Send custom logs from WVD to Log Analytics

Loading Likes...

While implementing Windows Virtual Desktop for one of our customers, we wanted to monitor how many users are signed-in into the WVD environment. I started to investigate what kind of options there are for enabling logging in WVD.

Use Log Analytics for the diagnostics

We can enable the log feature in WVD itself to send diagnostics logs to a Log Analytics Workspace. The steps are writing in this doc site from Microsoft:

Use Web UI for the diagnostics and management

A other option is to use the Management UI web interface. This interface is really useful but we can’t use the data outside this UI.

Unfortunately I was still missing log messages about the amount of users that where signed-in into the Hostpool. That’s when I started to build a new script (based on the scale script that is available from Microsoft) that first connect to the WVD Hostpool to get the info and send that info to a Log Analytics.

The script is available on Github:

Config JSON

The script uses a JSON config file with parameters like the Sessionhostname, Workspace ID, Workspace secret and admin username (or app id). There is a connection to a keyvault so all the secrets are securely saved.

Local log file

The scripts is writing logs to a local log file so we can debug if we want to.

Connect to WVD and AzureAD

We start with connecting the powershell script to WVD and AzureAD. We need a connection to AzureAD because we need to import the secrets. I created a MSI (Managed Service Identity) from the VM and add this user to the AccessPolicy keyvault.

Get info from Hostpool

When the script is succesfully connected we can get the info from the Hostpool. The script gets all the active Sessionhosts from the Hostpool. It loops every Sessionhost to get the active users. After it founds a user it calls a function that sends a log message to the Log Analytics.

Send log message to Log Analytics

The function to send a log message to Log Analytics is using a POST command. The header of this post command needs to have a signature included. This signature confirms the authorization to the Log Analytics. The body of the POST command includes a JSON format message with the parameters we want to send to the log.

We can make our own columns, using the JSON format:

“HostPoolName”: “”,
“SessionHostName”: “”,
“UserPrincipalName” : “”,
“CreateTime” : “”,
“SessionState” : “”

Run script

To run this script I’m using a server that runs a Schedule task for every 5 minutes. It triggers the Powershell script to run.

First Log Message

After we send the first Log Message it can take up to 30 minutes before it has shows up as a new table in the Log Analytics. When the table is created the next log messages are imported in approximately 5 seconds.

This will look like this:

alt text

You can use this log for things like:

  • Count users on specific SessionHosts
  • Count users on complete Hostpool
  • Count disconnected / active users
  • How long users are connected

We can add more parameters to the script if we want to, for example:

  • Show active SessionHosts
  • Show info of SessionHosts
  • etc..


I just started with Grafana (thanks to this blog). This give us the opportunity to build cool dashboards. I created some in a couple of minutes, I know you can do better 😉

alt text

I hope you can use this script and improve it in your own environment. If you have any idea’s to improve the script I will love to hear that!