小贝子编程

尝试在ARM模板中设置活动日志的诊断设置



我一直在尝试在Azure中创建一个日志功能应用程序的模板,基本思想是它将转发所有活动日志类别信息以及使用事件中心作为触发器的所有审计日志信息,我已经完成了大部分模板,但我一直遇到以下错误,当涉及到诊断设置部分:

资源类型'/'不支持诊断设置

我做错了什么吗?我刚开始使用azure不久,恐怕我误解了在ARM模板中创建诊断设置的方式。我似乎找不到任何关于这个的模板或文档,我很茫然…

节选:

...
"variables": {
"eventHubNamespaceName": "azure-logger",
"auditEventHubName": "[concat(variables('eventHubNamespaceName'), '/', 'audit-logs')]",
"activityEventHubName": "[concat(variables('eventHubNamespaceName'), '/', 'activity-logs')]",
"authRuleResourceId": "[resourceId('Microsoft.Eventhub/namespaces/authorizationRules', variables('eventHubNamespaceName'), 'RootManageSharedAccessKey')]",
"auditAuthorizationRuleId": "[resourceId('Microsoft.EventHub/namespaces/eventhubs/authorizationRules', variables('eventHubNamespaceName') , 'audit-logs', 'default')]",
"activityAuthorizationRuleId": "[resourceId('Microsoft.EventHub/namespaces/eventhubs/authorizationRules', variables('eventHubNamespaceName') , 'activity-logs', 'default')]"
},
"resources": [
{
"name": "[variables('eventHubNamespaceName')]",
"type": "Microsoft.EventHub/namespaces",
"apiVersion": "2021-06-01-preview",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"status": "Active"
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs",
"apiVersion": "2021-06-01-preview",
"name": "[concat(variables('eventHubNamespaceName'), '/', 'audit-logs')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubNamespaceName'))]"
],
"properties": {
"messageRetentionInDays": 1,
"partitionCount": 1
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "2021-06-01-preview",
"name": "[concat(variables('eventHubNamespaceName'), '/', 'audit-logs','/','default')]",
"properties": {
"rights": [ "Manage", "Listen", "Send" ]
},
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs',  variables('eventHubNamespaceName'), 'audit-logs')]"
]
}
]
},
{
"type": "Microsoft.EventHub/namespaces/eventhubs",
"apiVersion": "2021-06-01-preview",
"name": "[concat(variables('eventHubNamespaceName'), '/', 'activity-logs')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubNamespaceName'))]"
],
"properties": {
"messageRetentionInDays": 1,
"partitionCount": 1
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "2021-06-01-preview",
"name": "[concat(variables('eventHubNamespaceName'), '/', 'activity-logs','/','default')]",
"properties": {
"rights": [ "Manage", "Listen", "Send" ]
},
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs',  variables('eventHubNamespaceName'), 'activity-logs')]"
]
}
]
}
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(variables('eventHubNamespaceName'),'activity-logs')]",
"properties": {
"eventHubName": "activity-logs",
"eventHubAuthorizationRuleId": "[variables('activityAuthorizationRuleId')]",
"logs": [
{
"category": "Administrative",
"enabled": true
},
{
"category": "Security",
"enabled": true
},
{
"category": "ServiceHealth",
"enabled": true
},
{
"category": "Alert",
"enabled": true
},
{
"category": "Recommendation",
"enabled": true
},
{
"category": "Policy",
"enabled": true
},
{
"category": "Autoscale",
"enabled": true
},
{
"category": "ResourceHealth",
"enabled": true
}
]
}
}
]
...```

订阅创建活动日志的诊断设置不用于资源组比如Azure资源的设置。因此,当您检查本文档中活动日志的诊断设置时,您将发现可以使用任何有效的方法(包括PowerShell和CLI)部署Azure资源管理器模板。活动日志的诊断设置必须部署到订阅中,对于CLI使用az deployment create或对于PowerShell使用New-AzDeployment.

模板应该如下所示:

{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"type": "String"
},
"workspaceId": {
"type": "String"
},
"storageAccountId": {
"type": "String"
},
"eventHubAuthorizationRuleId": {
"type": "String"
},
"eventHubName": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[parameters('settingName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[parameters('storageAccountId')]",
"eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",
"eventHubName": "[parameters('eventHubName')]",
"logs": [
{
"category": "Administrative",
"enabled": true
},
{
"category": "Security",
"enabled": true
},
{
"category": "ServiceHealth",
"enabled": true
},
{
"category": "Alert",
"enabled": true
},
{
"category": "Recommendation",
"enabled": true
},
{
"category": "Policy",
"enabled": true
},
{
"category": "Autoscale",
"enabled": true
},
{
"category": "ResourceHealth",
"enabled": true
}
]
}
}
]
}

如果你遵循上面的模板,你应该有一个Parameter文件。

还要注意,当启用虚拟网络时,诊断设置不能访问事件中心资源。您必须启用"允许受信任的Microsoft服务绕过事件中心中的此防火墙设置",以便授予诊断设置(Azure监视器服务)对事件中心资源的访问权限。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium