Forum Discussion

PatrikHansson's avatar
PatrikHansson
Brass Contributor
Oct 01, 2020

Policy sets resource to non-compliand but no Events are created

Hi

 

Trying to get a grip on creating policies and initiatives. Have made a simple initiative with one policy that checks for log analytics agent installation:

The Log Analytics agent should be installed on virtual machines"

It finds 3 test server that I've left without log analytics agent and marks them as non-compliant. Of course I want to monitor this so I started looking in the logs for this.

Can't find it anyware. And the events tab under Policy is empty as well. 

 
 

Have I missed something ? 

  • hspinto 

    Hi

    Yes, there is nothing in event log.

    But I got this response from support:

    As updated from the Product group, any effect related log that is related to compliance evaluation is no longer written to activity log. If it's a policy denying an operation for a PUT/PATCH request on resource, those are still logged.

     

    As confirmed also by PG, we are working towards integrating with Event Grid to create policies state events for resources that become non-compliant. This will allow you to be aware a state change has occurred and trigger actions such as kick off a remediation task. This feature is set to be completed late this calendar year.

     

    So I guess it is correct that there aren't anything in the activity log for me. 

    • PatrikHansson's avatar
      PatrikHansson
      Brass Contributor

      hspinto 

      Hi

      Yes, there is nothing in event log.

      But I got this response from support:

      As updated from the Product group, any effect related log that is related to compliance evaluation is no longer written to activity log. If it's a policy denying an operation for a PUT/PATCH request on resource, those are still logged.

       

      As confirmed also by PG, we are working towards integrating with Event Grid to create policies state events for resources that become non-compliant. This will allow you to be aware a state change has occurred and trigger actions such as kick off a remediation task. This feature is set to be completed late this calendar year.

       

      So I guess it is correct that there aren't anything in the activity log for me. 

Resources