Hi @J3
You are incorrect for enabling the Diagnostic logs from the Activity Log, this is for all activity logs generated on the selected subscription.
- For Virtual Network gateways, you can enable it via the Monitor Blade https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-setup-alerts-virtual-network-gateway-log
- Subnets are part of a Virtual Network and the diagnostic settings are enabled at this level https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing.
Azure Policy should be able to deploy these diagnostic settings with ease, if you need to create a new policy I would suggest https://github.com/JimGBritt/AzurePolicy/blob/master/AzureMonitor/Scripts/README.md#overview-of-create-azdiagpolicyps1