I have moved script logging to OMS

For some time I have “rewritten” my scripts to utilize variables, connections  and other assets in Azure automation. While doing this I have moved all script logging to the cloud as well.

previously all scripts were logging to a file or to the computers event log. I have some experience with sending custom data to OMS. Using their API i have sent weather data and the technique could easily be transferred to do my script logging.

I thought about  creating a module for this for a while, but luckily, the great Mr Tao Yang already did it and it is available on GitHub, PSGallery and in Azure automation. The only thing i had to do was wrap everything in a function and call that each time i needed a log entry sent from my scripts.

Based on Tao’s OMSDataInjection module. Here’s how my function looks like

<#
    .DESCRIPTION
        Function sends a entry to OMS Log analytics.
        Used to send script log entries to OMS in a 'one liner'


    .NOTES
        Requires Tao Yang's OMSDatainjection Module: https://github.com/tyconsulting/OMSDataInjection-PSModule/releases/tag/1.1.1
        Author: Martin Ehrnst
        www.adatum.no
    
    .CHANGELOG
        06.12.16: Initial function release
    
#>

param (
    [parameter(Mandatory=$true)]
    [string]$Message,
    [parameter(Mandatory=$true)]
    [ValidateSet('Information','Warning','ERROR')]
    [string]$Severity
    )

$LogEntry = @{
  ScriptName = scriptName
  Severity = $Severity
  RanAT = $env:COMPUTERNAME
  Message  = "$Message"
  LogTime  = [Datetime]::UtcNow
}

$SendLog= New-OMSDataInjection -OMSWorkSpaceId '**************' -PrimaryKey '********************************' -LogType 'test' -UTCTimeStampField 'LogTime' -OMSDataObject $LogEntry
}

The only thing you have to before you use it is to define your script name, OMSWorkspaceID, PrimaryKey and a LogType. When all is good. Call this each time you want to send a log entry

Send-LogEntry -Message "testing 123" -Severity Warning

Here is a script, from on prem to Azure Automation to run on a Hybrid worker using this function to do the logging.

Please note that since i run through azure automation i have created a connection object and reffeer to that using instead of specifying the ID and Key.

<#
    .NAME
        Close-OldSCOMAlerts.ps1


    .DESCRIPTION
        Closes SCOM alerts based on severity, resolution state, repeat count etc. Alter settings in the configuration regions.
        The script requires OpsMgr module and Azure automation. I Reccomend storing the credentials and variables as assets and run the script on a hybrid worker.
        If you want to run locally, change the script parameters and hard code the values.


    .NOTES
        Requires Operations Manager Module and Tao Yang's OMSDatainjection Module
        Author: Martin Ehrnst
        Version: 1.1 Initial (Azure automation) Release 28.11.16
        www.adatum.no
        www.intility.no
    
    .CHANGELOG
        08.12.16: Using Tao Yang's OMSDataInjectionModule to ship script logs to OMS
        Removed local logging
    
#>

#region Configuration
$ErrorActionPreference = "Continue"
#$VerbosePreference = "Continue" #Uncomment to see verbose output
[int]$RepeatCount = 2 #Alerts with less than x repeat count will close
[int]$AlertAgeHours = 3 #Alert Age (older gets closed)
[string]$AlertSeverity = "Information" #specify alert severity you want to close
[int]$ResolutionState = 0 #0 NEW
[int]$SetState = 255 #255 CLOSED
[string]$Comment = "Alert closed by script in azure automation" #Comment to set on the closed alerts
#endregion

#region Modules
Import-Module "C:\Program Files\WindowsPowerShell\Modules\OMSDataInjection\1.1.1\OMSDataInjection.psm1"

$module = Get-Module -Name OperationsManager
if (!$module){
    Write-Verbose "Could not find SCOM Module. Importing"
    Import-Module OperationsManager -Cmdlet Get-SCOMalert, New-SCOMManagementGroupConnection, Update-SCOMAlert, Set-SCOMAlert
    }
#endregion

#region OMSLogging
    $OMSWorkspace = Get-AutomationConnection 'I2-Intility-Test'
    
    
function Send-LogEntry{
<#
    .DESCRIPTION
        Function sends a entry to OMS Log analytics.
        Used to send script log entries to OMS in a 'one liner'


    .NOTES
        Requires Tao Yang's OMSDatainjection Module: https://github.com/tyconsulting/OMSDataInjection-PSModule/releases/tag/1.1.1
        Author: Martin Ehrnst
        www.adatum.no
        www.intility.no
    
    .CHANGELOG
        06.12.16: Initial function release
    
#>
param (
    [parameter(Mandatory=$true)]
    [string]$Message,
    [parameter(Mandatory=$true)]
    [ValidateSet('Information','Warning','ERROR')]
    [string]$Severity
    )

$LogEntry = @{
  ScriptName = 'Close-OldSCOMAlerts.ps1'
  Severity = $Severity
  RanAT = $env:COMPUTERNAME
  Message  = $Message
  LogTime  = [Datetime]::UtcNow
}

$SendLog= New-OMSDataInjection -OMSConnection $OMSWorkspace -LogType 'AutomationLogs' -UTCTimeStampField 'LogTime' -OMSDataObject $LogEntry

}
#endregion

Send-LogEntry -Message "Starting azure automation runbook to close old scom alerts" -Severity Information

#region AzureConfig
    
    $SCOMOperator = Get-AutomationPSCredential -Name 'AzureAutomationSCOMOperator'
    $SCOMManagementServer = Get-AutomationVariable -Name 'SCOMProdSDKServer'

#endregion

Try {
    #Connecting to SCOM management server
    Write-Verbose "Connecting to $ManagementServer"
    New-SCOMManagementGroupConnection -ComputerName $SCOMManagementServer -Credential $SCOMOperator
    }
Catch {
    Write-Error "$_.Exception.Message"

    Send-LogEntry -Message "$_.Exception.Message" -Severity ERROR
    }

#Actual alert work
$Date = (Get-Date).AddHours(-$AlertAgeHours).ToUniversalTime() #Setting Alert age and converting to UTC

$Alerts = Get-ScomAlert | where {$_.TimeRaised -lt $Date `
    -and $_.ResolutionState -eq $ResolutionState `
    -and $_.Severity -match $AlertSeverity `
    -and $_.RepeatCount -lt $RepeatCount `
    -and $_.IsMonitorAlert -eq $false
    }
if ($Alerts){
        $count = $alerts.Count
        Send-LogEntry -Message "Closing $count alerts" -Severity Information
       
        $alerts | Set-SCOMAlert -ResolutionState $SetState -Comment $Comment
        Send-LogEntry -Message "Finished - closed $count alerts" -Severity Information
        Write-Output "closed $count alerts"
    }
else{
    Write-Output "No old alerts to close. Exiting script"
    Send-LogEntry -Message "Finished. No alerts to close" -Severity Information
    }

 

Posted by Martin Ehrnst

Working as a systems engineer in one of Norway's leading enterprise cloud providers. Mainly working with System Center, Azure and Windows server products

*All post are personal

Engage by commenting