如果处于禁用状态,则尝试创建一个策略以启用现有NSG的NSG流程日志。完成任务的任何建议或参考。提前谢谢。
它现在通过Azure Policy 工作
{
"mode": "All",
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Network/networkWatchers/flowLogs",
"resourceGroupName": "NetworkWatcherRG",
"name": "[concat('networkwatcher_', field('location'), '/Microsoft.Network', resourceGroup().name, field('name'))]",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Network/networkWatchers/flowLogs/targetResourceId",
"equals": "[concat(resourceGroup().id, '/providers/Microsoft.Network/networkSecurityGroups/', field('name'))]"
},
{
"field": "Microsoft.Network/networkWatchers/flowLogs/enabled",
"equals": "true"
},
{
"field": "Microsoft.Network/networkWatchers/flowLogs/storageId",
"equals": "[parameters('storageId')]"
}
]
},
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageId": {
"type": "String"
},
"nsgName": {
"type": "String"
},
"nsgRG": {
"type": "String"
},
"location": {
"type": "String"
},
"targetResource": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkWatchers/flowLogs",
"name": "[concat('networkwatcher_', parameters('location'), '/Microsoft.Network', parameters('nsgRG'), parameters('nsgName'))]",
"apiVersion": "2019-11-01",
"location": "[parameters('location')]",
"properties": {
"targetResourceId": "[parameters('targetResource')]",
"storageId": "[parameters('storageId')]",
"enabled": "true",
"retentionPolicy": {
"days": "0",
"enabled": "false"
}
}
}
]
},
"parameters": {
"storageId": {
"value": "[parameters('storageId')]"
},
"nsgName": {
"value": "[field('name')]"
},
"nsgRG": {
"value": "[resourceGroup().name]"
},
"location": {
"value": "[field('location')]"
},
"targetResource": {
"value": "[concat(resourceGroup().id, '/providers/Microsoft.Network/networkSecurityGroups/', field('name'))]"
}
}
}
}
}
}
},
"parameters": {
"storageId": {
"type": "String",
"metadata": {
"displayName": "Storage id",
"description": "A string with the storage id for the flowlogs to be sent to. The format must be: '/subscriptions/{subscription id}/resourceGroups/{resourceGroup name}/providers/Microsoft.Storage/storageAccounts/{storage account name}"
}
}
}
}