Using Azure SG to collect Software using Azure Monitoring Agent vs Log Analytics

Dwight Mickley
Tera Contributor

Has anyone configured Azure Service Graph Connector to collect Software using the Azure Monitoring Agent as opposed to the Azure Log Analytics?  As I understand it Azure Log Analytics is depreciated and wanted to know who has switched over and if there is any documentation that can be shared on how to do so, specifically configurations in ServiceNow.  A similar question was posted on the Azure Service Graph Overview page with no response.

https://www.servicenow.com/community/cmdb-articles/service-graph-connector-for-azure-overview/ta-p/2...

 

Notice of retirement

https://azure.microsoft.com/en-us/updates?id=were-retiring-the-log-analytics-agent-in-azure-monitor-...

 

Instructions to migrate on the Azure side

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-migration

 

Or would you recommend using the ServiceNow Agent Client Collector in Azure to discover the CIs and Installed software instead of the Azure Service Graph Connector?

 

2 REPLIES 2

James Behrens
Giga Guru

That was rather scary to read but I don't think they actually deprecated Log Analytics, just changed the name. Not even sure what changed in there. The guys that were using Log Analytics to do whatever they do with it did not skip a beat as that deadline came and went. We're just implementing Cloud Discovery now. So far just in the subprods. 

 

I'll likely open a different question on this one, but has anyone routed these two (graphApi 'hardware' and Log Analytics 'software' through Apigee (aka Google Edge)? We have a standing architectural requirement to route cloud-to-cloud interfaces through Apigee so that security can track who is making calls and what they are retrieving. It also gives you some DDOS protection, throttling, yada. 

 

I am considering trying out the 'use mid server' to work around the issue but I am pretty certain using the Apigee blind proxy will be far more efficient.. if I can get it to work. 

FYL
Mega Sage

Think the change is just a different agent (azure monitor instead of log analytics agent) of getting the Change tracking and inventory data into Log analytics. 
Just think of it being an agent on the vm pulling an inventory periodically and updating it to log analytics.
From servicenow perspective is the same data it is pulling the list of inventory updates from log analytics. No different from a SCCM SGC pulling from the SCCM database. 

Before you deciding to use ACC, you need to first consider that you will have another agent on to manage and maintain across your fleet. Then whats the benefit of this Agent vs the other agents and if it is worth it.
If you are talking about Azure VMs and all you want is just installed software and basic hardware configuration then no. If you need to discover deep configuration or application data, then yes you may have to consider it.
The other alternative is agentless discovery aka IP based discovery but that is often a challenge in a complex Azure org and you don't want to have too many midservers to manage nor openup firewall rules all over the place.