Enable-AzureDiagnostics.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

<#PSScriptInfo
 
.VERSION 1.1
 
.GUID 1ce8af29-11c2-4b5a-9548-d6bb359c5bf8
 
.AUTHOR AzureAutomationTeam
 
.COMPANYNAME Microsoft
 
.COPYRIGHT
 
.TAGS AzureAutomation OMS LogAnalytics
 
.LICENSEURI
 
.PROJECTURI https://github.com/azureautomation/runbooks/blob/master/AutomationAccountManagement/Enable-AzureDiagnostics.ps1
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
VERSION 1.1
EDIT BY JENNY HUNTER
 
#>

#Requires -Module AzureRM.Insights
#Requires -Module AzureRM.OperationalInsights
#Requires -Module AzureRM.Automation
#Requires -Module AzureRM.Storage
#Requires -Module AzureRM.Resources
#Requires -Module AzureRM.profile

<#
 
.SYNOPSIS
    Configures Azure Diagnostics and Log Analytics to receive Azure Automation logs from the specified account.
    This script is intended to be run locally and will not work in Azure Automation as it requires user input.
 
 
.DESCRIPTION
    This script configures Azure Diagnostics and Log Analytics to receive Azure Automation logs containing job status and job streams.
    The logs will be sent from the specified Automation account to a generated storage account and OMS workspace.
 
    This script should run locally (outside of Azure Automation) and requires you to interactively authenticate to your Azure account.
    To use this script in Azure Automation, use a run-as account or an Automation credential to authenticate and remove all references to Read-Host.
    See https://azure.microsoft.com/en-us/documentation/articles/automation-sec-configure-azure-runas-account/ for more information on authentication to Azure.
     
 
.PARAMETER AutomationAccountName
    The name of your Automation account.
 
.PARAMETER LogAnalyticsWorkspaceName
    The name of the Log Analytics workspace that you want to send you Automation logs to.
 
 
.NOTES
    AUTHOR: AzureAutomationTeam
    LASTEDIT: September 11, 2018
 
#>


Param
(

    [Parameter(Mandatory=$true)]
    [String] $AutomationAccountName,

    [Parameter(Mandatory=$true)]
    [String] $LogAnalyticsWorkspaceName
)

#Validates that the Automation & Log Analytics resource is not null and that the correct account/workspace is being used
function Validate-Resource([string] $Name, [object] $Resource) 
{

    If ($Resource -eq $null)
    {
        throw "$Name not found."
    }
    ElseIf ($Resource.Count -gt 1) 
    {
       If ($Resource.ResourceType -eq "Microsoft.OperationalInsights/workspaces")
       {
            $RG = Read-Host -Prompt "Resource Group needed to identify Log Analytics workspace $Name.` Type the Resource Group for this workspace"
            $Resource = Get-AzureRmOperationalInsightsWorkspace -Name $Name -ResourceGroupName $RG
            if ($Workspace -eq $null) 
            {
                throw "Workspace $Name in Resource Group $RG was not found. " 
            }
       }
       ElseIf($Resource.ResourceType -eq "Microsoft.Automation/automationAccounts")
       {
            $RG = Read-Host -Prompt "Resource Group needed to identify Automation account $Name.` Type the Resource Group for this account"
            $Resource = Get-AzureRMAutomationAccount -Name $Name -ResourceGroupName $RG
            if ($Resource -eq $null) 
            {
                throw "Account $Name in Resource Group $RG was not found." 
            }
       }
    }
    return $Resource
}

$ErrorActionPreference = 'stop'

#Authenticate to your Azure account
Add-AzureRMAccount | Write-Verbose

# Find the Log Analytics workspace to configure
$Resource = Get-AzureRmResource -ResourceType "Microsoft.OperationalInsights/workspaces" -Name $LogAnalyticsWorkspaceName 
$LogAnalyticsResource = Validate-Resource -Name $LogAnalyticsWorkspaceName -Resource $Resource

# Find the Automation account to use
$Resource = Get-AzureRmResource -Name $AutomationAccountName -ResourceType Microsoft.Automation/AutomationAccounts
$AutomationResource = Validate-Resource -Name $AutomationAccountName -Resource $Resource

# Make sure name of Storage account follows Storage naming rules
$StorageAccountName = ($AutomationAccountName.ToLower() + "omsstorage") -creplace '[^a-z0-9 ]',''
If($StorageAccountName.Length -gt 23) { $StorageAccountName = $StorageAccountName.substring(0,23) }

# Check if storage account exists & create it if it does not
Try {
    $StorageAccount = Get-AzureRMStorageAccount -StorageAccountName $StorageAccountName -ResourceGroupName $AutomationResource.ResourceGroupName 
}
Catch 
{
    Write-Verbose "Creating storage account $StorageAccountName for OMS logs."
    $StorageAccount = New-AzureRMStorageAccount -StorageAccountName $StorageAccountName -Location $AutomationResource.Location -ResourceGroupName $AutomationResource.ResourceGroupName -Type Standard_LRS
}


# Enable diagnostics on the automation account to send logs to the storage account
Set-AzureRmDiagnosticSetting -ResourceId $AutomationResource.ResourceId -StorageAccountId $StorageAccount.Id -Enabled $true -RetentionEnabled $true -RetentionInDays 180

# Enable the Automation Log Analytics solution
Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName $LogAnalyticsResource.ResourceGroupName -WorkspaceName $LogAnalyticsResource.Name -Intelligencepackname AzureAutomation -Enabled $true