Shulou(Shulou.com)06/02 Report--

To continue the previous introduction to you, let's move on to the content of configuration management in Azure automation. The previous article introduced the application of inventory. Through inventory, you can quickly collect asset information from Azure and non-Azure servers.

In addition, change tracking in configuration management is also a very practical function. Through change tracking, we can monitor what has changed in the server, including file system, windows service, windows registry, etc., that is to say, once a file or service registry changes, then change tracking can capture this change, which is a good way to monitor some VM level information.

In addition to this monitoring, the contents of files can also be monitored through change tracking. For example, for some very critical files, we do not want any unexpected changes, so we can monitor them through change tracking. Once there are any changes, they will be reflected in the change tracking.

For example, we all know that host files are related to DNS parsing, which is very critical. We can monitor the contents of host files through change tracking. Let's take a look at how to implement them.

First of all, you need to open change tracking in automation. The enabling method has been written in previous blogs. If you need it, you can take a look at https://blog.51cto.com/mxyit/2350848.

When enabled, in change tracking, click edit settings

Note that in File Content, you need to link a storage account first. In this storage account, a container will be automatically created and a SAS URI will be generated at the same time. This SAS URI will contain the write permission for container. After a file is monitored, if there are any changes, it will actually be uploaded to storage account for storage and then compared.

If you want to enable file content tracking for all existing tracked files, you can select on at upload all set File contents.

After Link, you can see the associated storage account in File Content.

Later, if you want to monitor the host file, you need to add a windows file. In path, you need to enter the path of the host file. Note that you enter a wildcard path here, so that you can bring all the contents of the etc folder into the monitoring scope.

After the addition is completed, you can see this part in windows file.

After that, we try to modify the host file under the etc folder and add some other files. After waiting for a while, we go back to change tracking and find that we can already see these changes.

After right-clicking on the host file, select View content changes

You can see that what is changed will be marked significantly here.

If you find the previous storage account of link, you can find that you can see the content in container.

Next, if you want to receive some emails or sms alarms after finding changes, you can do so through alert. Click log analytics in change tracking.

Enter the content of the query, click run, and then you can see the previously monitored content. If you want to add alert, you can click new alert rule directly.

After clicking, you will jump directly to the create alert page and click condition.

Add a threshold here to indicate that alert will be triggered after several events

After that, add the action group and define the content of the message in action group.

Fill in some details of alert and you can create this alert.

After the creation is complete, you can see this information in alert rule

Then try to modify the host file, and you can see that the email has been triggered!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.