在 Azure 中,您可以创建修复策略以启用存储帐户中诊断设置的日志记录吗?
In Azure can you create a remdiation policy to enable logging in diagnostic settings in a storage account?
我创建了一个策略来修复未启用诊断设置(经典)日志的存储帐户。但是我收到此错误:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to process template language expressions for resource '/subscriptions/providers/Microsoft.Insights/diagnosticSettings/StorageLogs' at line '1' and column '429'. 'The template parameter 'logAnalytics' is not found. Please see https://aka.ms/arm-template/#parameters for usage details.'\",\r\n\"additionalInfo\":[\r\n{\r\n \"type\": \"TemplateViolation\",\r\n \"info\": {\r\n \"lineNumber\": 1,\r\n \"linePosition\": 429,\r\n \"path\": \"\"\r\n }\r\n }\r\n ]\r\n }\r\n}"}]}
{
"properties": {
"displayName": "Deploy Diagnostic Settings for Storage Accounts to Log Analytics",
"mode": "Indexed",
"description": "Deploys the diagnostic settings for Storage Accounts to log read/write/delete and retain logs.",
"metadata": {
"category": "Monitoring"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile Name",
"description": "The diagnostic setting profile name"
},
"default": "setbypolicy_logAnalytics"
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace",
"assignPermissions": true
}
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable metrics",
"description": "Whether to enable metrics stream to the Event Hub - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "False"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable logs",
"description": "Whether to enable logs stream to the Event Hub - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"name": "[parameters('profileName')]",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "parameters('logsEnabled')"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "parameters('metricsEnabled')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/"
],
"deployment": {
"properties": {
"mode": "Incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"logAnaltics": {
"type": "string"
},
"location": {
"type": "string"
},
"metricsEnabled": {
"type": "string"
},
"logsEnabled": {
"type": "string"
},
"profileName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 365
}
}
],
"logs": [
{
"category": "Audit",
"enabled": true
},
{
"category": "Requests",
"enabled": true
}
]
}
}
],
"outputs": {}
},
"parameters": {
"location": {
"value": "[field('location')]"
},
"resourceName": {
"value": "[field('name')]"
},
"profileName": {
"value": "[parameters('profileName')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
},
"logAnaltics": {
"value": "[parameters('logAnalytics')]"
}
}
}
}
}
}
}
}
}
检查您的拼写错误,在您的 arm 模板中找到 logAnaltics 并将其恢复为 logAnalytics 并告诉我它是否适合您。
根据文档,该参数设置正确且也被引用,因此很可能是拼写错误或类似错误。
我已经找到了,可能还有更多。
我创建了一个策略来修复未启用诊断设置(经典)日志的存储帐户。但是我收到此错误:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to process template language expressions for resource '/subscriptions/providers/Microsoft.Insights/diagnosticSettings/StorageLogs' at line '1' and column '429'. 'The template parameter 'logAnalytics' is not found. Please see https://aka.ms/arm-template/#parameters for usage details.'\",\r\n\"additionalInfo\":[\r\n{\r\n \"type\": \"TemplateViolation\",\r\n \"info\": {\r\n \"lineNumber\": 1,\r\n \"linePosition\": 429,\r\n \"path\": \"\"\r\n }\r\n }\r\n ]\r\n }\r\n}"}]}
{
"properties": {
"displayName": "Deploy Diagnostic Settings for Storage Accounts to Log Analytics",
"mode": "Indexed",
"description": "Deploys the diagnostic settings for Storage Accounts to log read/write/delete and retain logs.",
"metadata": {
"category": "Monitoring"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile Name",
"description": "The diagnostic setting profile name"
},
"default": "setbypolicy_logAnalytics"
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace",
"assignPermissions": true
}
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable metrics",
"description": "Whether to enable metrics stream to the Event Hub - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "False"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable logs",
"description": "Whether to enable logs stream to the Event Hub - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"name": "[parameters('profileName')]",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "parameters('logsEnabled')"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "parameters('metricsEnabled')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/"
],
"deployment": {
"properties": {
"mode": "Incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"logAnaltics": {
"type": "string"
},
"location": {
"type": "string"
},
"metricsEnabled": {
"type": "string"
},
"logsEnabled": {
"type": "string"
},
"profileName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 365
}
}
],
"logs": [
{
"category": "Audit",
"enabled": true
},
{
"category": "Requests",
"enabled": true
}
]
}
}
],
"outputs": {}
},
"parameters": {
"location": {
"value": "[field('location')]"
},
"resourceName": {
"value": "[field('name')]"
},
"profileName": {
"value": "[parameters('profileName')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
},
"logAnaltics": {
"value": "[parameters('logAnalytics')]"
}
}
}
}
}
}
}
}
}
检查您的拼写错误,在您的 arm 模板中找到 logAnaltics 并将其恢复为 logAnalytics 并告诉我它是否适合您。
根据文档,该参数设置正确且也被引用,因此很可能是拼写错误或类似错误。
我已经找到了,可能还有更多。