Set-AzureRmActivityLogAlert

Creates a new or sets an existing activity log alert.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Set-AzureRmActivityLogAlert
   -Location <String>
   -Name <String>
   -ResourceGroupName <String>
   -Scope <System.Collections.Generic.List`1[System.String]>
   -Condition <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertLeafCondition]>
   -Action <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup]>
   [-DisableAlert]
   [-Description <String>]
   [-Tag <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzureRmActivityLogAlert
   [-Location <String>]
   [-Scope <System.Collections.Generic.List`1[System.String]>]
   [-Condition <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertLeafCondition]>]
   [-Action <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup]>]
   [-DisableAlert]
   [-Description <String>]
   [-Tag <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   -ResourceId <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzureRmActivityLogAlert
   [-Scope <System.Collections.Generic.List`1[System.String]>]
   [-Condition <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertLeafCondition]>]
   [-Action <System.Collections.Generic.List`1[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup]>]
   [-Description <String>]
   [-Tag <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   -InputObject <PSActivityLogAlertResource>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzureRmActivityLogAlert cmdlet creates a new or sets an existing activity log alert. For tags, conditions, and actions the objects must be created in advance and passed as parameters in this call as a comma separated (see the example below). This cmdlet implements the ShouldProcess pattern, i.e. it might request confirmation from the user before actually creating/modifying the resource. NOTE: This cmdlet and its related ones replaces the deprecated (November 2017) Add-AzureRmLogAlertRule.

Examples

Example 1: Create an Activity Log Alert

PS C:\>$location = 'Global'
PS C:\>$alertName = 'myAlert'
PS C:\>$resourceGroupName = 'theResourceGroupName'
PS C:\>$condition1 = New-AzureRmActivityLogAlertCondition -Field 'field1' -Equals 'equals1'
PS C:\>$condition2 = New-AzureRmActivityLogAlertCondition -Field 'field2' -Equals 'equals2'
PS C:\>$dict = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]"
PS C:\>$dict.Add('key1', 'value1')
PS C:\>$actionGrp1 = New-AzureRmActionGroup -ActionGroupId 'actiongr1' -WebhookProperties $dict
PS C:\>Set-AzureRmActivityLogAlert -Location $location -Name $alertName -ResourceGroupName $resourceGroupName -Scope 'scope1','scope2' -Action $actionGrp1 -Condition $condition1, $condition2

The first four commands create leaf condition and action group. The final command creates an Activity Log Alert using the condition and the action group.

Example 2: Create an Activity Log Alert disabled

PS C:\>$location = 'Global'
PS C:\>$alertName = 'myAlert'
PS C:\>$resourceGroupName = 'theResourceGroupName'
PS C:\>$condition1 = New-AzureRmActivityLogAlertCondition -Field 'field1' -Equals 'equals1'
PS C:\>$condition2 = New-AzureRmActivityLogAlertCondition -Field 'field2' -Equals 'equals2'
PS C:\>$dict = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]"
PS C:\>$dict.Add('key1', 'value1')
PS C:\>$actionGrp1 = New-AzureRmActionGroup -ActionGroupId 'actiongr1' -WebhookProperties $dict
PS C:\>Set-AzureRmActivityLogAlert -Location $location -Name $alertName -ResourceGroupName $resourceGroupName -Scope 'scope1','scope2' -Action $actionGrp1 -Condition $condition1, $condition2 -DisableAlert

The first four commands create leaf condition and action group. The final command creates an Activity Log Alert using the condition and the action group, but it creates the alert disabled.

Example 3: Set an activity log alert based using a value from the pipe or the InputObject parameter

PS C:\>Get-AzureRmActivityLogAlert -Name $alertName -ResourceGroupName $resourceGroupName | Set-AzureRmActivityLogAlert
PS C:\>$alert = Get-AzureRmActivityLogAlert -Name $alertName -ResourceGroupName $resourceGroupName
PS C:\>$alert.Description = 'Changing the description'
PS C:\>$alert.Enabled = $false
PS C:\>Set-AzureRmActivityLogAlert -InputObject $alert

The first command is similar to a nop, it sets the alert with the same values it already contained The rest of the commands retrieve the alert rule, change the description and disable it, then use the InputObject parameter to persist those changes

Example 4: Set an activity log alert based using the ResourceId value from the pipe

PS C:\>Find-AzureRmResource -ResourceGroupEquals "myResourceGroup" -ResourceNameEquals "myLogAlert" | Set-AzureRmActivityLogAlert -DisableAlert

If the given log alert rule exists this command disables it.

Parameters

-Action

The list of action groups for the activity log alert.

Type:List<T>[ActivityLogAlertActionGroup]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Condition

The list of conditions for the activity log alert. NOTE: In the list of conditions there must be at least one with the Field equal to "Category". The backend responds with 400 (BadRequest) if this condition is not present.

Type:List<T>[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertLeafCondition]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The description of the alert resource.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DisableAlert

Allows the user to create a disabled the activity log alert. If not given, the alerts are created enabled.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Sets the InputObject tags property of the call to extract the required name, and resource group name properties.

Type:PSActivityLogAlertResource
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Location

The location where the activity log alert will exist.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

The name of the activity log alert.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

The name of the resource group where the alert resource is going to exist.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceId

Sets the ResourceId tags property of the call to extract the required name, resource group name properties.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Scope

The list of scopes for the activity log alert.

Type:List<T>[String]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Tag

Sets the tags property of the activity log alert resource.

Type:Dictionary<TKey,TValue>[System.String,System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

List<T>[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

List<T>[[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertLeafCondition, Microsoft.Azure.Commands.Insights, Version=5.1.0.0, Culture=neutral, PublicKeyToken=null]]

List<T>[[Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup, Microsoft.Azure.Commands.Insights, Version=5.1.0.0, Culture=neutral, PublicKeyToken=null]]

Dictionary<TKey,TValue>[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

PSActivityLogAlertResource

Parameters: InputObject (ByValue)

Outputs

PSActivityLogAlertResource