Run a Custom Script on an Azure VM When A Log Analytics Alert Is Triggered

Written by Gabriel Mora on Tuesday, February 12th 2019 — Categories: Cloud Hosting, Cloud, Azure, Datacenter Automation, Cloud Hosting, IT Operations

Gabriel Mora is a Software Developer at Green House Data. Connect with him on LinkedIn.

Sometimes you want to trigger a specific action when something is detected by one of your alert rules inside of Azure. If you want to immediately remediate the specific issue you are facing normally you would have to login to the machine once you receive the alert, but by using an Azure Automation account you don’t have to take any additional steps to fix whatever threw the alert — just create your script and leave it to run whenever the alert is triggered. As simple as that.

This works perfectly when you need to resolve a common issue with a trusty PowerShell script that you have often used. This method will save you time and effort; you can rest assured that the issue is being taken care of with the help of a Custom Script Extension.

Running a custom script on a specific machine when an alert is triggered in Log Analytics is quite easy. Here are the following steps you need to follow to achieve this.

  1. Upload your script file in a Storage Account
  2. Create the Automation Account and a new Runbook
  3. Link your runbook to the Action Group in Log Analytics Alerts

We will go into more detail for each step.

1) Upload Your Script File in a Storage Account

The first step is to upload the script file that will run whenever your defined alert is raised. Go to your Storage Account and click on Blobs.

Click on Add a Container and set the Public access level to Container Level.

Next, upload the script file by clicking Upload:

You will need to copy the blob file URL as you will need this later:

2) Create the Automation Account and a New Runbook

Let’s create a new Automation Account. Click Yes to create a new Run As Account.

Once created, go to Runbooks. Here we will add the PowerShell Script that will be used to trigger the action. Click on Create a Runbook. In my case this Runbook will retrieve a PowerShell script from a Storage Account and execute it within the machine I define inside the Runbook.

Add the following code inside of the Runbook (click here to copy code from Gitbhub):

Let’s take a closer look at how to get the values for each key component of the script as seen below:

To create this, we need to go to our Automation Account and click on Credentials:

Add a new set of credentials. This account must have appropriate permissions to be able to run a script inside of the VM. On to the next portion of the script.

This one is fairly obvious, you just need the Name, Resource Location, and Resource Group. Next you'll need to insert the URL of your Blob file that you saved earlier:

Now everything comes together at the end:

We will use the Custom Script Extension to run this specific script on the target machine. We must use all of the variables we gathered and also put the name of the script we want to trigger as well as the friendly name of the extension we will create on the VM.

This line is very important because it will help us to rerun the script on the machine:

-ForceRerun $(New-Guid).Guid `

If you don’t include this portion, the script will try to install the Extension on the machine again. We just need it to run whenever the alert is triggered.

3) Link Your Runbook to the Action Group in Log Analytics Alerts

The final step is to go to the Alerts section of Log Analytics and create a new Management Action Group:

Let’s create a new Action Group:

Select Automation Runbooks as the Action Type. Here we can select the Runbook we previously created:

Click OK. Now let’s link this action group to the Alert itself. On Action Groups click Select Existing to add the action group we just created:

Click on Save. Now whenever the alert is raised you will run our custom script on the target machine you specified on the Runbook.