Skip to content

The purpose of this repository is to share a guidance on how to be alerted about the creation or changes of virtual machines in your Azure subscription.

Notifications You must be signed in to change notification settings

ricmmartins/azure-alerts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 

Repository files navigation

Being alerted about creation or updates of Virtual Machines in your Azure Subscription

In this document, I'll show you how to be alerted when a VM is created or updated inside your Azure environment. Please note that updated means started, stopped, restarted, have their size or any characteristic changed.

To do this, we will be using the Azure Activity Logs that is part of the Azure platform logs and provides insights into subscription-level events.

Just as a reminder, please note that the Azure Activity Logs are enabled by default and stored in the Azure platform for 90 days. If you want to have retained from more than 90 days, you should configure to send the data to a Log Analytics Workspace if you want enable features of Azure Monitor Logs, to Event Hubs if you want to send the data outside of Azure or to Azure Storage if you want to retain the log data for audit, static analysis or backup.

  1. First of all, ensure you are sending the Activity Logs to a Log Analytics Workspace.

  2. Then go to the Azure Monitor > Alerts and click to + New alert rule

alerts

  1. Select your subscription as Scope:

Please note that for the purpose of this document we will be monitoring the entire subscription. But if you want, you can filter by resource type and/or location and monitor only a specific resource group/resource/location.

setsubscription

  1. In Condition search by "Create or update Virtual Machine" then select the first result:

Note that you can search for different options to see other alternatives available. Just as example, if you want be alerted only for added VMs, you can filter by "Add Virtual Machines".

signallogic

  1. In the second screen that will show-up, choose the Chart period then click Done:

configuresignal

  1. Now set the Action group and the Alert rule details then click to Create alert rule:

actiongroup

  1. If everything is ok, you may have something like this:

alertrule

  1. Now, when a new VM is created or changed into your subscription, you will receive those kind of alerts by e-mail (if this was your choice - remember you can be alerted also by sms or through a webhook):

email

About

The purpose of this repository is to share a guidance on how to be alerted about the creation or changes of virtual machines in your Azure subscription.

Topics

Resources

Stars

Watchers

Forks