如何解决Azure 策略存储帐户诊断日志记录
我一直在努力让此策略完全检查 blob、文件、队列和表服务是否正确配置了诊断设置。最终结果是确保每个存储服务都将诊断日志发送到 StorageRead、StorageWrite 和 StorageDelete 类别的日志分析工作区。
请注意,这是使用 https://docs.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal
中描述的较新方法我一直试图解决的主要问题是在所有 blob 服务中检测这一点的逻辑。部署逻辑工作正常,它只是确保启用 blob、文件、队列和表服务的合规性检查部分。目前以下回报
No related resources match the effect details in the policy deFinition. (Error code: Not Found)
"policyRule": {
"if": {
"field": "type","equals": "Microsoft.Storage/storageAccounts"
},"then": {
"effect": "[parameters('effect')]","details": {
"type": "Microsoft.Insights/diagnosticSettings","existenceCondition": {
"allOf": [
{
"count": {
"field": "Microsoft.Insights/diagnosticSettings/logs[*]","where": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].category","in": [
"StorageRead","StorageWrite","StorageDelete"
]
},{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals": "[parameters('logsEnabled')]"
}
]
}
},"greater": 0
},{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId","equals": "[parameters('logAnalytics')]"
}
]
},
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。