Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions

Run a Custom Script on an Azure VM When A Log Analytics Alert Is Triggered

No items found.

Gabriel Mora is a Software Developer at Green House Data. Connect with him on LinkedIn.

Sometimes you want to trigger a specific action when something is detected by one of your alert rules inside of Azure. If you want to immediately remediate the specific issue you are facing normally you would have to login to the machine once you receive the alert, but by using an Azure Automation account you don’t have to take any additional steps to fix whatever threw the alert — just create your script and leave it to run whenever the alert is triggered. As simple as that.

This works perfectly when you need to resolve a common issue with a trusty PowerShell script that you have often used. This method will save you time and effort; you can rest assured that the issue is being taken care of with the help of a Custom Script Extension.

Running a custom script on a specific machine when an alert is triggered in Log Analytics is quite easy. Here are the following steps you need to follow to achieve this.

  1. Upload your script file in a Storage Account
  2. Create the Automation Account and a new Runbook
  3. Link your runbook to the Action Group in Log Analytics Alerts

We will go into more detail for each step.

1) Upload Your Script File in a Storage Account

The first step is to upload the script file that will run whenever your defined alert is raised. Go to your Storage Account and click on Blobs.

Click on Add a Container and set the Public access level to Container Level.

Next, upload the script file by clicking Upload:

You will need to copy the blob file URL as you will need this later:

2) Create the Automation Account and a New Runbook

Let’s create a new Automation Account. Click Yes to create a new Run As Account.

Once created, go to Runbooks. Here we will add the PowerShell Script that will be used to trigger the action. Click on Create a Runbook. In my case this Runbook will retrieve a PowerShell script from a Storage Account and execute it within the machine I define inside the Runbook.

Add the following code inside of the Runbook (click here to copy code from Gitbhub):

Let’s take a closer look at how to get the values for each key component of the script as seen below:

To create this, we need to go to our Automation Account and click on Credentials:

Add a new set of credentials. This account must have appropriate permissions to be able to run a script inside of the VM. On to the next portion of the script.

This one is fairly obvious, you just need the Name, Resource Location, and Resource Group. Next you'll need to insert the URL of your Blob file that you saved earlier:

Now everything comes together at the end:

We will use the Custom Script Extension to run this specific script on the target machine. We must use all of the variables we gathered and also put the name of the script we want to trigger as well as the friendly name of the extension we will create on the VM.

This line is very important because it will help us to rerun the script on the machine:

-ForceRerun $(New-Guid).Guid `

If you don’t include this portion, the script will try to install the Extension on the machine again. We just need it to run whenever the alert is triggered.

3) Link Your Runbook to the Action Group in Log Analytics Alerts

The final step is to go to the Alerts section of Log Analytics and create a new Management Action Group:

Let’s create a new Action Group:

Select Automation Runbooks as the Action Type. Here we can select the Runbook we previously created:

Click OK. Now let’s link this action group to the Alert itself. On Action Groups click Select Existing to add the action group we just created:

Click on Save. Now whenever the alert is raised you will run our custom script on the target machine you specified on the Runbook.

Recent Blog Posts

lunavi logo alternate white and yellow
More Than Just Another Partnership, the Azure Expert MSP Is a Unique Source of Pride

As a founder and leader at Lunavi, I’ve seen our organization achieve a lot of big things. That said, achieving the distinction of Azure Expert MSP stands out.

Learn more
lunavi logo alternate white and yellow
What You Should Know About the SolarWinds Nation-State Hack

A supply chain attack on SolarWinds software has led to numerous security breaches. Learn how Lunavi is responding and what you should know about the hack.

Learn more
lunavi logo alternate white and yellow
Throughout a History of Change, Creating Business Value For Customers Remains Our Constant Priority

CEO Shawn Mills takes you on a journey through Lunavi's past, future, and constant commitment to delivering value.

Learn more