Forum Discussion

RAVIBABU_CH's avatar
RAVIBABU_CH
Copper Contributor
Oct 09, 2024

Azure Policy - Seeking Guidance: Adding "Destination Table" to Built-In Azure Policy

 

Hi Team,

I am sharing the existing Built-In Azure Policy that previously sent logs to Log Analytics Workspace. However, it currently lacks the option to choose "Destination Table" with selections such as "Azure Diagnostics" or "Resource Specific."

I would like to include this option in the policy. Could you please advise on how to achieve this?


Built-in Policy Name : 

Enable logging by category group for Application gateways (microsoft.network/applicationgateways) to Log Analytics

Policy Code

 

 

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "microsoft.network/applicationgateways"
        },
        {
          "anyOf": [
            {
              "value": "[first(parameters('resourceLocationList'))]",
              "equals": "*"
            },
            {
              "field": "location",
              "in": "[parameters('resourceLocationList')]"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Insights/diagnosticSettings",
        "evaluationDelay": "AfterProvisioning",
        "existenceCondition": {
          "allOf": [
            {
              "count": {
                "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
                "where": {
                  "allOf": [
                    {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled",
                      "equals": "[equals(parameters('categoryGroup'), 'allLogs')]"
                    },
                    {
                      "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup",
                      "equals": "allLogs"
                    }
                  ]
                }
              },
              "equals": 1
            },
            {
              "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
              "equals": "[parameters('logAnalytics')]"
            }
          ]
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "diagnosticSettingName": {
                  "type": "string"
                },
                "logAnalytics": {
                  "type": "string"
                },
                "categoryGroup": {
                  "type": "String"
                },
                "resourceName": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "type": "microsoft.network/applicationgateways/providers/diagnosticSettings",
                  "apiVersion": "2021-05-01-preview",
                  "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]",
                  "properties": {
                    "workspaceId": "[parameters('logAnalytics')]",
                    "logs": [
                      {
                        "categoryGroup": "allLogs",
                        "enabled": "[equals(parameters('categoryGroup'), 'allLogs')]"
                      }
                    ],
                    "metrics": []
                  }
                }
              ],
              "outputs": {
                "policy": {
                  "type": "string",
                  "value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Application gateways (microsoft.network/applicationgateways), resourceName ', parameters('resourceName'), ' to Log Analytics ', parameters('logAnalytics'), ' configured')]"
                }
              }
            },
            "parameters": {
              "diagnosticSettingName": {
                "value": "[parameters('diagnosticSettingName')]"
              },
              "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
              },
              "categoryGroup": {
                "value": "[parameters('categoryGroup')]"
              },
              "resourceName": {
                "value": "[field('name')]"
              }
            }
          }
        }
      }
    }
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    },
    "diagnosticSettingName": {
      "type": "String",
      "metadata": {
        "displayName": "Diagnostic Setting Name",
        "description": "Diagnostic Setting Name"
      },
      "defaultValue": "setByPolicy-LogAnalytics"
    },
    "categoryGroup": {
      "type": "String",
      "metadata": {
        "displayName": "Category Group",
        "description": "Diagnostic category group - none, audit, or allLogs."
      },
      "allowedValues": [
        "audit",
        "allLogs"
      ],
      "defaultValue": "audit"
    },
    "resourceLocationList": {
      "type": "Array",
      "metadata": {
        "displayName": "Resource Location List",
        "description": "Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)."
      },
      "defaultValue": [
        "*"
      ]
    },
    "logAnalytics": {
      "type": "String",
      "metadata": {
        "displayName": "Log Analytics Workspace",
        "description": "Log Analytics Workspace",
        "strongType": "omsWorkspace",
        "assignPermissions": true
      }
    }
  }
}

 

 

 

No RepliesBe the first to reply

Resources