堆栈内存溢出
  简体   繁体   English

使用 Azure 策略定义为存储帐户启用诊断设置

[英]Enable diagnostic settings for Storage account using Azure Policy Definition

 原文  2021-10-11 17:01:09       azure/ azure-storage/ azure-log-analytics/ azure-diagnostics/ azure-policy

问题描述

I am trying to set inbuilt policy definition to send logs of storage account to Log analytics workspace using Azure Portal.我正在尝试设置内置策略定义以使用 Azure 门户将存储帐户的日志发送到日志分析工作区。

Note: I am using personal azure account subscription with Free Trail.注意:我在 Free Trail 中使用个人 azure 帐户订阅。

1st Step: Configure diagnostic settings for storage accounts to Log Analytics workspace第一步: 将存储帐户的诊断设置配置到 Log Analytics 工作区

2nd Step: Clicked on Assign --> Scope set to Resource Group then Log Analytics resource selected in Parameter tab - > Review +Create第二步:点击分配 --> 范围设置为资源组,然后在参数选项卡中选择 Log Analytics 资源 -> 查看 +创建

3rd Step: Created Policy Assignment Success, Role Assignments creation succeeded in Azure Portal第 3 步:创建策略分配成功,在 Azure 门户中成功创建角色分配

4th Step: After waiting for 15 mins, Storage Account --> Diagnostic settings (preview) -- > I don't see Diagnostic Settings are enabled in Storage Account.第 4 步:等待 15 分钟后,存储帐户 --> 诊断设置(预览)--> 我没有看到存储帐户中启用了诊断设置。

I can see Non Compliance Issue in policy .我可以在 policy 中看到Non Compliance Issue Below is details for same.以下是相同的详细信息。

What I am missing?我缺少什么?

在此处输入图片说明

Update:更新:

在此处输入图片说明

在此处输入图片说明

在此处输入图片说明

1 个解决方案

解决方案1
 1 已采纳  2021-10-12 13:56:26

The issue must be for existing storage accounts only if you are not selecting the create the remediation task as shown below:仅当您没有选择create the remediation task ,问题才必须出现在现有存储帐户上,如下所示:

在此处输入图片说明

If the above is selected then your all the storage accounts present in subscription will become compliant (I have tested it for a resource group and not subscription).如果选择上述选项,则订阅中存在的所有存储帐户都将合规(我已针对资源组而不是订阅对其进行了测试)。

在此处输入图片说明

Note: If this is not selected then existing storage account will error out with the same error you are getting, but the new ones which will be created will get compliant .注意:如果未选择此选项,则现有存储帐户将出现与您相同的错误,但将创建的新帐户将符合 。

Steps to follow if the Policy is applied and remediation is not selected :如果应用了策略但未选择补救,则应遵循的步骤:

  1. Click on Create remediation task from the compliance page and it will automatically populate the non-compliant storage accounts .单击合规性页面中的创建修复任务,它将自动填充不合规的存储帐户。

    在此处输入图片说明

  2. Click on remediate.点击修复。 It will submit the process and after the remediate process succeeds , it will take around 15 mins for all non-compliant storage account to become compliant.它将提交流程,在修复流程成功后,所有不合规的存储帐户需要大约 15 分钟才能合规。

    在此处输入图片说明

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Azure 中,是否可以创建补救策略以启用存储帐户中的诊断设置登录? - In Azure can you create a remdiation policy to enable logging in diagnostic settings in a storage account? Azure 诊断设置的自动化帐户策略 - Azure Automation Account policy for Diagnostic Settings 使用 PowerShell 为 Azure 存储帐户启用诊断设置 - Enabling diagnostic settings for Azure Storage Account using PowerShell 如何确保永久执行存储帐户 Azure 策略的诊断设置? - How to ensure the diagnostic settings for storage accounts Azure policy is permanently enforced? 在使用 farmer 创建 azure VM 期间无法添加现有存储帐户以启用诊断日志 - Not able to add existing storage account to enable diagnostic logs during azure VM creation using farmer Select 在使用诊断设置传输到存储帐户时限制 App Insights 日志数据的列 - Select limited columns from App Insights log data while transferring to storage account using Diagnostic settings 如何通过 Azure 策略审核诊断设置中的日志记录类别? - How to audit logging categories in Diagnostic settings via Azure policy? 诊断日志(存储)未显示在 Azure 存储帐户中 - Diagnostic Logs (Storage) not showing up in Azure Storage Account 无法从存储帐户中删除诊断设置 - Can't remove diagnostic settings from storage account 需要 powershell 脚本来启用存储帐户和密钥保管库的诊断日志记录 - Need powershell script to enable diagnostic logging for Storage account and Key vault
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM