question

JoshWashburn-1036 avatar image
0 Votes"
JoshWashburn-1036 asked bharathn-msft edited

Restart Alert - Azure Arc Server

Goal
Create a server restart alert for all servers in our environment (Azure VMs & Arc servers)

Azure VMs
We can use the Azure Activity Logs to alert on an Azure VM being restarted. One downside of this is that we have 50 Azure subscriptions, so an alert needs to be set up for at least every subscription that has production virtual machines.

Arc Servers
We have enabled VM Insights and are collecting logs in 1 Log Analytics Workspace for all Arc servers.

My question is how can I create an alert that tells us when an Arc server has been restarted? Most of these are on-prem Windows servers.

One article suggests using a Log alert on the (Windows) Event table, but Windows Events are not sent to our Log Analytics Workspace by default.


azure-monitorazure-arc
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JoshWashburn-1036 Welcome to Microsoft Q&A, thank you for reaching out with your query.

My sincere apologies for delay in getting back to this thread.

Regarding your question, recommendation is to use Azure monitoring, with the restart event.

However checking in to see have you already enabled the windows event logs within the workspace as documented here. If you haven't already reviewed this document, can you please check and let us know if you have any queries. Thank you

1 Vote 1 ·

@JoshWashburn-1036 Checking in to see if you had a chance to review the above comments and let us know if you have any further queries. Thank you

1 Vote 1 ·

1 Answer

JoshWashburn-1036 avatar image
1 Vote"
JoshWashburn-1036 answered bharathn-msft edited

Hi @bharathn-msft ,

Yes, we had to enable the collection of System logs and specifically the information category. Then we created an alert to look for Event ID 1074. This is exactly what we were looking for so that we can be notified when an Azure Arc server is rebooted.

Thank you!

Josh

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks a lot @JoshWashburn-1036 for your response and sharing it for broader community usage. For any future queries, please do come back to Microsoft Q&A , our community members, MVP's or our team will try to help you.

0 Votes 0 ·