I have some alerts set up based on activity log - when certain resources are create/updated. I would like to disabled them for the deployment time (Azure DevOps, including ARM template) - to not be spammed with unnecessary emails.
So before each deployment (and after deploying ARM template) I would run code like this:
az monitor activity-log alert list --resource-group ${RESOURCE_GROUP_NAME} --query "[].[name, enabled]" -o tsv | while read ALERT_NAME ALERT_STATUS
do
if [[ ${ALERT_STATUS} == "True" ]]
then
az monitor activity-log alert update --resource-group ${RESOURCE_GROUP_NAME} --name ${ALERT_NAME} --enabled false
fi
done
And switch them on as a last step of deployment.
However this doesn't seem to suppress the alerts. My guess is that it need some time to refresh status somewhere.
Any clue what it might be and how to fix/workaround it?
You can use action rules to suppress alerts during deployments. See these docs on that:
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules
Related
I have an Azure Monitor Diagnostic Settings object on which I am trying to set the logAnalyticsDestinationType property. But it does not stick:
~$ id=/subscriptions/4...d/resourceGroups/xyz/providers/Microsoft.ContainerService/managedClusters/abc
~$ az monitor diagnostic-settings show --resource $id -n loganalytics-diagnostics --query logAnalyticsDestinationType
~$ az monitor diagnostic-settings update --resource $id -n loganalytics-diagnostics --set logAnalyticsDestinationType=AzureDiagnostics --query logAnalyticsDestinationType
"AzureDiagnostics"
~$ az monitor diagnostic-settings show --resource $id -n loganalytics-diagnostics --query logAnalyticsDestinationType
~$
Without delving into much details on why I want to set it, is it possible to set it at all?
It seems that there's currently an open issue with Azure regarding this topic:
https://github.com/hashicorp/terraform-provider-azurerm/issues/20019
https://github.com/hashicorp/terraform-provider-azurerm/issues/20140
It seems to be that there's an erratic behaviour where the logAnalyticsDestinationType property is not being set and it is returing as either:
null
AzureDiagnostics
Some responses on the first issue suggests that if you delete the Monitoring diagnostics settings and re-create it "fixes" in a non consistent way.
Although, I've had to delete it from the Portal UI and then re-create it through Terraform, and the logAnalyticsDestinationType was still set to null.
I tried to update the logAnalyticsDestinationType. of azure monitor diagnostic settings with the Azure CLI command and was able to update it successfully like below:-
Azure CLI command:-
az monitor diagnostic-settings update --resource /subscriptions/xxxxxxx-xxxx-44d6-b4fd-e2b6e97cb2a7/resourceGroups/siliconrg/providers/Microsoft.OperationalInsights/workspaces/siliconLA -n LAdiag --set logAnalyticsDestinationType=AzureDiagnostics
Output:-
Where resource is the resource ID of the Azure resource that you want to update the diagnostic settings of, the Resource Id can be found in the Properties tab of your Azure resource, and -n is the name of the diagnostic settings you want to update and set value is used to set the new property of logAnalyticsDestinationType.
Make sure you use the correct resource ID in the $id variable, add the correct -n name and --set value to change the logAnalyticsDestinationType.
Reference:-
az monitor diagnostic-settings subscription | Microsoft Learn
We have our on-premise Azure DevOps Server that is growing quite fast. The database files (SQL Server 14) were about 130 GB. In less than a month are now 160 GB.
There's an agent monitor (maybe an Azure DevOps extension?) to log mostly Azure DevOps operations that may cause this? Not only push etc. standard GIT operation but something more specific? We have several repositories, pipelines, artifacts, etc.
Edit: auditing on Azure DevOps Services isn't available for on-premises deployments. And more there are several 3rd part providers offering this service but again seems like they work only in the cloud.
What eventually I'm looking for is a way to know the memory occupancy of a single Team Project or its pipeline/release etc. Then it will be easy to check day after day who is growing so rapidly.
You can check the Azure DevOps server growth using continuous monitoring by application insights
You can set the alert rules using the below sample CLI script
To modify alert rule settings:
In the left pane of the release pipeline page, select Configure Application Insights Alerts.
$subscription = az account show --query "id";$subscription.Trim("`"");$resource="/subscriptions/$subscription/resourcegroups/"+"$(Parameters.AppInsightsResourceGroupName)"+"/providers/microsoft.insights/components/" + "$(Parameters.ApplicationInsightsResourceName)";
az monitor metrics alert create -n 'Availability_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'avg availabilityResults/availabilityPercentage < 99' --description "created from Azure DevOps";
az monitor metrics alert create -n 'FailedRequests_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'count requests/failed > 5' --description "created from Azure DevOps";
az monitor metrics alert create -n 'ServerResponseTime_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'avg requests/duration > 5' --description "created from Azure DevOps";
az monitor metrics alert create -n 'ServerExceptions_$(Release.DefinitionName)' -g $(Parameters.AppInsightsResourceGroupName) --scopes $resource --condition 'count exceptions/server > 5' --description "created from Azure DevOps";
You can modify the script and add additional rules, and you can even modify alert conditions. or you can even remove alert rules which you don't require
I have to fetch logs using AZ commands:
If I add a filter on Resource Group, it is not giving result.
For e.g.--
Following commands is working fine:
az monitor activity-log list --subscription "subscription1"
In the result I am getting logs for ResourceGroup1.
But when I execute following:
az monitor activity-log list --resource-group "ResourceGroup1"
It is giving 0 result.
I am using "azure-cli": "2.26.1"
You can use the below command to read monitor activity logs at resource group level
az monitor activity-log list -g "resource-group"
Here is the command to pull activity monitor logs with filters
az monitor activity-log list -g 'resource-group' --start-time 2021-07-29T12:00:00 --select {ResourceGroupName,EventTimestamp,CorrelationId,ResourceId} -o table
When we do AZ login, there is one field "isDefault": true for only one subscription (Default subscription of your account). For other Subscriptions, it will be False.
You will get results for all RGs under default Subscription. For other RGs, it will give 0 result.
Therefore, when you apply filter on a RG, you need to confirm that it's corresponding Subscription should be set as default. You can set same as:
az account set -s <subscription ID>
So I have setup a deployment of an Arm Template with some Logic Apps with some related diagnostic setting for Event hub, see img.
Event Hub Settings
However, when deploying the same template again, we get the error: "Data sinks can’t be reused in different settings on the same category for the same resource".
And the solution is to remove the diagnostic settings before a new deploy. But I don't want to manually do this each time we do a new deploy.
Have someone figured out a workaround for this?
Thanks!
You can either use PowerShell command or Azure CLI command to remove a diagnostic setting for the resource.
PowerShell command (You can find the documentation here):
Remove-AzDiagnosticSetting -ResourceId "Resource01" -Name myDiagSetting
Azure CLI command (You can find documentation here):
az monitor diagnostic-settings delete --name "myDiagSetting" --resource "Resource01"
Is there a way to configure Azure Activity logs to be forwarded to a Log Analytics instance using Azure CLI?
Hopefully equivalent to the PowerShell command:
New-AzureRmOperationalInsightsAzureActivityLogDataSource -ResourceGroupName <LogAnalyticsOMSWorkspaceResourceGroupName> -WorkspaceName <LogAnalyticsOMSWorkspaceName> -Name <NameOfThisOperationalInsightsAzureActivityLogDataSource> -SubscriptionId <SubscriptionId>
Significant changes have been made to Azure Monitor recently, with different services being consolidated in order to simplify monitoring for Azure customers.
Dedicated Azure CLI commands under the set az monitor activity-log alert are available for managing activity log alert rules.
To create a new activity log alert rule, use in this order:
az monitor activity-log alert create: Create new activity log alert rule resource
az monitor activity-log alert scope: Add scope for the created activity log alert rule
az monitor activity-log alert action-group: Add action group to the activity log alert rule
To retrieve one activity log alert rule resource, the Azure CLI command az monitor activity-log alert show can be used. And for viewing all activity log alert rule resource in a resource group, use az monitor activity-log alert list. Activity log alert rule resources can be removed using Azure CLI command az monitor activity-log alert delete.
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log#cli