Skip to main content

Integrations

Troubleshooting On-Premises PCE Support for Sentinel

Use the information in the following topics to troubleshoot On-Premises PCE support for Sentinel.

Troubleshooting Linux or Windows Virtual Machines

Use the following information to troubleshoot Linux or Windows VMs.

Check the Health of the Agents Sending Data to Your Workspace

Run this query to list the VMs that haven't reported a heartbeat in the last five minutes:

Heartbeat
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer, _ResourceId
| where LastCall < ago(5m)

Check the Data Recorder Association with a Virtual Machine

Note

This procedure applies to a Linux VM.

Navigate to /etc/microsoft/azuremonitoragent/config-cache/configchunks.
If the data collection rule has been associated correctly, there will be a .json file in the directory.

After the contents are categorized, the output will contain:

{"dataSources":[{"configuration":{"facilityNames":["local5","local6","local7"],"logLevels":["Info","Notice","Warning","Error","Critical","Alert","Emergency"]},"id":"sysLogsDataSource--1469397783","kind":"syslog","streams":[{"stream":"LINUX_SYSLOGS_BLOB","solution":"LogManagement"}],"sendToChannels":["ods-153035ad-fede-495a-b6c2-6d4308689f79"]}],"channels":[{"endpoint":"https://153035ad-fede-495a-b6c2-6d4308689f79.ods.opinsights.azure.com","tokenEndpointUri":"https://illumiodce1-515u.westus2-1.handler.control.monitor.azure.com/subscriptions/427ec20a-816a-4a2a-9b28-61b13053bc83/resourceGroups/ashwin.venkatesha-rg/providers/Microsoft.Compute/virtualMachines/ashwin-azure-ama-onprem/agentConfigurations/dcr-438cd9d794af4d34be6c6c9a19f5367b/channels/ods-153035ad-fede-495a-b6c2-6d4308689f79/issueIngestionToken?operatingLocation=westus2&platform=linux&includeMeConfig=true&api-version=2022-06-02","id":"ods-153035ad-fede-495a-b6c2-6d4308689f79","protocol":"ods"}]}

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.