Невозможно создать пользовательское правило оповещения журнала активности с помощью шаблона ARM, Powershell или runbook учетной записи автоматизации
Я пытаюсь создать пользовательское правило оповещения журнала активности, но независимо от того, какой метод я пробую, он приводит к ошибкам, как показано ниже, или шаблон ARM не создает указанные условия, хотя он успешен, и не могу понять, что мне нужно сделать:
Код PowerShell:
$RG = "Lab"
$location = 'Global'
$alertName = "Test Storage Account Administrative Operations"
$scope = "/subscriptions/[subID]/[RG]/providers/Microsoft.Storage/storageAccounts/staccountname"
$condition1 = New-AzActivityLogAlertCondition -Field 'Category' -Equal 'Administrative'
$condition2 = New-AzActivityLogAlertCondition -Field 'operationName' -Equal 'Microsoft.Storage/storageAccounts/blobServices/containers/write'
$dict = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]"
$dict.Add('key1', 'Value1')
$actionGrp1 = New-AzActionGroup -ActionGroupId $actiongroupid -WebhookProperty $dict
set-AzActivityLogAlert -Location $location -Name $alertname -ResourceGroupName $rg -Scope $scope -Action $actionGrp1 -Condition $condition1, $condition2
Ошибка PowerShell:
WARNING: 10:16:40 - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases.
WARNING: 10:16:40 - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes.
Set-AzActivityLogAlert:
Line |
12 | set-AzActivityLogAlert -Location $location -Name $alertname -Resource …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception type: ErrorResponseException, Message: Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'BadRequest'
at Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperations.CreateOrUpdateWithHttpMessagesAsync(String resourceGroupName, String activityLogAlertName, ActivityLogAlertResource activityLogAlert, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperationsExtensions.CreateOrUpdateAsync(IActivityLogAlertsOperations operations, String resourceGroupName, String activityLogAlertName, ActivityLogAlertResource activityLogAlert, CancellationToken cancellationToken)
at Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperationsExtensions.CreateOrUpdate(IActivityLogAlertsOperations operations, String resourceGroupName, String activityLogAlertName, ActivityLogAlertResource activityLogAlert)
at Microsoft.Azure.Commands.Insights.ActivityLogAlert.SetAzureRmActivityLogAlertCommand.ProcessRecordInternal()
at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase: Null
Код шаблона ARM:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"activityLogAlertName": {
"defaultValue": "Test1",
"type": "String",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"activityLogAlertEnabled": {
"defaultValue": true,
"type": "Bool",
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"actionGroupResourceId": {
"defaultValue": "/subscriptions/[subID]]/resourceGroups/FLab/providers/microsoft.insights/actionGroups/actiongroup2",
"type": "String",
"metadata": {
"description": "Resource Id for the Action group."
}
},
"condition1": {
"defaultValue": "Administrative",
"type": "String",
"metadata": {
"description": "condition value"
}
},
"condition2": {
"defaultValue": "Microsoft.Storage/storageAccounts/blobServices/containers/write",
"type": "String",
"metadata": {
"description": "condition value"
}
},
"condition3": {
"defaultValue": "Microsoft.Storage/storageAccounts/blobServices/containers",
"type": "String",
"metadata": {
"description": "condition value"
}
},
"condition4": {
"defaultValue": "Succeeded",
"type": "String",
"metadata": {
"description": "condition value"
}
},
"condition5": {
"defaultValue": "Created",
"type": "String",
"metadata": {
"description": "condition value"
}
}
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('activityLogAlertName')]",
"location": "Global",
"properties": {
"enabled": "[parameters('activityLogAlertEnabled')]",
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "Category",
"equals": "[parameters('condition1')]"
},
{
"field": "operationName",
"equals": "[parameters('condition2')]"
},
{
"field": "resourceType",
"equals": "[parameters('condition3')]"
},
{
"field": "Status",
"equals": "[parameters('condition4')]"
},
{
"field": "subStatus",
"equals": "[parameters('condition5')]"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "[parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
Результат шаблона ARM:
Automation account runbook:
$RG = "Lab"
$location = 'Global'
$alertName = "Test Storage Account Administrative Operations"
$scope = "/subscriptions/[subID]/[RG]/providers/Microsoft.Storage/storageAccounts/staccountname"
$condition1 = New-AzActivityLogAlertCondition -Field 'Category' -Equal 'Administrative'
$condition2 = New-AzActivityLogAlertCondition -Field 'operationName' -Equal 'Microsoft.Storage/storageAccounts/blobServices/containers/write'
$dict = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]"
$dict.Add('key1', 'Value1')
$actionGrp1 = New-AzActionGroup -ActionGroupId $actiongroupid -WebhookProperty $dict
set-AzActivityLogAlert -Location $location -Name $alertname -ResourceGroupName $rg -Scope $scope -Action $actionGrp1 -Condition $condition1, $condition2
Automation Account error:
10:27:45 AM - *** The namespace for all the model classes will change from
Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases.
10:27:45 AM - *** The namespace for output classes will be uniform for all classes in future releases to make it
independent of modifications in the model classes.
set-AzActivityLogAlert : Exception type: MissingMethodException, Message: System.MissingMethodException: Method not
found: 'System.String
Microsoft.WindowsAzure.Commands.Utilities.Common.GeneralUtilities.GetLog(System.Net.Http.HttpRequestMessage)'.
at Microsoft.Azure.Commands.ResourceManager.Common.ServiceClientTracingInterceptor.SendRequest(String invocationId,
HttpRequestMessage request)
at Microsoft.Rest.ServiceClientTracing.SendRequest(String invocationId, HttpRequestMessage request)
at
Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperations.<CreateOrUpdateWithHttpMessagesAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperationsExtensions.<CreateOrUpdateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at
Microsoft.Azure.Management.Monitor.ActivityLogAlertsOperationsExtensions.CreateOrUpdate(IActivityLogAlertsOperations
operations, String resourceGroupName, String activityLogAlertName, ActivityLogAlertResource activityLogAlert)
at Microsoft.Azure.Commands.Insights.ActivityLogAlert.SetAzureRmActivityLogAlertCommand.ProcessRecordInternal()
at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase:
Null
At line:24 char:1
+ set-AzActivityLogAlert -Location $location -Name $alertname -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzActivityLogAlert], PSInvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Insights.ActivityLogAlert.SetAzureRmActivityLogAlertCommand
References:
set-azactivitylogalert method -
https://docs.microsoft.com/en-us/powershell/module/az.monitor/set-azactivitylogalert?view=azps-5.4.0
ARM template method -
Любая помощь по этому вопросу будет замечательной!
1
задан i2D
7 February 2021 в 13:26
Ссылка
1 ответ
Хорошо, мне удалось выяснить, как создать это правило, единственный работающий вариант - это развертывание шаблона JSON, мой пример ниже:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"activityLogAlertName": {
"defaultValue": "Test rule name",
"type": "String",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"activityLogAlertEnabled": {
"defaultValue": true,
"type": "Bool",
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"actionGroupResourceId": {
"defaultValue": "/subscriptions/{SUBID}/resourceGroups/{RG}/providers/microsoft.insights/actionGroups/actiongroup1",
"type": "String",
"metadata": {
"description": "Resource Id for the Action group."
}
},
"Category": {
"defaultValue": "Administrative",
"type": "String",
"metadata": {
"description": "category value"
}
},
"Level": {
"defaultValue": "Informational",
"type": "String",
"metadata": {
"description": "level value"
}
},
"operationName": {
"defaultValue": "Microsoft.Storage/storageAccounts/blobServices/containers/write",
"type": "String",
"metadata": {
"description": "operationName value"
}
},
"Status": {
"defaultValue": "Succeeded",
"type": "String",
"metadata": {
"description": "Status value"
}
},
"subStatus": {
"defaultValue": "Created",
"type": "String",
"metadata": {
"description": "subStatus value"
}
},
"resourceType": {
"defaultValue": "Microsoft.Storage/storageAccounts/blobServices/containers",
"type": "String",
"metadata": {
"description": "resourceType value"
}
}
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('activityLogAlertName')]",
"location": "Global",
"properties": {
"enabled": "[parameters('activityLogAlertEnabled')]",
"scopes": [
"/subscriptions/{SUBID}/resourceGroups/{RG}/providers/Microsoft.Storage/storageAccounts/STAccountName"
],
"condition": {
"allOf": [
{
"field": "Category",
"equals": "[parameters('Category')]"
},
{
"field": "Level",
"equals": "[parameters('Level')]"
},
{
"field": "operationName",
"equals": "[parameters('operationName')]"
},
{
"field": "Status",
"equals": "[parameters('Status')]"
},
{
"field": "subStatus",
"equals": "[parameters('subStatus')]"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "[parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
0