What is not working across two different Azure Subscriptions?

EnterpriseArchitect 4,721 Reputation points
2020-07-13T06:29:40.767+00:00

Hi People,

We have multiple different objects spread across multiple different Azure Subscriptions like below:

Development-AzSubscription
ApplicationGateway\AppGW-Dev1
ApplicationGateway\AppGW-Dev2
...

Testing-AzSubscription
ApplicationGateway\AppGW-Test1
ApplicationGateway\AppGW-Test2

Production-AzSubscription
Event Hubs Namespace\3rd Party SIEM
ApplicationGateway\AppGW-Prod1
ApplicationGateway\AppGW-Prod2

I can send the logs for the production gateway with no problem as I can select from the below steps:

  1. Go to the Diagnostic settings under AppGW
  2. Click Add diagnostic setting, if it already exists, click Edit setting.
  3. In the Destination details, click Stream to an event hub Event Hubs Namespace\3rd Party SIEM under Production-AzSubscription.

What other items is NOT working across two different Azure subscription and how to mitigate it?

Thanks in advance.

Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
635 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
556 questions
Azure Web Application Firewall
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,316 Reputation points Microsoft Employee
    2020-07-14T10:30:27.397+00:00

    Hello @EnterpriseArchitect ,

    From your question, it looks like you are trying to enable diagnostic logs for Azure application gateway and were able to successfully enable it for your production gateway but are unable to do the same for Dev and testing subscriptions.

    You have an event hub in your production subscription and you are trying to add the same event hub when enabling diagnostics for Dev and testing application gateways. Is that correct?

    If that is correct, the Event Hubs namespace does not have to be in the same subscription as the subscription that's emitting logs, as long as you have appropriate RBAC access to both subscriptions and both subscriptions are in the same AAD tenant. So I would recommend you to check your RBAC access for all 3 subscriptions and also check if they are in the same AAD tenant.

    For more details, please refer the below articles:
    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#enable-logging-through-the-azure-portal
    https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings#event-hub

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    --------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.