When managing VMs, it is important to know what was changed, and when. If you are leveraging an immutable infrastructure and never perform changes manually (instead, you are using Automation scripts and custom VM images), you may already have a solution for tracking changes that suits your needs. However, there are still cases where the process you are working in does not guarantee the right management of changes, and it is hard to audit them.
In this section, we will discuss the Change tracking feature and see how it works for our purpose. To get started, you will need a VM with which you can work. If you do not have one, take a look at the previous sections from this chapter, where the process is discussed in detail.
Continuing our discussion forward, let’s track changes in a VM with the help of the following instructions:
- To enable the Change tracking feature, go to your VM and find the Change tracking blade:
- The screen that you see here allows you to configure the Log Analytics workspace and Automation account that steer the feature:
- The deployment of the feature may take a while, so be patient. Once the feature has been deployed, you will see no changes noticed by it:
Note that it watches the following things on your machine:
- Events related to it
- File modifications
- Registry changes
- Software installations
- Windows services operations
- If you click on the Edit Settings button, you will be able to configure each of the filters in detail:
Using the Change tracking feature is similar to the usage of update management, described in the previous section. It also uses the Log Analytics workspace so that everything is automated and integrated with each other in a seamless way.
In this exercise, we have discovered possibilities for changes and modifications that may be tracked (such as new values of registry entries). The important thing here is remembering that everything is disabled by default—you have to mark things that you want to monitor. Change tracking can be very easily configured by adding the registry keys or files you want to monitor:
Make sure you have configured it properly (by adding all the files to monitor or enabling monitoring of particular registry entries). In the Further reading section, you will find extra information on this topic—including limitations of the feature and known issues—that may help you troubleshoot this functionality.