Merge pull request #234300 from mbender-ms/avnm-monitor

virtual network manager - New Article Set - Monitoring

Author: JamesJBarnett

articles/virtual-network-manager/TOC.yml

@@ -45,6 +45,10 @@
         href: concept-security-admins.md
       - name: Security admin rule enforcement
         href: concept-enforcement.md
+    - name: Monitoring
+      items:
+    - name: Event Log Options for Azure Virtual Network Manager
+      href: concept-event-logs.md
   - name: Deployments
     href: concept-deployments.md
   - name: Remove or update components
@@ -83,6 +87,10 @@
       href: how-to-configure-cross-tenant-portal.md
     - name: Configure cross-tenant connection - CLI
       href: how-to-configure-cross-tenant-cli.md
+  - name: Monitoring
+    items:
+    - name: Configure Event Logs for Azure Virtual Network Manager
+      href: how-to-configure-event-logs.md
   - name: View applied configurations
     href: how-to-view-applied-configurations.md
   - name: Define dynamic network group membership with Azure Policy

articles/virtual-network-manager/concept-event-logs.md

@@ -0,0 +1,78 @@
+---
+title: Event log options for Azure Virtual Network Manager
+description: This article covers the event log  options for Azure Virtual Network Manager.
+author: mbender-ms
+ms.author: mbender
+ms.topic: conceptual
+ms.service: virtual-network-manager
+ms.date: 04/13/2023
+---
+
+# Event log options for Azure Virtual Network Manager
+
+Azure Virtual Network Manager uses Azure Monitor for data collection and analysis like many other Azure services. Azure Virtual Network Manager provides event logs for each network manager. You can store and view event logs with Azure Monitor’s Log Analytics tool in the Azure portal, and through a storage account. You may also send these logs to an event hub or partner solution. 
+
+## Supported log categories
+
+Azure Virtual Network Manager currently provides the following log categories:
+- Network group membership change 
+    - Track when a particular virtual network’s network group membership is modified. In other words, a log is emitted when a virtual network is added to or removed from a network group. This can be used to trace network group membership changes over time and to capture a snapshot of a particular virtual network’s network group membership.
+
+## Network group membership change attributes 
+
+This category emits one log per network group membership change. So, when a virtual network is added to or removed from a network group, a log is emitted correlating to that single addition or removal for that particular virtual network. The following attributes correspond to the logs that would be sent to your storage account; Log Analytics logs have slightly different attributes. 
+
+| Attribute | Description |
+|-----------|-------------|
+| time | Datetime when the event was logged. |
+| resourceId | Resource ID of the network manager. |
+| location | Location of the virtual network resource. |
+| operationName | Operation that resulted in the VNet being added or removed. Always the Microsoft.Network/virtualNetworks/networkGroupMembership/write operation. |
+| category | Category of this log. Always NetworkGroupMembershipChange. |
+| resultType | Indicates successful or failed operation. |
+| correlationId | GUID that can help relate or debug logs. |
+| level | Always Info. |
+| properties | Collection of properties of the log. |
+
+Within the `properties` attribute are several nested attributes:
+
+| properties attributes | Description |
+|--------------------|-------------|
+| Message | Basic success or failure message. |
+| MembershipId | Default membership ID of the virtual network. |
+| GroupMemberships | Collection of what network groups the virtual network belongs to. There may be multiple `NetworkGroupId` and `Sources` listed within this property since a virtual network can belong to multiple network groups simultaneously. |
+| MemberResourceIds | Resource ID of the virtual network that was added to or removed from a network group. |
+
+Within the `GroupMemberships` attribute are several nested attributes:
+
+| GroupMemberships attributes | Description |
+|-----------------------------|-------------|
+| NetworkGroupId | ID of a network group the virtual network belongs to. |
+| Sources | Collection of how the virtual network is a member of the network group. |
+
+Within the `Sources` attribute are several nested attributes:
+
+| Sources attributes | Description |
+|-------------------|-------------|
+| Type | Denotes whether the virtual network was added manually (StaticMembership) or conditionally via Azure Policy (Policy). |
+| StaticMemberId | If the Type value is StaticMembership, this property appears. |
+| PolicyAssignmentId | If the Type value is Policy, this property appears. ID of the Azure Policy assignment that associates the Azure Policy definition to the network group. |
+| PolicyDefinitionId | If the Type value is Policy, this property appears. ID of the Azure Policy definition that contains the conditions for the network group’s membership. |
+
+## Accessing logs
+
+Depending on how you consume event logs, you need to set up a Log Analytics workspace or a storage account for storing your log events. 
+- Learn to [create a Log Analytics workspace](../azure-monitor/logs/quick-create-workspace.md).
+- Learn to [create a storage account](../storage/common/storage-account-create.md).
+
+When setting up a Log Analytics workspace or a storage account, you need to select a region. If you’re using a storage account, it needs to be in the same region of the virtual network manager you’re accessing logs from. If you’re using a Log Analytics workspace, it can be in any region. 
+
+The network manager accessing the events isn't required to be in the same subscription as the Log Analytics workspace or the storage account used for storage, but permissions may restrict your ability to access logs across different subscriptions. 
+
+> [!NOTE]
+> At least one virtual network must be added or removed from a network group in order to generate logs. A log will generate for this event a couple minutes after network group membership change occurs. 
+
+## Next steps
+- Learn to Configure Create an [Azure Virtual Network Manager](create-virtual-network-manager-portal.md) instance using the Azure portal.
+- Learn more about [network groups](concept-network-groups.md) in Azure Virtual Network Manager.
+

articles/virtual-network-manager/how-to-configure-event-logs.md

@@ -0,0 +1,83 @@
+---
+title: Configure event logs for Azure Virtual Network Manager
+description: This article describes how to configure and view event logs for Azure Virtual Network Manager. This includes how to access event logs in a Log Analytics workspace and a storage account.
+author: mbender-ms
+ms.author: mbender
+ms.topic: how-to
+ms.service: virtual-network-manager
+ms.date: 04/13/2023
+---
+
+# Configure event logs for Azure Virtual Network Manager
+
+When configurations are changed in Azure Virtual Network Manager, this can affect virtual networks that are associated with network groups in your instance. With Azure Monitor, you can monitor Azure Virtual Network Manager for virtual network changes. 
+
+In this article, you learn how to monitor Azure Virtual Network Manager for virtual network changes with Log Analytics or a storage account. 
+
+## Prerequisites
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- A deployed instance of [Azure Virtual Network Manager](./create-virtual-network-manager-portal.md) in your subscription, with managed virtual networks.
+-  You deployed either a [Log Analytics workspace](../azure-monitor/essentials/tutorial-resource-logs.md#create-a-log-analytics-workspace) or a [storage account](../storage/common/storage-account-create.md) to store event logs and observe data related to Azure Virtual Network Manager.
+
+## Configure Diagnostic Settings
+
+Depending on how you consume event logs, you need to set up a Log Analytics workspace or a storage account for storing your log events. These are as storage targets when configuring diagnostic settings for Azure Virtual Network Manager. Once you have configured your diagnostic settings, you can view the event logs in the Log Analytics workspace or storage account.
+
+> [!NOTE]
+> At least one virtual network must be added or removed from a network group in order to generate logs. A log will generate for this event a couple minutes after network group membership change occurs. 
+### Configure event logs with Log Analytics
+
+Log analytics is one option for storing event logs. In this task, you configure your Azure Virtual Network Manager Instance to use a Log Analytics workspace. This task assumes you have already deployed a Log Analytics workspace. If you haven't, see [Create a Log Analytics workspace](../azure-monitor/essentials/tutorial-resource-logs.md#create-a-log-analytics-workspace).
+
+1. Navigate to the network manager you want to obtain the logs of.
+1. Under the **Monitoring** in the left pane, select the **Diagnostic settings**.
+1. Select **+ Add diagnostic setting** and enter a diagnostic setting name.
+1. Under **Logs**, select **Network Group Membership Change**.
+1. Under **Destination details**, select **Send to Log Analytics** and choose your subscription and Log Analytics workspace from the dropdown menus.
+    
+    :::image type="content" source="media/how-to-configure-event-logging/log-analytics-diagnostic-settings.png" alt-text="Screenshot of Diagnostic settings page for setting up Log Analytics workspace.":::
+
+1. Select **Save** and close the window.
+
+### Configure event logs with a storage account
+
+A storage account is another option for storing event logs. In this task, you configure your Azure Virtual Network Manager Instance to use a storage account. This task assumes you have already deployed a storage account. If you haven't, see [Create a storage account](../storage/common/storage-account-create.md).
+
+1. Navigate to the network manager you want to obtain the logs of.
+1. Under the **Monitoring** in the left pane, select the **Diagnostic settings**.
+1. Select **+ Add diagnostic setting** and enter a diagnostic setting name.
+1. Under **Destination details**, select **Send to storage account** and choose your subscription and storage account from the dropdown menus.
+1. Under **Logs**, select **Network Group Membership Change** and enter a retention period.
+
+    :::image type="content" source="media/how-to-configure-event-logging/storage-account-diagnostic-settings.png" alt-text="Screenshot of Diagnostic settings for storage account.":::
+
+1. Select **Save** and close the window.
+
+## View Azure Virtual Network Manager event logs
+
+In this task, you access the event logs for your Azure Virtual Network Manager instance.
+
+1. Under the **Monitoring** in the left pane, select the **Logs**.
+1. In the **Diagnostics** window, select **Run** or **Load to editor** under **Get recent Network Group Membership Changes**.
+
+    :::image type="content" source="media/how-to-configure-event-logging/run-query.png" alt-text="Screenshot of Run and Load to editor buttons in the diagnostics window.":::
+
+1. If you choose **Run**, the **Results** tab displays the event logs, and you can expand each log to view the details.
+
+    :::image type="content" source="media/how-to-configure-event-logging/workspace-log-details.png" alt-text="Screenshot of the event log details from the defined query.":::
+
+1. When completed reviewing the logs, close the window and select **ok** to discard changes.
+ 
+    > [!NOTE]
+    > When you close the **Query editor** window, you will be be returned to the **Azure Home** page. If you need to return to the **Logs** page, browse to your virtual network manager instance, and select **Logs** under the **Monitoring** in the left pane.
+
+1. If you choose **Load to editor**, the **Query editor** window displays the query. Choose **Run** to display the event logs and you can expand each log to view the details.
+
+    :::image type="content" source="media/how-to-configure-event-logging/workspace-log-details.png" alt-text="Screenshot of log details.":::
+1. Close the window and select **ok** to discard changes.
+
+## Next steps
+
+- Learn about [Security admin rules](concept-security-admins.md)
+- Learn how to [Use queries in Azure Monitor Log Analytics](../azure-monitor/logs/queries.md)
+- Learn how to block network traffic with a [SecurityAdmin configuration](how-to-block-network-traffic-portal.md).

articles/virtual-network-manager/index.yml

@@ -94,3 +94,15 @@ landingContent:
         links:
         - text: Hub-spoke network topology in Azure
           url: /azure/architecture/reference-architectures/hybrid-networking/hub-spoke
+
+  # Card
+  - title: Monitoring
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Event Log Options for Azure Virtual Network Manager
+            url: concept-event-logs.md
+      - linkListType: how-to-guide
+        links:
+          - text: Configure Event Logs for Azure Virtual Network Manager
+            url: how-to-configure-event-logs.md