In this article I am going to explain how to create backup alert using log analytic workspace .
Cause: we have multiple Azure tenancy and multiple backup slots running several time slots.
all the backup alert were created using Activity log, recently we face issue that administrative alert of recovery service vault has not been recorded in activity log. (figure 1)
But it worked fine earlier and each day we receive backup alert. somehow Microsoft has moved some log information to log analytic workspace not activity log
 |
| Figure 1 |
solution: Here I am going to create Log Analytic WorkSpace and forward Azure recovery service vault logs to workspace , then query from the workspace and create alert based on the query.
lets start!
1. Requirements
• Client Azure login information
• Backup monitoring requirement
2. Create a new service - Azure Log Analytic workspace
• Search “Log Analytic” in all services
• Click create
• Name:
• Resource group name: select the resource group created for log analytic
• Location: client’s backup item location
• Pricing tier: Pay-As-You-Go (Per GB 2018)
Refer more information on : https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace
3. Send diagnostic log from backup vault to log analytic
• Navigate to your vault and click on Diagnostic Settings. Click + Add Diagnostic Setting.
• Give any name to the Diagnostics setting.
• Check the box Send to Log Analytics and select a Log Analytics Workspace.
• Select Resource Specific in the toggle and check the following six events -
CoreAzureBackup
AddonAzureBackupAlerts
AddonAzureBackupProtectedInstance
AddonAzureBackupJobs
AddonAzureBackupPolicy
AddonAzureBackupStorage.
AddonAzureBackupAlerts
AddonAzureBackupProtectedInstance
AddonAzureBackupJobs
AddonAzureBackupPolicy
AddonAzureBackupStorage.
• Click on Save.
• Wait for the log ingested into log analytics workspace (can up to 48 hours)
4. Setup alert rule in log analytic workspace
• Navigate to log analytic workspace
• Click “Log” under general
• Suppress the welcome message from Azure
• Type following screen in query pane
AddonAzureBackupJobs
| where JobOperation=="Backup"
| extend friendlyname = tostring(split(BackupItemUniqueId, ";")[-1])
| project TimeGenerated, friendlyname, JobStatus, BackupItemUniqueId
• Select the time range as Last 24 hours and run the query
• Click “New Alert Rule” to create a alert
• Click the “Condition” to edit the rule
• Select the alert logic as follows:
o Based on: Number of Result
o Operator: Grater than
o Threshold Value: 0
• Select the evaluation based on as follows:
o Period: 1440
o Frequency: 1440
• Select “Done”
• You can see monthly cost is around 0.50 USD
- Click “Create” in action group
5. Create a Action group
• Action group name: --
• Short Name: -
• Resource group: select the resource group created for log analytic purpose
• Actions:
o Action name: Alert Mailbox name
o Action Type: Email/Push/SMS/Voice
o Tick the email and provide email address
6. Email alert customization
• Select the email subject
• Subject line : - -
• Give same name to Alert rule name and Alert Discription
• Click create alert
• Select “Enable rule upon creation”: Yes
Thank you!
No comments:
Post a Comment