Share via

Microsoft.KeyVault/managedHSM supported Diagnostic Settings log categories

Wiliam Rocha 40 Reputation points Microsoft Employee
2023-03-01T15:23:37.62+00:00

As per the Microsoft documentation (https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories#microsoftkeyvaultmanagedhsms), Microsoft.KeyVault/managedHSM support integration with diagnostic settings by logging AuditEvents, something like:

resource mhsmsDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = [for i in range(0, managedHSMCount): {
  name: 'mhsm-diagnostics'
  scope: mhsms[i] // array of Microsoft.KeyVault/managedHSMs@2021-10-01
  properties: {
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    metrics: [
      {
        category: 'AllMetrics'
        enabled: true
      }
    ]
    // https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories#microsoftkeyvaultmanagedhsms
    logs: [
      {
        category: 'AuditEvent'
        enabled: true
        retentionPolicy: {
          days: 5
          enabled: true
        }
      }
    ]
  }
}]

My question here is: do we have any plan to allow filtering the Audit Events allowed to log? Currently they are overloading my logs with a lot of stuff that I would like to ignore.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,411 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.