Resource Manager šablon pro nastavení diagnostiky ve službě Azure Monitor
Tento článek obsahuje ukázkové šablony Azure Resource Manager pro vytvoření nastavení diagnostiky pro prostředek Azure. Každá ukázka obsahuje soubor šablony a soubor parametrů s ukázkovými hodnotami, které se mají šabloně poskytnout.
Pokud chcete vytvořit nastavení diagnostiky pro prostředek Azure, přidejte do šablony prostředek typu <resource namespace>/providers/diagnosticSettings
. Tento článek obsahuje příklady pro některé typy prostředků, ale stejný vzor je možné použít i pro jiné typy prostředků. Kolekce povolených protokolů a metrik se bude pro každý typ prostředku lišit.
Poznámka
Seznam dostupných ukázek a pokyny k jejich nasazení ve vašem předplatném Azure najdete v tématu Ukázky azure Resource Manager pro Azure Monitor.
Nastavení diagnostiky pro protokol aktivit
Následující ukázka vytvoří nastavení diagnostiky pro protokol aktivit přidáním prostředku typu Microsoft.Insights/diagnosticSettings
do šablony.
Důležité
Nastavení diagnostiky pro protokoly aktivit se vytváří pro předplatné, ne pro skupinu prostředků, jako je nastavení pro prostředky Azure. K nasazení šablony Resource Manager použijte New-AzSubscriptionDeployment
PowerShell nebo az deployment sub create
Azure CLI.
Soubor šablony
targetScope = 'subscription'
@description('The name of the diagnostic setting.')
param settingName string
@description('The resource Id for the workspace.')
param workspaceId string
@description('The resource Id for the storage account.')
param storageAccountId string
@description('The resource Id for the event hub authorization rule.')
param eventHubAuthorizationRuleId string
@description('The name of the event hub.')
param eventHubName string
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'Administrative'
enabled: true
}
{
category: 'Security'
enabled: true
}
{
category: 'ServiceHealth'
enabled: true
}
{
category: 'Alert'
enabled: true
}
{
category: 'Recommendation'
enabled: true
}
{
category: 'Policy'
enabled: true
}
{
category: 'Autoscale'
enabled: true
}
{
category: 'ResourceHealth'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"value": "Send to all locations"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "my-eventhub"
}
}
}
Nastavení diagnostiky pro Azure Data Explorer
Následující ukázka vytvoří nastavení diagnostiky pro cluster Azure Data Explorer přidáním prostředku typu Microsoft.Kusto/clusters/providers/diagnosticSettings
do šablony.
Soubor šablony
param clusterName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource cluster 'Microsoft.Kusto/clusters@2022-02-01' existing = {
name: clusterName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: cluster
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
metrics: []
logs: [
{
category: 'Command'
categoryGroup: null
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'Query'
categoryGroup: null
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'Journal'
categoryGroup: null
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'SucceededIngestion'
categoryGroup: null
enabled: false
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'FailedIngestion'
categoryGroup: null
enabled: false
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'IngestionBatching'
categoryGroup: null
enabled: false
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'TableUsageStatistics'
categoryGroup: null
enabled: false
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'TableDetails'
categoryGroup: null
enabled: false
retentionPolicy: {
enabled: false
days: 0
}
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"value": "kustoClusterName"
},
"diagnosticSettingName": {
"value": "A new Diagnostic Settings configuration"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "myEventhub"
}
}
}
Soubor šablony: Povolení skupiny kategorií audit
param clusterName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource cluster 'Microsoft.Kusto/clusters@2022-02-01' existing = {
name: clusterName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: cluster
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: null
categoryGroup: 'audit'
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
]
}
}
Nastavení diagnostiky pro Azure Key Vault
Následující ukázka vytvoří nastavení diagnostiky pro instanci Azure Key Vault přidáním prostředku typu Microsoft.KeyVault/vaults/providers/diagnosticSettings
do šablony.
Důležité
Pro Azure Key Vault musí být centrum událostí ve stejné oblasti jako trezor klíčů.
Soubor šablony
@description('The name of the diagnostic setting.')
param settingName string
@description('The name of the key vault.')
param vaultName string
@description('The resource Id of the workspace.')
param workspaceId string
@description('The resource Id of the storage account.')
param storageAccountId string
@description('The resource Id for the event hub authorization rule.')
param eventHubAuthorizationRuleId string
@description('The name of the event hub.')
param eventHubName string
resource vault 'Microsoft.KeyVault/vaults@2021-11-01-preview' existing = {
name: vaultName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: vault
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'AuditEvent'
enabled: true
}
]
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"value": "Send to all locations"
},
"vaultName": {
"value": "MyVault"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "my-eventhub"
}
}
}
Nastavení diagnostiky pro Azure SQL Database
Následující ukázka vytvoří nastavení diagnostiky pro instanci Azure SQL Database přidáním prostředku typu microsoft.sql/servers/databases/providers/diagnosticSettings
do šablony.
Soubor šablony
@description('The name of the diagnostic setting.')
param settingName string
@description('The name of the Azure SQL database server.')
param serverName string
@description('The name of the SQL database.')
param dbName string
@description('The resource Id of the workspace.')
param workspaceId string
@description('The resource Id of the storage account.')
param storageAccountId string
@description('The resource Id of the event hub authorization rule.')
param eventHubAuthorizationRuleId string
@description('The name of the event hub.')
param eventHubName string
resource dbServer 'Microsoft.Sql/servers@2021-11-01-preview' existing = {
name: serverName
}
resource db 'Microsoft.Sql/servers/databases@2021-11-01-preview' existing = {
parent: dbServer
name: dbName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: db
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'SQLInsights'
enabled: true
}
{
category: 'AutomaticTuning'
enabled: true
}
{
category: 'QueryStoreRuntimeStatistics'
enabled: true
}
{
category: 'QueryStoreWaitStatistics'
enabled: true
}
{
category: 'Errors'
enabled: true
}
{
category: 'DatabaseWaitStatistics'
enabled: true
}
{
category: 'Timeouts'
enabled: true
}
{
category: 'Blocks'
enabled: true
}
{
category: 'Deadlocks'
enabled: true
}
]
metrics: [
{
category: 'Basic'
enabled: true
}
{
category: 'InstanceAndAppAdvanced'
enabled: true
}
{
category: 'WorkloadManagement'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"value": "Send to all locations"
},
"serverName": {
"value": "MySqlServer"
},
"dbName": {
"value": "MySqlDb"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "my-eventhub"
}
}
}
Nastavení diagnostiky pro Azure SQL Managed Instance
Následující ukázka vytvoří nastavení diagnostiky pro instanci Azure SQL Managed Instance přidáním prostředku typu microsoft.sql/managedInstances/providers/diagnosticSettings
do šablony.
Soubor šablony
param sqlManagedInstanceName string
param diagnosticSettingName string
param diagnosticWorkspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource instance 'Microsoft.Sql/managedInstances@2021-11-01-preview' existing = {
name: sqlManagedInstanceName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: diagnosticSettingName
scope: instance
properties: {
workspaceId: diagnosticWorkspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'ResourceUsageStats'
enabled: true
}
{
category: 'DevOpsOperationsAudit'
enabled: true
}
{
category: 'SQLSecurityAuditEvents'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlManagedInstanceName": {
"value": "MyInstanceName"
},
"diagnosticSettingName": {
"value": "Send to all locations"
},
"diagnosticWorkspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "myEventhub"
}
}
}
Nastavení diagnostiky pro spravovanou instanci Azure SQL Database
Následující ukázka vytvoří nastavení diagnostiky pro spravovanou instanci Azure SQL Database přidáním prostředku typu microsoft.sql/managedInstances/databases/providers/diagnosticSettings
do šablony.
Soubor šablony
param sqlManagedInstanceName string
param sqlManagedDatabaseName string
param diagnosticSettingName string
param diagnosticWorkspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource dbInstance 'Microsoft.Sql/managedInstances@2021-11-01-preview' existing = {
name:sqlManagedInstanceName
}
resource db 'Microsoft.Sql/managedInstances/databases@2021-11-01-preview' existing = {
name: sqlManagedDatabaseName
parent: dbInstance
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: diagnosticSettingName
scope: db
properties: {
workspaceId: diagnosticWorkspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'SQLInsights'
enabled: true
}
{
category: 'QueryStoreRuntimeStatistics'
enabled: true
}
{
category: 'QueryStoreWaitStatistics'
enabled: true
}
{
category: 'Errors'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlManagedInstanceName": {
"value": "MyInstanceName"
},
"sqlManagedDatabaseName": {
"value": "MyManagedDatabaseName"
},
"diagnosticSettingName": {
"value": "Send to all locations"
},
"diagnosticWorkspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "myEventhub"
}
}
}
Nastavení diagnostiky trezoru služby Recovery Services
Následující ukázka vytvoří nastavení diagnostiky pro trezor služby Azure Recovery Services přidáním prostředku typu microsoft.recoveryservices/vaults/providers/diagnosticSettings
do šablony. Tento příklad určuje režim shromažďování, jak je popsáno v protokolech prostředků Azure. Zadejte Dedicated
hodnotu nebo AzureDiagnostics
pro logAnalyticsDestinationType
vlastnost.
Soubor šablony
param recoveryServicesName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource vault 'Microsoft.RecoveryServices/vaults@2021-08-01' existing = {
name: recoveryServicesName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: vault
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'AzureBackupReport'
enabled: false
}
{
category: 'CoreAzureBackup'
enabled: true
}
{
category: 'AddonAzureBackupJobs'
enabled: true
}
{
category: 'AddonAzureBackupAlerts'
enabled: true
}
{
category: 'AddonAzureBackupPolicy'
enabled: true
}
{
category: 'AddonAzureBackupStorage'
enabled: true
}
{
category: 'AddonAzureBackupProtectedInstance'
enabled: true
}
{
category: 'AzureSiteRecoveryJobs'
enabled: false
}
{
category: 'AzureSiteRecoveryEvents'
enabled: false
}
{
category: 'AzureSiteRecoveryReplicatedItems'
enabled: false
}
{
category: 'AzureSiteRecoveryReplicationStats'
enabled: false
}
{
category: 'AzureSiteRecoveryRecoveryPoints'
enabled: false
}
{
category: 'AzureSiteRecoveryReplicationDataUploadRate'
enabled: false
}
{
category: 'AzureSiteRecoveryProtectedDiskDataChurn'
enabled: false
}
]
logAnalyticsDestinationType: 'Dedicated'
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"value": "Send to all locations"
},
"recoveryServicesName": {
"value": "my-vault"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "my-eventhub"
}
}
}
Nastavení diagnostiky pracovního prostoru služby Log Analytics
Následující ukázka vytvoří nastavení diagnostiky pro pracovní prostor služby Log Analytics přidáním prostředku typu Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings
do šablony. Tento příklad odesílá data auditu o dotazech spuštěných v pracovním prostoru do stejného pracovního prostoru.
Soubor šablony
param workspaceName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string
resource workspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = {
name: workspaceName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: workspace
properties: {
workspaceId: workspaceId
storageAccountId: storageAccountId
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
logs: [
{
category: 'Audit'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"value": "Send to all locations"
},
"workspaceName": {
"value": "MyWorkspace"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
},
"storageAccountId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
},
"eventHubAuthorizationRuleId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
},
"eventHubName": {
"value": "my-eventhub"
}
}
}
Nastavení diagnostiky pro Azure Storage
Následující ukázka vytvoří nastavení diagnostiky pro každý koncový bod služby úložiště, který je k dispozici v účtu služby Azure Storage. Nastavení se použije pro každou jednotlivou službu úložiště, která je k dispozici v účtu. Dostupné služby úložiště závisí na typu účtu úložiště.
Tato šablona vytvoří nastavení diagnostiky pro službu úložiště v účtu jenom v případě, že pro účet existuje. Nastavení diagnostiky pro každou dostupnou službu umožňuje metriky transakcí a shromažďování protokolů prostředků pro operace čtení, zápisu a odstranění.
Soubor šablony
main.bicep
param storageAccountName string
param settingName string
param storageSyncName string
param workspaceId string
module nested './module.bicep' = {
name: 'nested'
params: {
endpoints: reference(resourceId('Microsoft.Storage/storageAccounts', storageAccountName), '2019-06-01', 'Full').properties.primaryEndpoints
settingName: settingName
storageAccountName: storageAccountName
storageSyncName: storageSyncName
workspaceId: workspaceId
}
}
module.bicep
param endpoints object
param settingName string
param storageAccountName string
param storageSyncName string
param workspaceId string
var hasblob = contains(endpoints, 'blob')
var hastable = contains(endpoints, 'table')
var hasfile = contains(endpoints, 'file')
var hasqueue = contains(endpoints, 'queue')
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
name: storageAccountName
}
resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: settingName
scope: storageAccount
properties: {
workspaceId: workspaceId
storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
metrics: [
{
category: 'Transaction'
enabled: true
}
]
}
}
resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
name:'default'
parent:storageAccount
}
resource blobSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasblob) {
name: settingName
scope: blob
properties: {
workspaceId: workspaceId
storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
logs: [
{
category: 'StorageRead'
enabled: true
}
{
category: 'StorageWrite'
enabled: true
}
{
category: 'StorageDelete'
enabled: true
}
]
metrics: [
{
category: 'Transaction'
enabled: true
}
]
}
}
resource table 'Microsoft.Storage/storageAccounts/tableServices@2021-09-01' existing = {
name:'default'
parent:storageAccount
}
resource tableSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hastable) {
name: settingName
scope: table
properties: {
workspaceId: workspaceId
storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
logs: [
{
category: 'StorageRead'
enabled: true
}
{
category: 'StorageWrite'
enabled: true
}
{
category: 'StorageDelete'
enabled: true
}
]
metrics: [
{
category: 'Transaction'
enabled: true
}
]
}
}
resource file 'Microsoft.Storage/storageAccounts/fileServices@2021-09-01' existing = {
name:'default'
parent:storageAccount
}
resource fileSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasfile) {
name: settingName
scope: file
properties: {
workspaceId: workspaceId
storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
logs: [
{
category: 'StorageRead'
enabled: true
}
{
category: 'StorageWrite'
enabled: true
}
{
category: 'StorageDelete'
enabled: true
}
]
metrics: [
{
category: 'Transaction'
enabled: true
}
]
}
}
resource queue 'Microsoft.Storage/storageAccounts/queueServices@2021-09-01' existing = {
name:'default'
parent:storageAccount
}
resource queueSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasqueue) {
name: settingName
scope: queue
properties: {
workspaceId: workspaceId
storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
logs: [
{
category: 'StorageRead'
enabled: true
}
{
category: 'StorageWrite'
enabled: true
}
{
category: 'StorageDelete'
enabled: true
}
]
metrics: [
{
category: 'Transaction'
enabled: true
}
]
}
}
Soubor parametrů
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"value": "mymonitoredstorageaccount"
},
"settingName": {
"value": "Send to all locations"
},
"storageSyncName": {
"value": "mystorageaccount"
},
"workspaceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
}
}
}