We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
2
13
2019
3.1.2023

Run a Custom Script on an Azure VM When A Log Analytics Alert Is Triggered

Last updated:
9.16.2020
3.1.2023
No items found.

Gabriel Mora is a Software Developer at Green House Data. Connect with him on LinkedIn.

Sometimes you want to trigger a specific action when something is detected by one of your alert rules inside of Azure. If you want to immediately remediate the specific issue you are facing normally you would have to login to the machine once you receive the alert, but by using an Azure Automation account you don’t have to take any additional steps to fix whatever threw the alert — just create your script and leave it to run whenever the alert is triggered. As simple as that.

This works perfectly when you need to resolve a common issue with a trusty PowerShell script that you have often used. This method will save you time and effort; you can rest assured that the issue is being taken care of with the help of a Custom Script Extension.

Running a custom script on a specific machine when an alert is triggered in Log Analytics is quite easy. Here are the following steps you need to follow to achieve this.

  1. Upload your script file in a Storage Account
  2. Create the Automation Account and a new Runbook
  3. Link your runbook to the Action Group in Log Analytics Alerts

We will go into more detail for each step.
 

1) Upload Your Script File in a Storage Account

The first step is to upload the script file that will run whenever your defined alert is raised. Go to your Storage Account and click on Blobs.

Click on Add a Container and set the Public access level to Container Level.

Next, upload the script file by clicking Upload:

You will need to copy the blob file URL as you will need this later:

2) Create the Automation Account and a New Runbook

Let’s create a new Automation Account. Click Yes to create a new Run As Account.

Once created, go to Runbooks. Here we will add the PowerShell Script that will be used to trigger the action. Click on Create a Runbook. In my case this Runbook will retrieve a PowerShell script from a Storage Account and execute it within the machine I define inside the Runbook.

Add the following code inside of the Runbook (click here to copy code from Gitbhub):

Let’s take a closer look at how to get the values for each key component of the script as seen below:

To create this, we need to go to our Automation Account and click on Credentials:

Add a new set of credentials. This account must have appropriate permissions to be able to run a script inside of the VM. On to the next portion of the script.

This one is fairly obvious, you just need the Name, Resource Location, and Resource Group. Next you'll need to insert the URL of your Blob file that you saved earlier:

Now everything comes together at the end:

We will use the Custom Script Extension to run this specific script on the target machine. We must use all of the variables we gathered and also put the name of the script we want to trigger as well as the friendly name of the extension we will create on the VM.

This line is very important because it will help us to rerun the script on the machine:

-ForceRerun $(New-Guid).Guid `

If you don’t include this portion, the script will try to install the Extension on the machine again. We just need it to run whenever the alert is triggered.
 

3) Link Your Runbook to the Action Group in Log Analytics Alerts

The final step is to go to the Alerts section of Log Analytics and create a new Management Action Group:

Let’s create a new Action Group:

Select Automation Runbooks as the Action Type. Here we can select the Runbook we previously created:

Click OK. Now let’s link this action group to the Alert itself. On Action Groups click Select Existing to add the action group we just created:

Click on Save. Now whenever the alert is raised you will run our custom script on the target machine you specified on the Runbook.

Recent Blog Posts

lunavi logo alternate white and yellow
3.27.2024
03
.
27
.
2024
Utilizing Bicep Parameter Files with ALZ-Bicep

Ready to achieve more efficient Azure Deployments? You can use Bicep parameters instead of JSON which opens new opportunities for deployment. Let Lunavi expert, Joe Thompson, show you how.

Learn more
lunavi logo alternate white and yellow
3.26.2024
03
.
04
.
2024
Anticipating Surges in Cyber Attacks and Bolstering Your InfoSec Defenses in 2024

Learn how to navigate 2024 with the right InfoSec defenses to protect your organization against a rising number of cyber attacks.

Learn more
lunavi logo alternate white and yellow
3.26.2024
01
.
03
.
2024
Microsoft Copilot is Re-Shaping the Innovation Frontier

Microsoft 365 Copilot has been released, and it's changing the way we work. More than OpenAI or ChatGPT, read how Copilot can seamlessly integrate with your workflow.

Learn more