If there’s one thing developers can’t get enough of, it’s tools. Azure, the cloud computing platform from Microsoft, offers over 100 services and tools for building infrastructure and running software apps. Each of these services produces log files in various formats, containing a slew of important details such as service health and status, performance metrics, and resource access requests—everything developers need to monitor Azure and keep their apps running smoothly.
If that wasn’t enough, Azure also includes tools that read log files from other tools. Event Viewer comes standard with every Windows virtual machine, and Azure Kudu deploys websites, letting you view the site’s log files within your web browser. If you need a more low-level tool, AzCopy runs on both Windows and Linux and transfers data between Azure storage and your local disk.
Clearly, Azure is armed to the teeth with tools, but none of them provides the holistic troubleshooting experience you get with a log management tool like SolarWinds® Papertrail™. With Papertrail, you can send all your logs to a central location, pull data from multiple sources, and correlate events across virtual machines to troubleshoot even the trickiest of issues.
In this article, we’ll cover the different types of logs found on Azure, and how you can combine them with your application logs and ship everything to Papertrail for easier log analysis.
Microsoft Azure makes it easy to understand the behavior of your resources through the multitude of log files it emits. While there are numerous types of logs on Azure, the ones you’re most likely to encounter can be divided into two categories: activity logs and diagnostic logs.
Activity logs are generated by the Azure services that control infrastructure. These logs provide the details of the operations performed on certain resources, which are subscription-level events. The kind of operations you’d see recorded in activity logs are “create virtual machine” and “delete network security group”.
Diagnostic logs are emitted by Azure services themselves and include resource internal operation details. For example, Azure Database for MySQL includes a diagnostic log for the slow query log—a log of all SQL statements that take longer than a specific time to complete. Inspecting this log is an easy way to see which SQL statements are experiencing latency issues.
Analyzing these two types of logs gets you a full understanding of the health and status of your infrastructure running on Azure, but not the inner workings of your app. For that, you need to look at application logs.
log4net is a port of the log4j Java logging framework to the .NET runtime. This library is a well-documented logging framework with a wide range of options for writing logs. For example, log4j includes ways to send logs (via logging targets) to Windows Event Log (log4net.Appender.EventLogAppender), email addresses (log4net.Appender.SmtpAppender), and the .NET trace system (log4net.Appender.TraceAppender)—just to name a few.
Nlog is very similar to log4net and even includes some of the same output targets, such as email and Windows Event Log. If you’re not already using one of these two frameworks and are trying to decide which one is right for you, there’s not much to consider. log4net is slightly older than Nlog and thus, is fairly stable and battle-tested, but other than that there’s very little difference between the two.
If your app is writing log files into a directory instead of these logging frameworks, you can use NXLog to watch the log files and send them to Papertrail. NXLog is a log collection tool that monitors log files and forwards them to another destination. We’ll cover all the ways to send logs to Papertrail in the next section.
Sending application logs to Papertrail is relatively straightforward if you’re using either log4net or Nlog; you can simply write your logs to one of the Syslog output targets. For example, to use Nlog to send log messages to your Papertrail account, you need to install the open source Nlog extension, Nlog.Targets.Syslog, and place the NLog.Targets.Syslog.dll file in the same directory as your Nlog.dll and Nlog.config files.
Next, update Nlog.config with a Syslog target and include your Papertrail account details. Here’s an example config file that does just that:
<nlog xmlns="http://nlog-project.org/schemas/NLog.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <extensions> <add assembly="NLog.Targets.Syslog" /> </extensions> <targets> <target name="syslog" type="Syslog"> <messageCreation> <facility>Local7</facility> </messageCreation> <messageSend> <protocol>TCP</protocol> <tcp> <server>logsN.papertrailapp.com</server> <port>XXXXX</port> <tls> <enabled>true</enabled> </tls> </tcp> </messageSend> </target> </targets> <rules> <logger name="*" minLevel="Trace" appendTo="syslog" /> </rules> </nlog>
You also need to update the server and port fields with the corresponding values from your Papertrail system setup page. (Note that the facility value isn’t actually used and should be left as 7.) But other than that, that’s all the changes you need to send your app log to Papertrail using Nlog. No code changes are required. log4net is configured similarly, and you can find more details in the Papertrail knowledge base.
However, if your app and services write their logs to disk and you’re using NXLog to monitor those files, configuration is instead done with the nxlog.conf file. The Papertrail knowledge base gives a detailed explanation of how to set up NXLog for Windows.
For Azure’s diagnostic and activity logs, it’s a bit more complicated. There’s no way to send these logs directly to Papertrail, so you need to use an intermediary service. You can use either Fluentd or Logstash to pull log files out of Azure Event Hub and forward them to Papertrail. To do that, you need to use the Fluentd input plugin for Azure Monitoring or the Logstash input plugin for Azure Event Hubs. Then, once your logs are whizzing their way to Fluentd or Logstash, a syslog output plugin is required to finally forward them to Papertrail.
Analyzing your logs becomes much easier once they’re all collected together. Papertrail accepts logs from multiple sources, storing them in a central place. Unlike Azure, which uses different viewers for different logs, Papertrail provides a single view of your logs, letting you seamlessly correlate events from multiple virtual machines and troubleshoot issues with your apps and services.
Not only does the Papertrail single view allow you to ignore which virtual machine your log came from, but it also abstracts the underlying cloud platform itself. That abstraction is helpful when you’re in a hybrid cloud environment since it allows you to focus on the elements you’re trying to find, not immaterial differences such as where your software is running.
One of the things developers and sysadmins love is the ability to watch logs in real time; when you’re trying to reproduce reported issues, inspecting log messages as they scroll down your screen can help you uncover key insights. Papertrail also supports high-performance live tailing which makes it easy to watch incoming log data and search through both new and existing logs.
In addition to these features, the Papertrail event viewer lets you visualize the flow of log events and streamline analysis by graphing your log data. With log velocity analytics for Azure logging, you can identify trends faster and drill down into the details that truly matter by clicking on events.
When you’re running apps on cloud platforms, collecting detailed logs from every level of the software stack is vital for monitoring your software and fixing issues before they affect your users. Azure provides all the logs you could ever want, and when used with a powerful log aggregation and analysis tool, you can collect deep insights into your Azure-based systems
Papertrail lets you collect both your Azure and app logs into a single place for faster analysis. Add the advanced searching, filtering, and live tail features from SolarWinds Papertrail, and you can quickly diagnose and solve problems wherever they occur.