Azure - Enable Diagnostic Settings for the Azure VM using Azure Policy
Introduction
This article is about enabling Diagnostic Settings for the Azure VM using Azure Policy. As there is no default policy available i thought this policy would be useful for enabling the Diagnostic Settings for the Azure VMs.
Following ARM Template can be used in Azure Policy to enable the Diagnostic Settings for the Azure VM and store the logs into Azure Storage Account.
This policy is completely parameterized to give
Storage Account Name,
Storage Account Resource Group & Storage Account ID
Policy can be applied at Subscription or the resource group level. As the DeployIfNotExists effect is used, it's helpful for remediating the existing non compliance resources.
#Code Stars here
{
"properties": {
"displayName": "Deploy Diagnostic Settings for Azure VM to Storage Account",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the diagnostic settings for an Azure VM",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"parameters": {
"ExistingStorageAccountName": {
"type": "String",
"metadata": {
"displayName": "Storage Account Name",
"description": "Storage Account that will be used to store the logs."
}
},
"existingdiagnosticsStorageResourceGroup": {
"type": "string",
"metadata": {
"description": "The resource group for the storage account specified in existingdiagnosticsStorageAccountName"
}
},
"StorageAccountId": {
"type": "string",
"metadata": {
"description": "The resource id of the existingdiagnosticsStorageAccountName ex: /subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/resourceProviderNamespace/resourceType/resourceName"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/imagePublisher",
"in": [
"MicrosoftWindowsServer"
]
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"WindowsServer"
]
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Azure.Diagnostics"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ExistingStorageAccountName":{
"type": "string"
},
"existingdiagnosticsStorageResourceGroup": {
"type": "string"
},
"StorageAccountId":{
"type": "string"
},
"vmName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'), '/Microsoft.Insights.VMDiagnosticsSettings')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2018-10-01",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "IaaSDiagnostics",
"typeHandlerVersion": "1.5",
"autoUpgradeMinorVersion": false,
"protectedSettings": {
"storageAccountName": "[parameters('ExistingStorageAccountName')]",
"storageAccountKey": "[listKeys(parameters('storageAccountId'), '2019-04-01').keys[0].value]",
"storageAccountEndPoint": "https://core.windows.net"
},
"settings": {
"StorageAccount": "[resourceId(parameters('existingdiagnosticsStorageResourceGroup'),'Microsoft.Storage/storageAccounts', parameters('ExistingStorageAccountName'))]",
"WadCfg": {
"DiagnosticMonitorConfiguration": {
"overallQuotaInMB": 5120,
"Metrics": {
"resourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/', 'Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
"MetricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
]
},
"DiagnosticInfrastructureLogs": {
"scheduledTransferLogLevelFilter": "Error"
},
"PerformanceCounters": {
"scheduledTransferPeriod": "PT1M",
"PerformanceCounterConfiguration": [
{
"counterSpecifier": "\\Processor Information(_Total)\\% Processor Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Processor Information(_Total)\\% Privileged Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Processor Information(_Total)\\% User Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Processor Information(_Total)\\Processor Frequency",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\System\\Processes",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Process(_Total)\\Thread Count",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Process(_Total)\\Handle Count",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\System\\System Up Time",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\System\\Context Switches/sec",
"unit": "CountPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\System\\Processor Queue Length",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\% Committed Bytes In Use",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Available Bytes",
"unit": "Bytes",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Committed Bytes",
"unit": "Bytes",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Cache Bytes",
"unit": "Bytes",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Pool Paged Bytes",
"unit": "Bytes",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Pool Nonpaged Bytes",
"unit": "Bytes",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Pages/sec",
"unit": "CountPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Memory\\Page Faults/sec",
"unit": "CountPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Process(_Total)\\Working Set",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Process(_Total)\\Working Set - Private",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Read Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Write Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\% Idle Time",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Bytes/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Read Bytes/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Write Bytes/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Transfers/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Reads/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Disk Writes/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Transfer",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Read",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Write",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Queue Length",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Read Queue Length",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Write Queue Length",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\% Free Space",
"unit": "Percent",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\LogicalDisk(_Total)\\Free Megabytes",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Bytes Total/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Bytes Sent/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Bytes Received/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Packets/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Packets Sent/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Packets Received/sec",
"unit": "BytesPerSecond",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Packets Outbound Errors",
"unit": "Count",
"sampleRate": "PT60S"
},
{
"counterSpecifier": "\\Network Interface(*)\\Packets Received Errors",
"unit": "Count",
"sampleRate": "PT60S"
}
]
},
"WindowsEventLog": {
"scheduledTransferPeriod": "PT1M",
"DataSource": [
{
"name": "Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"
},
{
"name": "Security!*[System[band(Keywords,4503599627370496)]]"
},
{
"name": "System!*[System[(Level = 1 or Level = 2 or Level = 3)]]"
}
]
}
}
}
}
}
}
]
},
"parameters": {
"ExistingStorageAccountName": {
"value": "[parameters('ExistingStorageAccountName')]"
},
"existingdiagnosticsStorageResourceGroup": {
"value": "[parameters('existingdiagnosticsStorageResourceGroup')]"
},
"StorageAccountId":{
"value": "[parameters('StorageAccountId')]"
},
"location": {
"value": "[field('location')]"
},
"vmName": {
"value": "[field('name')]"
}
}
}
}
}
}
}
}
}
# Code ends
See you soon in another policy post. Thank you!
Comments