Configure Diagnostic settings of Resource through ARM Templates in Azure

Configure Diagnostic settings through ARM Templates in Azure

Once you have provision any resource within azure , you may have a use case to enable diagnostic settings for that.

In this article we will explore how can we enable that for a azure resource using ARM templates.

Prerequisite : You should have Azure resource provision already.

I’ve provisioned a Azure firewall and will enable diagnostic for that. There are two ways to achieve that first is through azure portal and another through IaC.

I’ve Azure firewall under resource group FW-RG as mentioned in below image resource-group.jpg

 Click on the Firewall and it will open the following screenshot resource.jpg as shown below:

If you click on Diagnostic settings(rectangle as red) than you should be able to see there is no settings exists.

Now will use the following code snippet to enable that.

I believe you are familiar with ARM templates if not read the following article for references.

{

   "$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

   "contentVersion":"1.0.0.0",

   "parameters":{

      "resourceName":{

         "type":"String",

         "metadata":{

            "description":"Name of the resource"

         }

      },

      "settingName":{

         "defaultValue":"firewallDiagnostic",

         "type":"String",

         "metadata":{

            "description":"Diagnostic setting Name"

         }

      },

      "logAnalyticWorkspaceName":{

         "defaultValue":"Fw-LA",

         "type":"String",

         "metadata":{

            "description":"Diagnostic setting Name"

         }

      }

   },

   "variables":{

      "workspaceId":"        [resourceid('Microsoft.OperationalInsights/workspaces',parameters('logAnalyticWorkspaceName'))]"

   },

   "resources":[

      {

         "type":"Microsoft.Network/azureFirewalls/providers/diagnosticSettings",

         "name":"[concat(parameters('resourceName'),'/microsoft.insights/', parameters('settingName'))]",

         "apiVersion":"2017-05-01-preview",

         "properties":{

            "name":"DiagService",

            "storageAccountId":null,

            "eventHubAuthorizationRuleId":null,

            "eventHubName":null,

            "workspaceId":"[variables('workspaceId')]",

            "logs":[

               {

                  "category":"AzureFirewallApplicationRule",

                  "enabled":true,

                  "retentionPolicy":{

                     "days":10,

                     "enabled":false

                  }

               },

               {

                  "category":"AzureFirewallNetworkRule",

                  "enabled":true,

                  "retentionPolicy":{

                     "days":10,

                     "enabled":false

                  }

               }

            ],

            "metrics":[

               {

                  "category":"AllMetrics",

                  "enabled":true,

                  "retentionPolicy":{

                     "enabled":false,

                     "days":0

                  }

               }

            ]

         }

      }

   ]

}

Now open Azure portal and search for  ‘Deploy a custom template’ and click. Once that opens click on build your own template in the editor and copy -paste entire stuff from above code snippet and click save. After this following window appears , fill the requires details and click on purchase.

It will start deploying entire stuff for you. Refer an image deployment.jpg as appears below:

Once the deployment succeeded it should reflect in firewall . To verify that go to firewall -> Diagnostic settings . Follow the below image fw-diagnostic.jpg

Click on edit settings to see that whether Application rules and metrics has enabled or not.

It should exists and pointing to log analytics work space

#Azure #AzureIaC #Firewall #ARMTemplate #DiagnosticSettings

Categories: #Azure , ARM Template , Azure ARM