需要 powershell 脚本来为存储帐户和 Key vault 启用诊断日志记录
Need powershell script to enable diagnostic logging for Storage account and Key vault
我正在使用以下脚本创建存储帐户、Key Vault 和 ADF。我还想在存储帐户和 Key Vault 上启用诊断日志记录。脚本运行良好并创建资源,但它不会为 KV 和存储帐户启用诊断日志。如能提供帮助,将不胜感激。
$subscription="Azure subscription 1"
$rgName = "Test"
$location = "eastus"
$storageaccountName = "tempaccountlogs"
$adfName = "tempdpadf"
$department = "Testtemp"
$kvname = "kvnamAkbt"
$sa = New-AzStorageAccount -ResourceGroupName $rgName -AccountName $storageaccountName -Location $location -SkuName Standard_LRS -Kind BlobStorage -AccessTier Hot -Tag @{department=$department}
$DataFactory = Set-AzDataFactoryV2 -Name $adfName -ResourceGroupName $rgName -Location $location -Tag @{chargecode=$chargeCode;department=$department;environment=$environment;project=$project}
$kv = New-AzKeyVault -VaultName $kvname -ResourceGroupName $rgName -Location $location
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Categories AuditEvent
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -RetentionEnabled $true -RetentionInDays 90
您应该在 cmd 中包含 -WorkspaceId 参数。请参阅参考资料 here。
我成功运行的示例:
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Category AuditEvent -WorkspaceId {resource id of the Log Analytics workspace}
如何创建Log Analytics工作区,请参考Create workspace。
更新:
关于如何为 ADF 启用诊断日志,请参考此示例:
$ws = Get-AzOperationalInsightsWorkspace -Name "testLAW" -ResourceGroupName "test"
$DataFactory = Set-AzDataFactoryV2 -ResourceGroupName "test" -Name "testADF" -Location "WestUS"
set-AzDiagnosticSetting -ResourceId $DataFactory.DataFactoryId -Enabled $true -WorkspaceId $ws.ResourceId
你的脚本的问题是它给出了错误:
A parameter cannot be found that matches parameter name 'Categories'.
您正在使用 "Categories" 参数而不是 "Category"。如果您检查此 documentation 正确的参数是 -Category,请按如下所示使用:
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Category AuditEvent
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -RetentionEnabled $true -RetentionInDays 90
要为存储帐户启用日志记录,请查看此documentation。
$diagname = "storage logs"
$ErrorActionPreference = "SilentlyContinue"
Import-Module -Name Az
Import-Csv "$home\azuresubscription.csv" |`
ForEach-Object{
#CentralLogAnalytics
$workspaceid = "your central logging resource id - exact object"
Select-AzSubscription -Subscription $_.Name
$storageAccounts = Get-AzStorageAccount | Select-Object Id
foreach ($stor in $storageAccounts)
{
Set-AzDiagnosticSetting -Name $diagname -ResourceId $stor.Id -WorkspaceId $workspaceid -Enabled $true
$blobid = -join($stor.id,"/blobServices/default")
$fileid = -join($stor.id, "/fileServices/default")
$queueid = -join($stor.id, "/queueServices/default")
$tableid = -join($stor.id, "/tableServices/default")
$resourcetypeid = @($blobid, $fileid, $queueid, $tableid)
foreach ($item in $resourcetypeid)
{
Set-AzDiagnosticSetting -Name $diagname -ResourceId $item -WorkspaceId $workspaceid -Enabled $true
}
}
}
先决条件:
该脚本需要一个 CSV 文件中的 azure 订阅列表。放入 CSV 最适合在 NonProd 订阅中轻松测试。也可以在这里提供订阅对象。
功能:
这将启用 blob、队列、文件和 table 以及父级别的指标。
我正在使用以下脚本创建存储帐户、Key Vault 和 ADF。我还想在存储帐户和 Key Vault 上启用诊断日志记录。脚本运行良好并创建资源,但它不会为 KV 和存储帐户启用诊断日志。如能提供帮助,将不胜感激。
$subscription="Azure subscription 1"
$rgName = "Test"
$location = "eastus"
$storageaccountName = "tempaccountlogs"
$adfName = "tempdpadf"
$department = "Testtemp"
$kvname = "kvnamAkbt"
$sa = New-AzStorageAccount -ResourceGroupName $rgName -AccountName $storageaccountName -Location $location -SkuName Standard_LRS -Kind BlobStorage -AccessTier Hot -Tag @{department=$department}
$DataFactory = Set-AzDataFactoryV2 -Name $adfName -ResourceGroupName $rgName -Location $location -Tag @{chargecode=$chargeCode;department=$department;environment=$environment;project=$project}
$kv = New-AzKeyVault -VaultName $kvname -ResourceGroupName $rgName -Location $location
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Categories AuditEvent
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -RetentionEnabled $true -RetentionInDays 90
您应该在 cmd 中包含 -WorkspaceId 参数。请参阅参考资料 here。
我成功运行的示例:
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Category AuditEvent -WorkspaceId {resource id of the Log Analytics workspace}
如何创建Log Analytics工作区,请参考Create workspace。
更新:
关于如何为 ADF 启用诊断日志,请参考此示例:
$ws = Get-AzOperationalInsightsWorkspace -Name "testLAW" -ResourceGroupName "test"
$DataFactory = Set-AzDataFactoryV2 -ResourceGroupName "test" -Name "testADF" -Location "WestUS"
set-AzDiagnosticSetting -ResourceId $DataFactory.DataFactoryId -Enabled $true -WorkspaceId $ws.ResourceId
你的脚本的问题是它给出了错误:
A parameter cannot be found that matches parameter name 'Categories'.
您正在使用 "Categories" 参数而不是 "Category"。如果您检查此 documentation 正确的参数是 -Category,请按如下所示使用:
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -Enabled $true -Category AuditEvent
set-AzDiagnosticSetting -ResourceId $kv.ResourceId -StorageAccountId $sa.Id -RetentionEnabled $true -RetentionInDays 90
要为存储帐户启用日志记录,请查看此documentation。
$diagname = "storage logs"
$ErrorActionPreference = "SilentlyContinue"
Import-Module -Name Az
Import-Csv "$home\azuresubscription.csv" |`
ForEach-Object{
#CentralLogAnalytics
$workspaceid = "your central logging resource id - exact object"
Select-AzSubscription -Subscription $_.Name
$storageAccounts = Get-AzStorageAccount | Select-Object Id
foreach ($stor in $storageAccounts)
{
Set-AzDiagnosticSetting -Name $diagname -ResourceId $stor.Id -WorkspaceId $workspaceid -Enabled $true
$blobid = -join($stor.id,"/blobServices/default")
$fileid = -join($stor.id, "/fileServices/default")
$queueid = -join($stor.id, "/queueServices/default")
$tableid = -join($stor.id, "/tableServices/default")
$resourcetypeid = @($blobid, $fileid, $queueid, $tableid)
foreach ($item in $resourcetypeid)
{
Set-AzDiagnosticSetting -Name $diagname -ResourceId $item -WorkspaceId $workspaceid -Enabled $true
}
}
}
先决条件: 该脚本需要一个 CSV 文件中的 azure 订阅列表。放入 CSV 最适合在 NonProd 订阅中轻松测试。也可以在这里提供订阅对象。
功能: 这将启用 blob、队列、文件和 table 以及父级别的指标。