Azure策略存储Policy服务/表服务/队列服务诊断日志记录
Azure策略存储Policy服务/表服务/队列服务诊断日志记录
提问于 2021-11-12 02:11:17
无法使用可用的策略,因为它只检查存储帐户,而不检查服务,例如。如果我在存储帐户上启用了诊断,但没有在blobservices上启用它,它仍会报告兼容
因此修改了策略,以便仅为blob设置诊断,并将“模式”设置为"ALL“并键入:"Microsoft.Storage/StorageAccounts/blobServices”
但在不合规资源的合规性报告中,所有名称都作为默认名称返回,因此补救模板失败。如何获取要传递到诊断部署的storageaccountname
回答 1
Stack Overflow用户
发布于 2021-11-13 01:56:16
您应该为每种服务类型(blob、表等)创建单独的策略。这使得只监视和修复相关服务变得更容易。
与BuiltIn策略的主要更改是,部署中的参数resourceName需要更改为引用全名(<storageAccountName>/default)而不是服务名(default),如下所示:
"resourceName": {
"value": "[field('fullname')]"
}以下是blob服务类型的示例。你应该能够修改其他的。
{
"properties": {
"displayName": "Configure diagnostic settings for blob services",
"policyType": "Custom",
"mode": "All",
"description": "Deploys the diagnostic settings for storage account blob services to stream resource logs to a Log Analytics workspace when any storage account blob service which is missing these diagnostic settings is created or updated.",
"metadata": {
"category": "Storage"
},
"parameters": {
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Specify the Log Analytics workspace the storage account should be connected to.",
"strongType": "omsWorkspace",
"assignPermissions": true
}
},
"diagnosticsSettingNameToUse": {
"type": "String",
"metadata": {
"displayName": "Setting name",
"description": "Name of the diagnostic settings."
},
"defaultValue": "storageAccountsDiagnosticsLogsToWorkspace"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"StorageDelete": {
"type": "String",
"metadata": {
"displayName": "StorageDelete - Enabled",
"description": "Whether to stream StorageDelete logs to the Log Analytics workspace - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
},
"StorageWrite": {
"type": "String",
"metadata": {
"displayName": "StorageWrite - Enabled",
"description": "Whether to stream StorageWrite logs to the Log Analytics workspace - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
},
"StorageRead": {
"type": "String",
"metadata": {
"displayName": "StorageRead - Enabled",
"description": "Whether to stream StorageRead logs to the Log Analytics workspace - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
},
"Transaction": {
"type": "String",
"metadata": {
"displayName": "Transaction - Enabled",
"description": "Whether to stream Transaction logs to the Log Analytics workspace - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Storage/storageAccounts/blobServices"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"existenceCondition": {
"allOf": [{
"anyOf": [{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "True"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "True"
}
]
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"diagnosticsSettingNameToUse": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"location": {
"type": "string"
},
"Transaction": {
"type": "string"
},
"StorageRead": {
"type": "string"
},
"StorageWrite": {
"type": "string"
},
"StorageDelete": {
"type": "string"
}
},
"variables": {},
"resources": [{
"type": "Microsoft.Storage/storageAccounts/blobServices/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('resourceName'),'/', 'Microsoft.Insights/', parameters('diagnosticsSettingNameToUse'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [{
"category": "Transaction",
"enabled": "[parameters('Transaction')]",
"retentionPolicy": {
"days": 0,
"enabled": false
},
"timeGrain": null
}],
"logs": [{
"category": "StorageRead",
"enabled": "[parameters('StorageRead')]"
},
{
"category": "StorageWrite",
"enabled": "[parameters('StorageWrite')]"
},
{
"category": "StorageDelete",
"enabled": "[parameters('StorageDelete')]"
}
]
}
}],
"outputs": {}
},
"parameters": {
"diagnosticsSettingNameToUse": {
"value": "[parameters('diagnosticsSettingNameToUse')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"location": {
"value": "[field('location')]"
},
"resourceName": {
"value": "[field('fullname')]"
},
"Transaction": {
"value": "[parameters('Transaction')]"
},
"StorageDelete": {
"value": "[parameters('StorageDelete')]"
},
"StorageWrite": {
"value": "[parameters('StorageWrite')]"
},
"StorageRead": {
"value": "[parameters('StorageRead')]"
}
}
}
}
}
}
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/69937170
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号