoft Monitoring Agent cconfiguration successful click Finish.
- After graduation Microsoft Monitoring Agent is displayed control panel. You can verify that the agent is connected to log analytics. Once connected, Azure Log Analytics tab, the agent displays a message stating: The Microsoft Monitoring Agent has connected to Microsoft Log Analytics as shown in the following screenshot.
Now that Windows Dashboard is registered with Microsoft Azure and connected to Azure Log Analytics, you’re ready to collect events from Windows Dashboard. To do this, follow these steps:
- Open Azure portal and scroll to the Log Analytics workspace, select workspace> Advanced settings > Information > Windows event logs.
- More Microsoft-ServerManagementExperience on the channel as shown in the following screenshot.
- Click Save save the configuration at the top of the page.
- When the configuration is saved, click ALRIGHT.
Now that you have enabled data collection, run a simple log search example to see some information Windows Control Center computer.
- Open Azure portal, click All services. Write in the resource list Monitor. When you start typing, the list is filtered based on your input. choose Monitor.
- Its Monitor Overview select from the navigation menu Logs and then select the workspace to which the Windows Control Center is connected.
- In the query field type of the log query box Event and then click Run.
- Collected events are restored in the default table view, and you can see how many records were restored, this includes all event levels, such as Data, Warnings, and Errors. You can filter any column and change the time range.
- For example, the best way to get only the last 10 error events from the last 3 days is to use where and top, which sorts the entire table Windows Control Center on the server side and then return the most important error records according to the following example:
Event | where (EventLevelName == "Error") | where (TimeGenerated > ago(3days)) | top 10 by TimeGenerated
- Last but not least, you can create custom alerts to get notified when something goes wrong. For more information on creating custom alerts, check out next article.
That’s what you have!
In this article, I showed you how to collect events Windows Control Center generates in the Azure Log Analytics workspace for tracking with Azure Monitor, so you can examine the logs collected by Log Analytics by creating a query using Kusto query language, you can also create useful alerts. Learn more about starting surveys at Log analysis, check next article.
I hope Microsoft will look for local servers that are built-in in the future Windows Control Center so we can collect their events in Azure Log Analytics as well.
Thanks for locking my blog.
If you have any questions or feedback, please leave a comment.