Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft EdgeMore info about Internet Explorer and Microsoft Edge
Table of contentsExit editor mode

Monitor Azure Cache for Redis using diagnostic settings

  • Applies to: ✅ Azure Cache for Redis
Feedback

In this article

Important

Azure Cache for Redis announced its retirement timeline for all SKUs. We recommend moving your existing Azure Cache for Redis instances toAzure Managed Redis as soon as you can.

For more details about the retirement:

Azure Cache for Redis offers two monitoring options inDiagnostic settings:

  • Cache metrics log Azure Monitor metrics about cache operations.
  • Connection logs log connections to the cache. Azure captures these logs, also calleddata plane logs, per request. The contents of the connection logs vary by resource type.

For an overview of Azure Monitor monitoring and logging functionality, seeDiagnostic settings in Azure Monitor.

Scope of availability

TierBasic, Standard, and PremiumEnterprise and Enterprise Flash
Cache metricsYesYes
Connection logsYesYes

Cache metrics

Azure Redis emits many useful metrics, such asServer Load andConnections per Second. For a complete listing of Azure Redis metrics, seeMetrics.

To log cache metrics, enable theAllMetrics option in your cacheDiagnostic settings according to the instructions for your tier. You can configure how long metrics are retained. For more information about logging and exporting metrics, seeAzure Cache for Redis metrics.

Connection logs

Azure Cache for Redis uses Azure diagnostic settings to log client connection information about your cache. Logging and analyzing this information in diagnostic settings helps you understand who connects to your cache and when. You can use the log data for security auditing purposes, or to identify the scope of security issues.

Note

You can always use the redis-cliINFO orCLIENT LIST commands to check who is connected to a cache instance on-demand.

The connection log implementation and the logs produced are similar among Azure Redis tiers, but Basic, Standard, and Premium tiers have some differences from Enterprise and Enterprise Flash tiers.

Important

  • In the Basic, Standard, and Premium tiers, connection loggingpolls the current client connections in the cache. The same client IP addresses can appear repeatedly as long as their connections last.
  • In the Enterprise and Enterprise Flash tiers, logging focuses on connectionevents. Logging only occurs when the connection event or other connection-related event first happens.

Requirements and limitations

Basic, Standard, and Premium-tier caches poll client connections by IP address, including the number of connections originating from each unique IP address. These logs aren't cumulative, but represent point-in-time snapshots taken at 10-second intervals. These tiers don't log successful or failed authentication events or disconnection events.

Keep the following limitations in mind:

  • Because connection logs in these tiers consist of point-in-time snapshots taken every 10 seconds, connections that are established and removed within a 10-second interval aren't logged.
  • Authentication and disconnection events aren't logged.
  • Diagnostic settings can take up to90 minutes to start flowing to your selected destination.
  • Connection logging can cause a small performance degradation in your cache.
  • To stream logs to Log Analytics, only the Analytics Logs pricing plan is supported. For more information, seeAzure Monitor pricing.

Important

When you select logs, you can choose eitherCategories orCategory groups, which are predefined groupings of logs across Azure services. If you useCategory groups, you can't configure retention settings. If you need to set retention duration for your connection logs, select the item inCategories instead. For more information, seeCategory groups.

Log destinations

When you enable diagnostic settings for your Azure Redis instance, you can send resource logs to the following destinations:

  • Send to Log Analytics workspace. The workspace doesn't need to be in the same region as the resource being monitored.

  • Archive to a storage account. The storage account must be in the same region as the cache.

  • Stream to an event hub. The event hub must be in the same region as the cache.

    Diagnostic settings can't access event hub resources if virtual networks are enabled. Enable theAllow trusted Microsoft services to bypass this firewall setting in Azure Event Hubs to grant access to event hub resources.

  • Send to partner solution. For a list of potential partner logging solutions, seeExtend Azure with Azure Native Integrations - Data and storage.

When you send diagnostic logs to a storage account or event hub, you're charged normal data rates for either destination. You're billed under Azure Monitor, not Azure Cache for Redis. When you send logs to Log Analytics, you're charged only for Log Analytics data ingestion. For more pricing information, seeAzure Monitor pricing.

Enable diagnostic settings using the Azure portal

  1. On theAzure portal page for your cache, selectDiagnostic settings underMonitoring in the left navigation pane.

  2. On theDiagnostic settings page, selectAdd diagnostic setting.

    Screenshot that shows the Diagnostic settings page with Add diagnostic setting highlighted.

  3. On theDiagnostic setting page, enter a name for your diagnostic setting, and then select the monitoring options you want. For example, selectAllMetrics to log all metrics andallLogs to log bothConnected client list andMSEntra authentication audit log.

  4. Select one or more destinations and your destination details, and then selectSave.

    Screenshot that shows the Diagnostic setting configuration page for a Premium cache.

Enable connection logging using the REST API

To create a diagnostic setting, use the Azure Monitor REST API in an interactive console as follows. For more information, seeDiagnostic Settings - Create or update.

Request

PUT https://management.azure.com/{resourceUri}/providers/Microsoft.Insights/diagnosticSettings/{name}?api-version=2017-05-01-preview

Parameters/headers

  • Content-Type:application/json
  • name: The name of your diagnostic setting
  • resourceUri:subscriptions/<your subscription id>/resourceGroups/<cache resource group>/providers/Microsoft.Cache/Redis/<cache name>
  • api-version:2017-05-01-preview

Example body

{    "properties": {      "storageAccountId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/apptest/providers/Microsoft.Storage/storageAccounts/appteststorage1",      "eventHubAuthorizationRuleId": "/subscriptions/bbbb1b1b-cc2c-dd3d-ee4e-ffffff5f5f5f/resourceGroups/montest/providers/microsoft.eventhub/namespaces/mynamespace/eventhubs/myeventhub/authorizationrules/myrule",      "eventHubName": "myeventhub",      "workspaceId": "/subscriptions/cccc2c2c-dd3d-ee4e-ff5f-aaaaaa6a6a6a/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/myworkspace",      "logs": [        {          "category": "ConnectedClientList",          "enabled": true,          "retentionPolicy": {            "enabled": false,            "days": 0          }        }      ]    }}

Enable connection logging using Azure CLI

Use the Azure CLIaz monitor diagnostic-settings create command to create a diagnostic setting. For more information on command and parameter descriptions, seeCreate diagnostic settings to send platform logs and metrics to different destinations.

The following example shows how to use the Azure CLI to stream data to four different endpoints:

az monitor diagnostic-settings create     --resource /subscriptions/{subscriptionID}/resourceGroups/{resourceGroupname}/providers/Microsoft.Cache/Redis/{cacheName}    --name {logName}    --logs '[{"category": "ConnectedClientList","enabled": true,"retentionPolicy": {"enabled": false,"days": 0}}]'        --event-hub {eventHubName}    --event-hub-rule /subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/microsoft.eventhub/namespaces/{eventHubNamespace}/authorizationrule/{ruleName}    --storage-account /subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}    --workspace /subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{logAnalyticsWorkspaceName}    --marketplace-partner-id/subscriptions/{subscriptionID}/resourceGroups{resourceGroupname}/providers/Microsoft.Datadog/monitors/mydatadog

Connection log contents

The following fields and properties appear in theConnectedClientList log category. In Azure Monitor, logs are collected in theACRConnectedClientList table under the resource provider name ofMICROSOFT.CACHE.

Azure Storage field or propertyAzure Monitor Logs propertyDescription
timeTimeGeneratedThe UTC timestamp when the log was generated.
locationLocationThe Azure region the Azure Redis cache was accessed in.
categoryn/aAvailable log categoryConnectedClientList.
resourceId_ResourceIdThe Azure Redis resource logs are enabled for.
operationNameOperationNameThe Redis operation associated with the log record.
propertiesn/aSee the following rows.
tenantCacheNameThe name of the Azure Redis instance.
roleInstanceRoleInstanceThe role instance that logged the client list.
connectedClients.ipClientIpThe Redis client IP address.
connectedClients.privateLinkIpv6PrivateLinkIpv6The Redis client private link IPv6 address if applicable.
connectedClients.countClientCountThe number of Redis client connections from the associated IP address.

Sample storage account log

The contents of a log sent to a storage account might look like the following example.

{    "time": "2021-08-05T21:04:58.0466086Z",    "location": "canadacentral",    "category": "ConnectedClientList",    "properties": {        "tenant": "mycache",         "connectedClients": [            {                "ip": "192.123.43.36",                 "count": 86            },            {                "ip": "10.1.1.4",                "privateLinkIpv6": "fd40:8913:31:6810:6c31:200:a01:104",                 "count": 1            }        ],        "roleInstance": "1"    },    "resourceId": "/SUBSCRIPTIONS/eeee4efe-ff5f-aa6a-bb7b-cccccc8c8c8c/RESOURCEGROUPS/AZURE-CACHE/PROVIDERS/MICROSOFT.CACHE/REDIS/MYCACHE",     "Level": 4,    "operationName": "Microsoft.Cache/ClientList"}

Related content

For detailed information about how to create a diagnostic setting by using the Azure portal, Azure CLI, or Azure PowerShell, seeCreate diagnostic settings to collect platform logs and metrics in Azure.

Feedback

Was this page helpful?

YesNoNo

Need help with this topic?

Want to try using Ask Learn to clarify or guide you through this topic?

Suggest a fix?
  • Last updated on

In this article

Was this page helpful?

YesNo
NoNeed help with this topic?

Want to try using Ask Learn to clarify or guide you through this topic?

Suggest a fix?