Diagnostic Settings required for all resources?

Question

1. Whether Diagnostic Settings enablement is a must for all resources? If that is not enabled, I will not get any logs for troubleshooting?
2. Is there a way to get basic logs with out Diagnostic settings enablement.
3. How to see the Storage cost of Log Analytics Workspace and current utilization?

4.2. if diagnostic settings mandatory, as there are thousands of resources and many are being built everyday, how to practically achieve that?

Answer 1

We had a similar problem with applying settings at scale and ensuring that a consistent set of the diagnostic logs were configured. Some were included in templates, some not and rarely the same set. One really useful tool ended up being Azure Policy which can be used to detect and remediate resources which didn't have diagnostic settings applied. We didn't configure this for everything just for those which we felt were the most relevant to us. There is a guide for the policy approach here: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings-policy

As for cost we've found it can be difficult to predict, so we've had to run for a week or so under usual load and then check the 'Usage and estimated costs' tab of Log Analytics to do a bit of deep dive into what's sending the most through. In some cases this has caused us to remove particular settings or have those logs sent to other locations.

If the logs aren't configured then you will miss out on that data, but I think it's important to make a conscious decision on what to enable. Some of the setting can generate a lot of data and can be expensive both in terms of cost, time and complexity. So it's worth considering what's important for your particular environment/service type/application.

Answer 2

Prajith K, Michael above has provided some great insights about Diagnostic Settings, enabling them through Azure Policy and estimating cost. The following answer to your questions, in addition to Michael's answer, should help you further.

1.

1. & 2. Diagnostic settings are not a must for all Azure resources to function. Even with diagnostic setting in disabled state, you can troubleshoot various issues. The troubleshooting process would depend on the type of resources deployed and the issue with them.

The common issues with Azure Resources' can be troubleshot using the "Diagnose and solve problems" option available in respective resource's "Resource Menu"

![User's image](/api/attachments/f116188b-899c-423f-b925-2825e7ad078b?platform=QnA)

If you are deploying Web Apps, the application's logging & Application Insights itself can provide enough information for troubleshooting a wide variety of issues.

For VMs, system logs/event viewer could help you solve most of the issues.

Also, Azure Monitor Metric is available that collects numeric data from resource into time series DB. It is available for certain metrics (depending on the resource) by default.

Therefore, even without diagnostic settings enabled, you can troubleshoot a large number of issues. I would suggest looking at the following links for more insights in this area: -

• Microsoft Azure troubleshooting documentation undefinedundefined
• • • • Azure Well-Architected Framework's Monitoring operations of cloud applications - This provides a comprehensive easy to navigate checklist that should help you detect, correct, and prevent issues from occurring. Diagnostic Settings - can help you centralize the log collection into easy query-able format and storage (for example, when they are enabled to send logs/metrics to Log Analytics). Each resource will have its own types of logs to be collected, hence it will be important to understand the type of logs to collect and their retention period.
  3. Usage cost and current utilization of Log Analytics Workspace - You could use the Usage Chart available in "Usage and estimated costs" of the Log analytics workspace to get this information. Also, this link has some good information and queries which can be used to analyze the usage pattern by various types of logs. 4. The answer as provided above should help you. You could check the Create diagnostic settings at scale using Azure Policy for this information. Note that every resource will have its own type of logs which can be sent to various destinations. Therefore, the doc mentions initiative (which is collection of Azure policies for various types of resource) that can assigned in one go. This should help you enable the setting up of diagnostic settings on the majority of the resources. Please let me know if you have any questions. Please 'Accept as answer' if it helped so that it can help others in the community looking for help on similar topics.