Reputation: 160
Automate App Service diagnostic logging to Storage
I'm trying to automate the process of configuring Azure App Service to export diagnostic logs to Azure Storage, but I'm running into something I don't quite understand. I can take the following steps to get it working.
- I configure diagnostic logging in the Azure Portal, according to the documentation. Everything looks good. I can see the logs being populated in the storage containers.
Using Azure Resource Explorer, I navigate to the
config/logsresource and observe the JSON:"applicationLogs": { ... "azureBlobStorage": { "level": "Information", "sasUrl": "https://<storagename>.blob.core.windows.net/<container>?sv=YYYY-MM-DD&sr=c&sig=<sig>&st=YYYY-MM-DDTHH:MM:SSZ&se=YYYY-MM-DDTHH:MM:SSZ&sp=rwdl", "retentionInDays": null } }, "httpLogs": { ... "azureBlobStorage": { "sasUrl": "https://<storagename>.blob.core.windows.net/<container>?sv=YYYY-MM-DD&sr=c&sig=<sig>&st=YYYY-MM-DDTHH:MM:SSZ&se=YYYY-MM-DDTHH:MM:SSZ&sp=rwdl", "retentionInDays": null, "enabled": true } },- I can then hard-code the
sasUrlvalues in an ARM template with aconfig/logsresource, and everything still works. I can verify this by first deleting the storage containers and disabling diagnostic logs, then redeploying the ARM template.
After getting that working, I attempt to use the ARM template function listAccountSas to generate a new SAS for the storage resource. However, the resulting SAS has a slightly different format than the one I obtained from Azure Resource Explorer: sv=YYYY-MM-DD&ss=b&srt=s&sp=rwdl&st=YYYY-MM-DDTHH%3AMM%3ASS.0000000Z&se=YYYY-MM-DDTHH%3AMM%3ASS.0000000Z&spr=https&sig=<sig>.
So what's going on here. How is the portal generating the SAS? Is the listAccountSas function generating a token that will work in its place? Is there even a way to automate this configuration?
Upvotes: 0
Views: 124
Answers (1)
Reputation: 23121
As far I known, the ARM template function listAccountSas only can list value, it can't create new vaule.And you can't create a sasToken within the template. I suggest you use Powershell to create a sasToken, store it in Azure KeyVault, and refer that KeyVault secret in the template. Regarding how to use cert in the template, please refer to the document.
$name = "your account"
$password = "your password"
$RGname = "your resource group name"
$accountNmae ="your Storage Account name"
$containerNmae ="your container name"
$keyvaultNmae ="your Key Vault name"
$certName = "your cert name"
$location = ""
# login Azure
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($name, $secpasswd)
Add-AzureRmAccount -Credential $mycreds
#create Azure storage SAS URL
$account = Get-AzureRmStorageAccount -ResourceGroupName $RGname -Name $accountNmae
$SASURL = New-AzureStorageContainerSASToken -Container $containerNmae -Context $account.Context -Permission rwdl -ExpiryTime (Get-Date).AddYears(1) -FullUri
#create key vault
New-AzureRmKeyVault -VaultName $keyVaultName -resourceGroupName $RGname -Location $location -EnabledForTemplateDeployment
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyVaultName -UserPrincipalName $name -PermissionsToSecrets set,delete,get,list
#create cert
$secretvalue = ConvertTo-SecureString $SASURL -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName $keyvaultNmae -Name "test" -SecretValue $secretvalue
Upvotes: 1
Related Questions
- Azure CLI - Configuring the App Service Logs
- Sending Azure App Service HTTP Logs from Diagnostics Settings to Azure Monitor Log Analytics Workspace
- Enable Diagnostics Logs for App Service using ARM Template
- Azure Cloud Service (Classic) - Any way to log Diagnostic.Trace logs to BLOB storage
- Equivalent to Azure App Service's AddAzureWebAppDiagnostics() for application logs?
- Logging to Azure Diagnostics from console\web app
- Web App Diagnostic Logs: Web server logging as a slot setting
- Enable Azure diagnostics logging using a CLI
- What is the best way to export application logs from Azure app service?
- Save EventLog entries to Windows Azure Storage