Search
  • AmistadGroup

Azure Automation: Enable Diagnostic Settings

Azure Diagnostic Logs are logs emitted by a resource that provide rich, frequent data about the operation of that resource. To enable Azure Diagnostic Settings you can do this manually by Azure Portal or by PowerShell/CLI via Azure Cloud Shell.


Initially, when I looked at this topic I created a PowerShell script in Azure Automation to do this task automatically, I mean I was looking for an automated solution to enable logs to be sent to a log analytics workspace and also to a storage account. For each resource that I have on a subscription, I enabled Azure Diagnostic Settings using this piece of code


Set-AzDiagnosticSetting `
   -Name "LogAnalyticsName" `
   -ResourceId "LogAnalyticsResourceID" `
   -Enabled $true `
   -WorkspaceId "WorkspaceAccountID"
  Set-AzDiagnosticSetting `
   -Name "DiagnosticSettingsName" `
   -ResourceId "ResourceIDForWhichYouEnableDiagnosticSettings" `
   -Enabled $true `
   -RetentionEnabled $true `
   -RetentionInDays "90" `
   -StorageAccountId "StorageAccountID"

As you can see with this piece of code I enable the logs to be sent to a Log Analytics Workspace and also to a storage account where to keep them for a period of 90 days.

Everything was fine for a very long period of time until a new release was deployed and suddenly diagnostic settings were no longer enabled and the retention period was no longer enforced.

I started troubleshooting this issue because I really wanted to have this implemented automatically by my PowerShell script way.

Finally, I managed to resolve this issue by understanding the fact that I need to go into each diagnostic settings category or metrics to enable and also enable the retention period, and for that, I used this piece of code

For storage account

$azdiag = Get-AzDiagnosticSetting -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings"
$azdiagLogs = $azdiag.Logs
foreach ($azdiagLog in $azdiagLogs) { 
 Set-AzDiagnosticSetting `
  -Name "CategoryDiagnosticSettingsName" `
  -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings" `
  -Enabled $True `
  -EnableLog $True `
  -Category $azdiagLog.Category `
  -StorageAccountId "StorageAccountID" `
  -RetentionEnabled $true `
  -RetentionInDays 10
}
$azdiagMetrics = $azdiag.Metrics
foreach ($azdiagMetric in $azdiagMetrics) {
 Set-AzDiagnosticSetting `
  -Name "MetricDiagnosticSettingsName" `
  -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings" `
  -Enabled $True `
  -EnableMetrics $True `
  -MetricCategory $azdiagMetric.Category `
  -StorageAccountId $storageID `
  -RetentionEnabled $True `
  -RetentionInDays 10
}

For Log Analytics Workspace


$azdiag = Get-AzDiagnosticSetting -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings"
$azdiagLogs = $azdiag.Logs
foreach ($azdiagLog in $azdiagLogs) { 
  Set-AzDiagnosticSetting `
   -Name "CategoryDiagnosticSettingsName" `
   -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings" `
   -Enabled $True `
   -EnableLog $True `
   -Category $azdiagLog.Category `
   -WorkspaceId "WokspaceAccountID"
}
$azdiagMetrics = $azdiag.Metrics
foreach ($azdiagMetric in $azdiagMetrics) {
 Set-AzDiagnosticSetting `
  -Name "MetricDiagnosticSettingsName" `
  -ResourceId "ResourceIDForEachYouWantToEnableDiagnosticSettings" `
  -Enabled $True `
  -EnableMetrics $True `
  -MetricCategory $azdiagMetric.Category `
  -WorkspaceId "WokspaceAccountID"
}

This is was the solution that I implemented and is working as expected.

This is how I enable NSG flow logs using Azure Automation PowerShell script


$nsgs = Get-AzNetworkSecurityGroup -ResourceGroupName "ResourceGroupName"
 foreach ($nsg in $nsgs) {       
  Set-AzNetworkWatcherConfigFlowLog `
   -NetworkWatcher "SubscriptionNetwrokWatcherDeployment" `
   -TargetResourceId "NSGResourceID" `
   -EnableFlowLog $True `
   -StorageAccountId "StorageAccountID" `
   -EnableRetention $True `
   -RetentionInDays 10 `
   -EnableTrafficAnalytics:$True `
   -Workspace "LoganalyticsWorkspaceAccount" `
   -TrafficAnalyticsInterval 60 
}      


This is how I enable SQL Server Audit using Azure Automation PowerShell script


Set-AzSqlServerAudit `
 -ResourceGroupName "ResourceGroupName" `
 -ServerName "SQLServerName" `
 -BlobStorageTargetState Enabled `
 -StorageAccountResourceId "StorageAccountID" `
 -RetentionInDays 10 `
 -LogAnalyticsTargetState Enabled `
 -WorkspaceResourceId "LoganalyticsWorkspaceAccount"

Azure Diagnostic Settings could not be enabled on all resources and that is the reason why you need to include this in you script also https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories

For more details about Azure Diagnostics Settings please check this link also https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview and https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings


Thank you!

AmistadGroup IT Team

(https://www.amistadgroup.ro/)

80 views0 comments