Remediation
From Azure Portalβ
To enable Diagnostic Settings on a Subscription:
- Go to
Monitor. - Click on
Activity Log. - Click on
Export Activity Logs. - Click
+ Add diagnostic setting. - Enter a
Diagnostic setting name. - Select
Categoriesfor the diagnostic settings. - Select the appropriate
Destination details(this may be Log Analytics, Storage Account, Event Hub, or Partner solution). - Click
Save.
To enable Diagnostic Settings on a specific resource:
- Go to
Monitor. - Click
Diagnostic settings. - Click on the resource that has a diagnostics status of
disabled. - Select
Add Diagnostic Setting. - Enter a
Diagnostic setting name. - Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution).
- Click
Save.
Repeat these steps for all resources as needed.
From Azure CLIβ
To configure Diagnostic Settings on a Subscription:
az monitor diagnostic-settings subscription create \
--subscription {{subscription-id}} \
--name {{diagnostic-setting-name}} \
--location {{location}} \
--event-hub {{event-hub-id}} \
--event-hub-auth-rule {{event-hub-auth-rule-id}} \
--storage-account {{storage-account-id}} \
--workspace {{log-analytics-workspace-id}} \
--logs "{{json-encoded-categories}}"
To configure Diagnostic Settings on a specific resource:
az monitor diagnostic-settings create \
--subscription {{subscription-id}} \
--resource {{resource-id}} \
--name {{diagnostic-setting-name}} \
--event-hub {{event-hub-id}} \
--event-hub-rule {{event-hub-auth-rule-id}} \
--storage-account {{storage-account-id}} \
--workspace {{log-analytics-workspace-id}} \
--logs {{resource-specific-json-encoded-log-settings}} \
--metrics {{metric-settings-shorthand-or-json-or-yaml}}
From PowerShellβ
To configure Diagnostic Settings on a subscription:
$logCategories = @()
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Administrative -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Security -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category ServiceHealth -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Alert -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Recommendation -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Policy -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category Autoscale -Enabled $true
$logCategories += New-AzDiagnosticSettingSubscriptionLogSettingsObject -Category ResourceHealth -Enabled $true
New-AzSubscriptionDiagnosticSetting `
-SubscriptionId {{subscription-id}} `
-Name {{diagnostic-setting-name}} `
-EventHubAuthorizationRuleId {{event-hub-auth-rule-id}} `
-EventHubName {{event-hub-name}} `
-StorageAccountId {{storage-account-id}} `
-WorkSpaceId {{log-analytics-workspace-id}} `
-MarketplacePartnerId {{marketplace-partner-id}} `
-Log $logCategories
To configure Diagnostic Settings on a specific resource:
$logCategories = @()
$logCategories += New-AzDiagnosticSettingLogSettingsObject -Category {{resource-specific-log-category}} -Enabled $true
$metricCategories = @()
$metricCategories += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category {{resource-specific-metric-category-or-allmetrics}}
New-AzDiagnosticSetting `
-ResourceId {{resource-id}} `
-Name {{diagnostic-setting-name}} `
-Log $logCategories `
-Metric $metricCategories `
-EventHubAuthorizationRuleId {{event-hub-auth-rule-id}} `
-EventHubName {{event-hub-name}} `
-StorageAccountId {{storage-account-id}} `
-WorkspaceId {{log-analytics-workspace-id}} `
-MarketplacePartnerId {{marketplace-partner-id}}