Configure Diagnostic
settings through ARM Templates in Azure
In this article we will explore how can we enable that for a
azure resource using ARM templates.
Prerequisite : You should have Azure resource
provision already.
I’ve provisioned a Azure firewall and will enable diagnostic
for that. There are two ways to achieve that first is through azure portal and
another through IaC.
I’ve Azure firewall under resource group FW-RG as mentioned
in below image resource-group.jpg
If you click on Diagnostic settings(rectangle as red) than
you should be able to see there is no settings exists.
Now will use the following code snippet to enable that.
I believe you are familiar with ARM templates if not read
the following article for references.
{
"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"resourceName":{
"type":"String",
"metadata":{
"description":"Name of the resource"
}
},
"settingName":{
"defaultValue":"firewallDiagnostic",
"type":"String",
"metadata":{
"description":"Diagnostic setting Name"
}
},
"logAnalyticWorkspaceName":{
"defaultValue":"Fw-LA",
"type":"String",
"metadata":{
"description":"Diagnostic setting Name"
}
}
},
"variables":{
"workspaceId":" [resourceid('Microsoft.OperationalInsights/workspaces',parameters('logAnalyticWorkspaceName'))]"
},
"resources":[
{
"type":"Microsoft.Network/azureFirewalls/providers/diagnosticSettings",
"name":"[concat(parameters('resourceName'),'/microsoft.insights/', parameters('settingName'))]",
"apiVersion":"2017-05-01-preview",
"properties":{
"name":"DiagService",
"storageAccountId":null,
"eventHubAuthorizationRuleId":null,
"eventHubName":null,
"workspaceId":"[variables('workspaceId')]",
"logs":[
{
"category":"AzureFirewallApplicationRule",
"enabled":true,
"retentionPolicy":{
"days":10,
"enabled":false
}
},
{
"category":"AzureFirewallNetworkRule",
"enabled":true,
"retentionPolicy":{
"days":10,
"enabled":false
}
}
],
"metrics":[
{
"category":"AllMetrics",
"enabled":true,
"retentionPolicy":{
"enabled":false,
"days":0
}
}
]
}
}
]
}
Now open Azure portal and search for ‘Deploy a custom template’ and click. Once that
opens click on build your own template in the editor and copy -paste entire
stuff from above code snippet and click save. After this following window
appears , fill the requires details and click on purchase.
It will start deploying entire stuff for you. Refer an image
deployment.jpg as appears
below:
Once the deployment succeeded it should reflect in firewall
. To verify that go to firewall -> Diagnostic settings . Follow the below
image fw-diagnostic.jpg
Click on edit settings to see
that whether Application rules and metrics has enabled or not.
It should exists and pointing to log analytics work space
#Azure #AzureIaC #Firewall #ARMTemplate #DiagnosticSettings
0 comments :
Post a Comment