Alerts and Action Groups

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

23 hours 16 minutes
Video Transcription
Hello and welcome back to sign Berries. Microsoft Azure Administrator a Z one or three course. I'm your instructor, Will Carlson. And this is Episode 13
Alerts in Action Rooms.
In today's episode, we're gonna talk about how you create alert rules, which are ultimately how alerts fire off and azure. We're gonna talk about creating action groups, which is a very, very powerful way to send alerts and azure. And we're gonna look at an alert that we're going to trigger here in Azure today as well
jumping into the portal,
we're gonna go back to the monitor blade that we've been spending some time man and these previous episodes and we're gonna go to alerts now,
a couple important things about alerts to start with. Really. One major item is that alerts are gonna be triggered by alert rules. So to add an alert in, we're gonna click new alert rule. And the first thing we're gonna do is select the resource that we're gonna monitor for this alert.
Gonna filter this by virtual machine,
and we're going to select this service desk bu
Now that we've got the resource selected, we have to select the condition that we're gonna monitor for.
here within the signals are a couple of different signal types and those air metrics and activity log
metrics. We've talked about those air gonna be those values that are collected on a regular basis by default out of azure. So
think back to our metrics episode. And remember the CPU utilization That's gonna be a metric that we could report against. So, for example, when CPU utilization gets above 90% fire often alert and let me know
the other type of signal is going to be an activity log signal and those air gonna be alerts or that air fired off of things that happen in the activity law. And remember, the activity log is the place where all of our arm a P I calls ultimately get logged away. So
for this example, we're gonna go ahead and look an activity log metric,
and we're going to select this d allocate virtual machine metric. Now, if we had selected CPU utilization here, the values over the last six hours would show in this chart just for reference.
The event levels are pretty self explanatory
along with the status
If you wanted to fire off an alert when the event was triggered by a certain user. You could put that user here in this box, but we're gonna go ahead and leave this as is except the defaults.
Now that we have the resource that we're watching and the condition we're watching for, we have to decide what we're going to do when that gets triggered.
And that's done by actions and more specifically by action groups and actions alerts. Action groups are all gonna be separate entities, or resource is here and azure, and you can manage them all separately as well. So we're gonna go ahead and create an action group.
And to do that, we're going to create a name here. Call this email test
and there's a short name as well. Now the short name is relatively important as it pertains to SMS or text based alerts and email alerts.
If a user were to unsubscribe from a particular alert, it will unsubscribe them from every alert that uses the same action group. So if I had 45 servers that had this action group applied called email test and somebody were to unsubscribe when they received one of those alerts,
they would no longer get alerts for any of those 45 servers again.
So it's something to keep in mind both when you're trying to unsubscribe
and when you're setting up your alert plans here within Azure,
we're gonna go ahead and leave. The rest is default.
I'm gonna call this email tests as well,
because we're going to set up an email alert.
Now, even this one alert type is pretty powerful. So you're going to see here that I can send email to one particular email account, or I could also send an email to a particular role here in Azure. We'll talk more about this when we talk about role based access control.
But we're gonna go ahead and select owner here.
You can send an SMS message. You could send a push notification to the azure AB.
You can also have azure give you a phone call to let you know what's going on. What alert has been fired?
Now, this last option down here, the common alerts Chema. You clearly can click to learn more, but essentially, that's a way that azure standardizes the alerts. That's text message as it were, or the text of the alert so that it's consistent. Regardless of the alert channel, you can enable that we're not.
We go ahead and we sell it. Okay.
Now, before you move on, I want to talk real quickly about some of these other action types. And as your function is gonna be just that, it's going to initiate a function call on the azure platform to generate some
in action based on custom coding that you've done an azure functions.
Logic app is going to be a very similar, but the logic kept tool. It's just essentially a gooey interface to create azure functions.
Web hooks. We're gonna be just that. It's gonna be rest a p I calls to any other any other system that accepts rest calls. So this allows you to integrate these alerts with a whole host of other systems that would have an A p I
very specific one being I t sm integration, and that's gonna be an I T service management platform. A good example of that would be when this alert fires go ahead and create a trouble ticket in my help desk system
on automation. Run books are going to be a portion of azure where you can set up a series of automated steps to be done when an alert fires so possibly you have a kubernetes cluster. And when there's an issue there, it goes ahead and spends up. Those micro service is in a completely replacement environment, so you can get back up and running in a completely automated what?
But we said our email and we're gonna slight Okay,
now we have to put some alert details here.
We're gonna put email alert
and this I. D Resource group and we do want to go ahead and enable this alert on
person. I have to say this year
and then we're gonna create the alert rule.
And once that's finished deploying, if I refresh this blade,
nothing happens. So what's the deal here? Why, as Mylar not showing up? Well, that's a great point. This is actually showing you the alerts that have been triggered. And, like I mentioned earlier, alerts, alert rules and action groups are all separate entities here within azure.
If I want to look at the alert rules that are currently applied, I have to go toe manage alert rules
and I can see here that this email our rule is in fact enabled. Everything is okay.
I could also go back
and very similarly managed actions. And these are the actions that I have set up in my account. So I got a couple of action set up all relatively similar, but used in different capacities here within Azure.
The next thing we're gonna do is go ahead and trigger this alert to fire off so we can look at the actual resource. That is an alert. Now,
I can't just go ahead and deeper vision the server right away because alerts do take a little bit of time to apply through Amazon as your rather says that these alert rules can take up to 10 minutes to become active across the system.
So we're gonna get this a little bit of time for that alert to trickle through the system and then I'm gonna go ahead behind the scenes and through the magic of Internet time, d provisioned this server and fire off the cellar.
Now that he's alert, rules have propagated through the system. I have been able to turn off this virtual machine. A number of times and actually get that alert rule to fire and alert. Remember, alerts, alert rules and action groups are all separate. Resource is here within azure.
So I'm gonna go ahead and pull up these alerts,
gonna click down through here and click on one of these alerts toe actually see what it's all about
now. An interesting thing about alerts is they have alerts, states and monitor conditions. Now, the monitor condition currently shows fired, which means the alerts simply been generated. This monitor conditions going to change to resolved when the underlying condition that caused the alert has been cleared.
Another thing to notice is the alert state. If I click on this, this alert is currently in the state of new, which means I haven't changed the alert state metal. If I pull this down, I can change it to acknowledged where I can go ahead and change it to closed. And this clearly is just a way to simply track these alerts and that something has been done with them.
I can go ahead
and click closed and her comments funny too,
and hit OK, and that's changed that particular alert state to closed.
It's also worth noting back here in alerts that the ability to filter in the alerts is pretty extensive. The last 24 hours. What monitor conditions am I looking for? A fixed or resolved I can change. The monitor service is that I'm looking for
the search functionality in this area of the system in particular, is really quite rich.
In today's episode, we step through the process of setting up an alert rule all the way from selecting what resource was gonna be monitored to set in the condition we were gonna watch for and then setting up an alert group to send us notification of that alert
coming up. Next, we're gonna begin talking about logs in Azure and a really powerful tool that exists in Azure. To help you consume logs both for Azure Resource is and for on premise resource is thanks so much for joining me today. I'm looking forward to the next episode
Up Next
AZ-103 Microsoft Azure Administrator

This Microsoft Azure AZ-103 Certification training course teaches students to perform tasks like managing Azure subscriptions and resources, implementing and managing storage, deploying and managing virtual machines (VM) and networks, and managing identities!

Instructed By