Reputation: 1
Can I use Azure Policy to audit or enforce Azure Activity Log diagnostic settings?
Built in audits if a Log Profile exists, but not the destination stores. Would like to specify the Storage Account/Event Hub/Log Analytics Workspace.
Can I enforce those settings? In that approach, to also utilize modern diagnostic settings and send to a storage account and log analytics workspace.
Upvotes: 0
Views: 1226
Answers (1)
Reputation: 1370
Two (2) options to configure diagnostic settings (besides doing this manually on each resources):
Azure Resource Template (ARM)
This requires you to have a deeper understanding of Azure and Resources. However, it gives you all the flexibility to configure any type of resources and targets (storage, event hub or log analytics). This option does not come with additional feature to check compliancy and remediate any configuration drift.
See Microsoft documentation here
Azure Policy
Configuration can be done through the portal (look for 'policy' under 'all services'). However, only the following resources are covered: Services Bus, Search Services, Event Hub, Stream Analytics, Data Lake Gen 1. On the other hand it comes with compliancy dashboard and remediation.
See Microsoft documentation here
Upvotes: 0
Related Questions
- How to audit logging categories in Diagnostic settings via Azure policy?
- How to ensure the diagnostic settings for storage accounts Azure policy is permanently enforced?
- Enable diagnostic settings for Storage account using Azure Policy Definition
- Configure Azure monitor for application logs
- Is there a way to stream Azure Information Protection Activity Logs to an Event Hub?
- Azure long-term audit log
- Audit events in Azure Storage Account
- azure event hub logging policy context filtering?
- Azure Diagnostics wrt Custom Logs and honoring scheduledTransferPeriod
- Save EventLog entries to Windows Azure Storage