Looking for some help around Azure alerts.
I need to get notified whenever any Azure resource is deleted. From what I have read so far I know an alert can be created at a resource level. But it will be too cumbersome to setup alert for each resource individually.
Ideally I would like to have a rule set up at Subscription level or Resource Group level which notify when any resource in Sub/ Resource group is deleted.
Will highly appreciate any help I can get with this.
you could, actually just stream activity logs to azure log analytics and then you could use a simple query like so:
AzureActivity
| where OperationNameValue endswith "DELETE"
and then just click that + New alert rule button and your are all set.
Currently, the Alert level at the Subscription level is NOT supported. However, you can upvote the request here.
The only way to do is to create the rule for each resource as you mentioned in the question.
Related
I want to get alerts whenever a new resource is created, I tried to do it through the monitor using the activity log but could not find any default configuration which can provide the needful. Any help will be appreciated.
Create Event Grid Subcription on Subscription level. Narrow actions to e.g. Successful Writes only, your choice, send such event when its triggered to some external processor (e.g. Azure Function) and do whatever you need with it.
You can create a log alert for any create events.
You will first need to stream the activities to log anayltics:
https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log#send-to-log-analytics-workspace
You can then set a log alert on the subscripition to detect any resource creation.
I would like to set up an Azure alert for when someone on our team sets up an Azure database. Once alerted, I want to have an additional alert created if that resource is running for more than a certain amount of time.
My solution is to create an Alert Rule on the storage account and have it send an email. Where I'm running into trouble is how to monitor the database, since it just got created and I don't know the name yet for the second Alert rule that will monitor its uptime.
Is there some programmatic way to determine the database resource name?
If you don't want to invest time in Programmatic way there is a option to set or configure an alert at Resource Group level based on Resource type, where in the alert rule configure with below configurations
Scope -Select the right subscription, filter by resource type like SqlDatabase and if required filter based on location wise
Condition - In Select condition, Signal type drop down select "Create/Update Azure Sql Database" and in alert logic you can provide additional filtering logic's
Can choose existing Action group or create new one based on your requirement
Add "Alert rule details" like rule name, description etc.
Finally create alert rule
Now once alert rule is created if any new Azure SqlDatabase is created you will be notified based on alert configured.
According to the official doc, you can use Event Grid to notify Azure Automation when a SQL database is created.
https://learn.microsoft.com/en-au/azure/event-grid/overview#ops-automation
Once you subscribe, you can use Logic Apps to send you an email for example.
About the second part, you'll need to query the metrics and figure out if it's running (is performing compute) or not.
I am trying to alert/visualize Resource changes like creation/deletion of Azure resources using Log Analytics/OMS.
I am able to find new deployments using:
AzureActivity
| where ActivityStatus == 'Succeeded' and OperationNameValue contains 'Microsoft.Resources/deployments/write'
and VM start/stop also is traceable.
However, i do not see any logs when a VM is deleted from a resource group. I checked in the resource group Activity logs too, however such an important event doesnt seem to be tracked properly. Only thing I find is the deletion of shutdown schedules as part of VM deletion, however this isnt a reliable indicator.
How can I track resource deletions using Log Analytics?
You can set up an alert when the vm is deleted in log analytics.
Nav to azure portal, your log analytics -> in the left blade, select Alerts -> New alert rule-> in the new page, select your vm as resource -> then in the condition, add an condition: Delete Virtual Machine.
Is there any way to disable or stop a particular resource group temporarily? I know we can delete the resource group or we can stop certain services under the resource group but I am unable to find a way where I can just shut down the resource group or all of it's resources at once, temporarily.
Please let me know if I can provide few more details about this.
Thanks.
This does not seem to be possible at the moment but a request has been made here, however, no response from Microsoft on what it's status.
In general, if there are features that are not available in e.g. Azure, use the feedback site to suggest and vote on new features.
However, if you only got some specific type of resources in your resource group, like e.g. virtual machines, then you can stop them all in one PowerShell command like this:
Get-AzureRmResourceGroup <group name> | Stop-AzureRmVM -Force
Note: this approach is highly dependent on the type of resource and not a generic solutions like requested
A resource group is just a bounding-box, serving as a grouping mechanism and a security boundary. You cannot "stop" a resource group, as a resource group is never running. Yes, you can delete a resource group (along with everything in it), but that's a one-shot operation. It's not a fine-grained resource-management operation.
As for the services inside a resource group: some can be stopped, some cannot. For instance, you cannot stop a storage account. Others have very different behaviors when stopped: A VM simply sleeps/hibernates until restarted with everything preserved, while an HDInsight cluster, when stopped, deletes everything.
TL;DR there is currently no way to point to a resource group and have it stop all of its services, given the variability of behavior (and the fact there's no such supported API). You'll need to manage your resource starts/stops.
I just had a new "MSDN account" hit its budget limit and that made me realize this SHOULD be achievable!
When this happened Microsoft "disabled" my subscription.
In my case, I'm actually fine with having to "fence the resources" within a subscription if I had to. But at the moment, I haven't found a way to easily stop/start it in this manor. Anyone a guru with the Azure budgets? It looks like they can be applied at a Resource Group level as well.
Can you "enable/disable" resource groups or subscriptions this way?
Simply want to create something. Pay for it, of course. Pay for storage, sure. But 'disable' it, until I need to run it. Then, Enable it. Simple. :)
I've been upvoting and watching this "Feature Request" thread for some time:
https://feedback.azure.com/forums/217313-networking/suggestions/17670613-hibernate-pause-a-resource-group-or-subscription
I just moved my WebApp from one subscription to another and now I can't find it in the azure portal.
However, I see that the web application still works.
It has not been deleted.
It is not listed in the result of the call to Get-AzureRmResource.
Do you have an idea to diagnose this problem?
Update
I found an error entry in the target Resource Group activity log:
"properties": {
"statusCode": "Conflict",
"statusMessage": "{\"error\":
{\"code\":\"ResourceMoveFailed\",\"message\":...
BUT my resource is not, either, in my old resource group !!!
It looks like you are experiencing an issue with the synchronization as mentioned in the following discussion thread, to fix this issue you may contact the support to perform a re-sync.
Let us know if you need further assistance on this issue.
Many of the operations you perform are scoped per subscription. For example, Get-AzureRmResource works against the currently selected subscription. You can run Get-AzureRmSubscription to view the subscriptions you have access to. You can then switch between subscriptions with something like this:
Set-AzureRmContext -SubscriptionName "Example Subscription Two"
In the portal, you can filter all the blades to show resources in one or more subscriptions.
As the image points out, if that doesn't work you can switch directories.
Try Azure Resource Explorer for furthermore information on resources.
https://azure.microsoft.com/en-us/blog/azure-resource-explorer-a-new-tool-to-discover-the-azure-api/