This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Goal
Create a server restart alert for all servers in our environment (Azure VMs & Arc servers)
Azure VMs
We can use the Azure Activity Logs to alert on an Azure VM being restarted. One downside of this is that we have 50 Azure subscriptions, so an alert needs to be set up for at least every subscription that has production virtual machines.
Arc Servers
We have enabled VM Insights and are collecting logs in 1 Log Analytics Workspace for all Arc servers.
My question is how can I create an alert that tells us when an Arc server has been restarted? Most of these are on-prem Windows servers.
One article suggests using a Log alert on the (Windows) Event table, but Windows Events are not sent to our Log Analytics Workspace by default.
@Josh Washburn Welcome to Microsoft Q&A, thank you for reaching out with your query.
My sincere apologies for delay in getting back to this thread.
Regarding your question, recommendation is to use Azure monitoring, with the restart event.
However checking in to see have you already enabled the windows event logs within the workspace as documented here. If you haven't already reviewed this document, can you please check and let us know if you have any queries. Thank you
@Josh Washburn Checking in to see if you had a chance to review the above comments and let us know if you have any further queries. Thank you
Hi @bharathn-msft ,
Yes, we had to enable the collection of System logs and specifically the information category. Then we created an alert to look for Event ID 1074. This is exactly what we were looking for so that we can be notified when an Azure Arc server is rebooted.
Thank you!
Josh
Thanks a lot @Josh Washburn for your response and sharing it for broader community usage. For any future queries, please do come back to Microsoft Q&A , our community members, MVP's or our team will try to help you.