我们正在引用本文档here,该文档讨论了使用资源管理器模板在Azure中创建诊断设置。
我们已经设法通过ARM模板以及资源日志的诊断设置来配置资源,但是文档中用于启用activity logs诊断设置的代码片段似乎不能作为模板部署命令使用(new-azresourcegroupdeployment)返回错误的请求错误。
New-AzResourceGroupDeployment:资源Microsoft.Insights / diagnosticSettings'test-vnet'失败,消息为“ { “代码”:“ BadRequest”, “信息”: ”” }'
这是模板(整理了一些代码以避免产生干扰)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
...
},
"variables": {
...
},
"resources": [
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('resourceLocation')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": "[parameters('subnets')]",
"dhcpOptions": {
"dnsServers": "[parameters('dnsServers')]"
}
},
"resources":
[
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[variables('diagnosticsSettingsName')]",
"dependsOn": [
"[parameters('virtualNetworkName')]"
],
"location": "global",
"properties":
{
"storageAccountId": "..valid_id_here",
"logs":
[
{
"category": "Administrative",
"enabled": true
},
{
"category": "Security",
"enabled": true
},
{
"category": "ServiceHealth",
"enabled": true
},
{
"category": "ResourceHealth",
"enabled": true
}
]
}
}
]
}
],
"outputs": {
..
}
答案 0 :(得分:3)
创建诊断设置所参考的文档here。
因此,如果您要检查本文档中的Deployment Methods,则表示您可以使用任何有效的方法(包括PowerShell和CLI)来部署Resource Manager模板。 活动日志的诊断设置必须使用az deployment create(对于CLI)或New-AzDeployment(对于PowerShell)部署到订阅。
使用 New-AzDeployment 而不是 New-AzResourceGroupDeployment 来部署ARM模板。
希望这会有所帮助!
答案 1 :(得分:0)
此策略适用于我,请注意它是订阅级别的部署:
{
"properties": {
"displayName": "Deploy diagnostic setting profile for Subscription Activity Logs to Log Analytics workspace",
"description": "Deploys the diagnostic settings for Subscription Activity Logs to stream to a regional Log Analytics workspace when any Subscription which is missing this diagnostic settings is created or updated.",
"mode": "All",
"metadata": {
"version": "1.0.0",
"category": "audit"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"settingsProfileName": {
"type": "String",
"metadata": {
"displayName": "Settings profile name",
"description": "The diagnostic settings profile name"
},
"defaultValue": "setbypolicy_logAnalytics"
},
"logAnalyticsResourceId": {
"type": "String",
"metadata": {
"displayName": "Log Analytics resourceId",
"description": "Set to full Log Analytics workspace resorceId. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID."
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"name": "[parameters('settingsProfileName')]",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalyticsResourceId')]"
}
]
},
"deploymentScope": "subscription",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"deployment": {
"location": "westeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingsProfileName": {
"type": "string"
},
"logAnalyticsResourceId": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[parameters('settingsProfileName')]",
"properties": {
"workspaceId": "[parameters('logAnalyticsResourceId')]",
"logs": [
{
"category": "Administrative",
"enabled": "true"
},
{
"category": "Alert",
"enabled": "true"
},
{
"category": "Autoscale",
"enabled": "true"
},
{
"category": "Policy",
"enabled": "true"
},
{
"category": "Recommendation",
"enabled": "true"
},
{
"category": "ResourceHealth",
"enabled": "true"
},
{
"category": "Security",
"enabled": "true"
},
{
"category": "ServiceHealth",
"enabled": "true"
}
]
}
}
],
"outputs": {}
},
"parameters": {
"settingsProfileName": {
"value": "[parameters('settingsProfileName')]"
},
"logAnalyticsResourceId": {
"value": "[parameters('logAnalyticsResourceId')]"
}
}
}
}
}
}
}
}
}