Jul 22 2019 08:47 PM
Jul 22 2019 08:47 PM
How to monitor services in Azure VMs like IIS, MSSQL or any other Windows service. Here we already have integration with service-now and want to achieve if Windows service is down we will get alert and then once service is online it will resolve the alert or it will not regenerate alert at frequency.
Thanks in advance.
Jul 22 2019 10:34 PMSolution
HIi @Rahul_Mahajan you cannot achieve fully the scenario of closing the alert once the service is up. You can only achieve to get alert once the service is down. I have blogged about this here:
The method described there is by using the System event log but the same thing can be achieved with using Change Tracking solution which also tracks Windows Services states. In our book Inside Azure Management we have descried the scenario with using Change tracking as well. The example in the scenario also includes automatic service remediation by starting the service on the VM via runbook. This is described in the Automation chapter.
Jul 23 2019 01:19 AM - edited Jul 23 2019 01:19 AM
When I am running below query, always getting 0 results even if selecting time rage 4 months or more :
| where EventLog == "System" and EventID == 7036 and Source == 'Service Control Manager'
| parse kind=relaxed EventData with * '<Data Name="param1">' Windows_Service_Name '</Data><Data Name="param2">' Windows_Service_State '</Data>' *
| sort by TimeGenerated desc
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated
Also is it ok to use this to fetch :
| where SvcName =~ "w3svc"
| where SvcState != "Running"
| project Computer, SvcName, SvcDisplayName, SvcState, TimeGenerated, SvcStartupType, SvcAccount, SourceSystem
As in your blog you have said change tracking is having some delay to collect data.
Jul 23 2019 01:23 AM
@Rahul_Mahajan For the first query you need to ingest the System log from all your Windows machines. In overall I would recommend using Change Tracking (ConfigurationData) if you are already using it or if the cost of that data is ok with you. The good thing with Azure Monitor is that there are multiple paths for some things.
Keep in mind that when you have to build the query for the alert it needs to have certain things like AggregatedValue. In the book example you will see how the query looks.
Jul 23 2019 01:32 AM
@Rahul_Mahajan Download the book I have pasted link to. Open Chapter 10 - section Automated Alert Remediation. Read it. The latest working code is here: https://github.com/slavizh/InsideAzureMgmt-1/tree/master/Chapter10/Remediate soon the book will be updated with that code.
Jul 23 2019 01:48 AM
@Rahul_Mahajan It is best to open new threads for new issues/questions. That way other folks will find information easier. Azure SQL has diagnostic logs and metrics which can be send to Log Analytics and you can create alerts based on them. Even without sending metrics to Log Analytics you can create metric alerts (those are per resource).
Jul 30 2019 02:22 AM
When I am trying to change - change tracking frequency to 10 seconds its not working. it says task completed successfully but again it revert back to 30 seconds.
Can someone confirm which level of access is required to do this task and also how to easily identify in future which level of access is required for other tasks in Azure monitoring and Update management.