AZ-305 Logging, log routing, and monitoring solutions

Azure Recommendations for Logging and Monitoring Solutions

Below are the recommended Azure solutions for the three key areas: logging, log routing, and monitoring, as aligned with the AZ-305 exam objectives.

1. Recommend a Logging Solution

Azure Monitor Logs and Log Analytics Workspace

• Azure Monitor Logs is the primary logging solution in Azure, providing a unified platform for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments¹²³.
• Log Analytics Workspace is the central repository where log data is stored and queried. It supports advanced querying, alerting, and visualization of logs from various Azure resources²¹.
• Diagnostic Settings are configured on each Azure resource to specify which logs and metrics are collected and where they are sent (e.g., Log Analytics, Storage, Event Hubs)⁴³.

Best Practices:

• Use Log Analytics workspaces to centralize log data for analysis and compliance.
• For large or multi-tenant environments, choose between distributed, centralized, or hybrid workspace architectures based on your operational, compliance, and performance needs².

2. Recommend a Solution for Routing Logs

Diagnostic Settings for Log Routing

• Diagnostic settings allow you to route platform logs and metrics from Azure resources to one or more destinations:
  • Log Analytics Workspace: For querying and analysis.
  • Azure Storage Account: For long-term archival.
  • Azure Event Hubs: For integration with external SIEMs or third-party tools.
  • Partner Solutions: For specialized monitoring integrations⁴³.

Recommendations:

• The default and recommended approach is to route resource logs to Azure Monitor Logs (Log Analytics workspace) for unified querying and alerting³.
• Use Azure Private Link to route logs securely over the Microsoft backbone network, especially for sensitive environments⁵.
• For multi-tenant or managed service scenarios, use Azure Lighthouse or guest user access to manage log routing across tenants².
• Use Azure Policy to automate the deployment of diagnostic settings at scale⁵.

3. Recommend a Monitoring Solution

Azure Monitor and Integrated Services

• Azure Monitor is the comprehensive monitoring platform in Azure, offering data collection, analysis, visualization, and alerting for all Azure resources¹⁶.
• Key Components:
  • Metrics: Real-time performance data.
  • Logs: Activity and diagnostic logs.
  • Alerts: Automated notifications based on defined thresholds or log queries.
  • Workbooks & Dashboards: Custom visualizations for insights.
  • Integration: With Azure Security Center (Defender for Cloud) for security monitoring, and Azure Sentinel for SIEM capabilities¹.

Best Practices:

• Set up baseline metrics and thresholds for proactive monitoring⁶.
• Use alert management strategies to avoid alert fatigue and prioritize critical issues⁶⁷.
• Regularly review and refine monitoring configurations to align with evolving operational requirements⁶.
• For VM monitoring, use Azure Monitor Agent (AMA) and VM Insights for granular data collection and visualization⁵.
• Use data collection rules to control what data is collected and optimize costs⁵.

Summary Table

These recommendations align with Microsoft best practices and are directly relevant to the AZ-305 exam objectives²⁴¹⁵.

Summarised with Perplexity.