loadBalancers
Load Balancer Monitoring Design Load balancer (Internal and external ) in Azure distribute traffic to the backend applications and hence when it comes to monitoring there are multiple use cases for monitoring. Usually, the intent of monitoring is either to monitor application or the availability of the load balancer. Load balancers are exposed internally & externally and therefore data path availability is another dimension which may require monitoring. Telemetry from session analysis, response time analysis and connectivity analysis aid in analyzing root cause of performance issues of a load balancer and underlying application.
We could look in detail into SNAT port exhausting or port already in used when load balancer is not responding or accepting new connection to see and understand the pattern of traffic. Overall, Load balancer telemetry can group for performance analysis and availability analysis. Performance analysis can be further narrowed down to analyzing slow response or unavailability of load balancer or underlying application.
Availability is broken down to load balancer availability & data path availability as well as availability of underlying application.
The following diagram explains the most common scenarios and use cases for load balancer monitoring.
flowchart LR A[Performance Monitoring]-->B[Bandwidth Usage Analysis] A-->C[Session Analysis] A-->D[Response Time Analysis] B-->R2[Bytecount] B-->R13[Packetcount] C-->R3[SnatconnectionCount] C-->R4[DipAvailability] D-->PM[Use Network Performance Monitor] A-->CA[Connectivity Analysis] CA-->CNN[Concurrent Connection] CA-->NC[New Connection] CA-->CE[Connection Error Rate] CNN-->R5[Allocatedsnatports] CNN-->R6[Usedsnartports] NC-->R7[SnatconnectionCount] CE-->R8[SynCount] AA[Availability Analysis]-->HC[Backend availability] AA-->FOD[Failover Detection] AA-->AR[Load Balancer Availability] HC-->R10[DipAvailability] FOD-->R11[HealthProbLog] AR-->R12[VipAvailability]
Name | Type | Description |
---|---|---|
AllocatedSnartPorts | Metric | total number of port allocated for SNAT |
Byte Count | Metric | Total number of bytes passing through load balancer |
DipAvailability | Metric | Average Load Balancer health probe status per time duration |
GlobalBackendAvailability | Metric | Metric Alert for Global Backend Availability |
PacketCount | Metric | total number of packet passing through load balancer |
SnatConnectionCount | Metric | Total number of new SNAT connections created within time period |
SYNCount | Metric | number of syn packet which represent an attempt to establish tcp connection. |
UsedSNATPorts | Metric | Metric Alert for ALB Used SNAT Ports |
VipAvailability | Metric | Average Load Balancer data path availability per time duration |
Dashboards:
Click a tab to view the dashboard template
{
"__inputs": [],
"__elements": {},
"__requires": [
{
"type": "panel",
"id": "bargauge",
"name": "Bar gauge",
"version": ""
},
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "9.5.12"
},
{
"type": "datasource",
"id": "grafana-azure-monitor-datasource",
"name": "Azure Monitor",
"version": "1.0.0"
}
],
"title": "Load balancers",
"editable": true,
"links": [],
"liveNow": false,
"panels": [
{
"title": "AllocatedSnartPorts",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'AllocatedSnartPorts'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Byte Count",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'Bytecount'\r\n| summarize metric = avg(Total) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "DipAvailability",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'DipAvailability'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "GlobalBackendAvailability",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 8
},
"id": 4,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'GlobalBackendAvailability'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "PacketCount",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 5,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'PacketCount'\r\n| summarize metric = avg(Total) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "SnatConnectionCount",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 6,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'SnatConnectionCount'\r\n| summarize metric = avg(Total) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "SYNCount",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 24
},
"id": 7,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'SYNCount'\r\n| summarize metric = avg(Total) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "UsedSNATPorts",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 900
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 24
},
"id": 8,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'UsedSNATPorts'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "VipAvailability",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 32
},
"id": 9,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.Network/loadBalancers'\r\n| where MetricName has 'VipAvailability'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
}
],
"refresh": "",
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {},
"hide": 0,
"includeAll": false,
"label": "Datasource",
"multi": false,
"name": "ds",
"options": [],
"query": "grafana-azure-monitor-datasource",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"definition": "",
"hide": 0,
"includeAll": false,
"label": "Subscription",
"multi": false,
"name": "sub",
"options": [],
"query": {
"azureLogAnalytics": {
"query": "",
"resources": []
},
"queryType": "Azure Subscriptions",
"refId": "A"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"version": null
}
AllocatedSnartPorts - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | AllocatedSnartPorts |
metricNamespace | Microsoft.Network/loadBalancers |
severity | 1 |
timeAggregation | Average |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "total number of port allocated for SNAT",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "AllocatedSnartPorts",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'total number of port allocated for SNAT'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = ''
@description('The threshold value at which the alert is activated.')
param threshold int =
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'AllocatedSnartPorts'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "5b64d91c-54de-4f8c-a5d6-054967f4ceaf",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Network loadBalancers AllocatedSnartPorts Alert",
"description": "Policy to Audit/Deploy Network loadBalancers AllocatedSnartPorts Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": ""
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "AllocatedSnartPorts"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": ""
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-AllocatedSnartPorts-threshold-Override_'), field('tags._amba-AllocatedSnartPorts-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-AllocatedSnartPorts')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers AllocatedSnartPorts",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "AllocatedSnartPorts",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "AllocatedSnartPorts",
"operator": "",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-AllocatedSnartPorts-threshold-Override_'), field('tags._amba-AllocatedSnartPorts-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Byte Count - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | Bytecount |
metricNamespace | Microsoft.Network/loadBalancers |
severity | 1 |
timeAggregation | Total |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Total number of bytes passing through load balancer",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Total",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Bytecount",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Total number of bytes passing through load balancer'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = ''
@description('The threshold value at which the alert is activated.')
param threshold int =
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Total'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Bytecount'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
DipAvailability - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | DipAvailability |
metricNamespace | Microsoft.Network/loadBalancers |
operator | LessThan |
severity | 0 |
threshold | 90 |
timeAggregation | Average |
windowSize | PT5M |
References:
Azure Monitor supported metrics by resource type - Azure Load Balancer |
Are Backend Instances for my Load-Balancer Responding to Probes |
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average Load Balancer health probe status per time duration",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 0,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "DipAvailability",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average Load Balancer health probe status per time duration'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 0
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'DipAvailability'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "a39efd3b-04ef-48d4-a862-053092bdd6e5",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy ALB Health Probe Status Alert",
"description": "Policy to Audit/Deploy ALB Health Probe Status Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "0"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "DipAvailability"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-DipAvailability')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers DipAvailability",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "DipAvailability",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "DipAvailability",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
GlobalBackendAvailability - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | GlobalBackendAvailability |
metricNamespace | Microsoft.Network/loadBalancers |
operator | LessThan |
severity | 0 |
threshold | 90 |
timeAggregation | Average |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Metric Alert for Global Backend Availability",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 0,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "GlobalBackendAvailability",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Metric Alert for Global Backend Availability'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 0
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'GlobalBackendAvailability'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "055c20da-0d21-4c6a-a80b-f2c4b3887804",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy ALB Global Backend Availability Alert",
"description": "Policy to Audit/Deploy ALB Global Backend Availability Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "0"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "GlobalBackendAvailability"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-GlobalBackendAvailability')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers GlobalBackendAvailability",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "GlobalBackendAvailability",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "GlobalBackendAvailability",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
PacketCount - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | PacketCount |
metricNamespace | Microsoft.Network/loadBalancers |
severity | 1 |
timeAggregation | Total |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "total number of packet passing through load balancer",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Total",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "PacketCount",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'total number of packet passing through load balancer'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = ''
@description('The threshold value at which the alert is activated.')
param threshold int =
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Total'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'PacketCount'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "d766dc3e-42cc-42a7-ba4f-3c1d7fa295c5",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Network loadBalancers PacketCount Alert",
"description": "Policy to Audit/Deploy Network loadBalancers PacketCount Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": ""
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "PacketCount"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Total"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": ""
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-PacketCount-threshold-Override_'), field('tags._amba-PacketCount-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-PacketCount')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers PacketCount",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "PacketCount",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "PacketCount",
"operator": "",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Total",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-PacketCount-threshold-Override_'), field('tags._amba-PacketCount-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
SnatConnectionCount - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
dimensions |
|
evaluationFrequency | PT5M |
metricName | SnatConnectionCount |
metricNamespace | Microsoft.Network/loadBalancers |
operator | GreaterThan |
severity | 1 |
threshold | 0 |
timeAggregation | Total |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Total number of new SNAT connections created within time period",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Total",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "SnatConnectionCount",
"dimensions": [{"operator": "include", "name": "connectionstate", "values": ["failed"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Total number of new SNAT connections created within time period'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Total'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'SnatConnectionCount'
dimensions: [
{
name: 'connectionstate'
operator: 'include'
values: ['failed']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "39d3123b-daaa-4f70-97a3-8a4f326104af",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Network loadBalancers SnatConnectionCount Alert",
"description": "Policy to Audit/Deploy Network loadBalancers SnatConnectionCount Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "0"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "SnatConnectionCount"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Total"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-SnatConnectionCount-threshold-Override_'), field('tags._amba-SnatConnectionCount-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-SnatConnectionCount')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers SnatConnectionCount",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "SnatConnectionCount",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "SnatConnectionCount",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Total",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-SnatConnectionCount-threshold-Override_'), field('tags._amba-SnatConnectionCount-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
SYNCount - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | SYNCount |
metricNamespace | Microsoft.Network/loadBalancers |
severity | 1 |
timeAggregation | Total |
windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "number of syn packet which represent an attempt to establish tcp connection.",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Total",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "SYNCount",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'number of syn packet which represent an attempt to establish tcp connection.'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = ''
@description('The threshold value at which the alert is activated.')
param threshold int =
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Total'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'SYNCount'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "94c90db6-8fd7-460c-b704-c2a429913376",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Network loadBalancers SYNCount Alert",
"description": "Policy to Audit/Deploy Network loadBalancers SYNCount Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": ""
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "SYNCount"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Total"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": ""
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-SYNCount-threshold-Override_'), field('tags._amba-SYNCount-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-SYNCount')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers SYNCount",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "SYNCount",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "SYNCount",
"operator": "",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Total",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-SYNCount-threshold-Override_'), field('tags._amba-SYNCount-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
UsedSNATPorts - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | UsedSNATPorts |
metricNamespace | Microsoft.Network/loadBalancers |
operator | GreaterThan |
severity | 1 |
threshold | 900 |
timeAggregation | Average |
windowSize | PT5M |
References:
Azure Monitor supported metrics by resource type - Azure Load Balancer |
Load-Balancer Alerts |
Check My SNAT Port Usage and Allocation |
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Metric Alert for ALB Used SNAT Ports",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "900",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "UsedSNATPorts",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Metric Alert for ALB Used SNAT Ports'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 900
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'UsedSNATPorts'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "a92cb746-f19f-450b-b413-8b9710b0176b",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy ALB Used SNAT Ports Alert",
"description": "Policy to Audit/Deploy ALB Used SNAT Ports Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "900"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "UsedSNATPorts"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-UsedSNATPorts')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for Network loadBalancers UsedSNATPorts",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "UsedSNATPorts",
"metricNamespace": "Microsoft.Network/loadBalancers",
"metricName": "UsedSNATPorts",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
VipAvailability - Metric Alert
Properties:
autoMitigate | false |
criterionType | StaticThresholdCriterion |
evaluationFrequency | PT1M |
metricName | VipAvailability |
metricNamespace | Microsoft.Network/loadBalancers |
operator | LessThan |
severity | 0 |
threshold | 90 |
timeAggregation | Average |
windowSize | PT5M |
References:
Azure Monitor supported metrics by resource type - Azure Load Balancer |
Azure Load Balancer Multi-Demensional-Metrics |
Is The Data Path Up and Available for My Load-Balancer |
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average Load Balancer data path availability per time duration",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 0,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "VipAvailability",
"dimensions": [],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average Load Balancer data path availability per time duration'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 0
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'VipAvailability'
dimensions: [[]]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "b239797f-e627-4e48-8609-94db72098c3d",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy ALB Data Path Availability Alert",
"description": "Policy to Audit/Deploy ALB Data Path Availability Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "Network",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "0"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue":