[英]Enable diagnostic settings for Storage account using Azure Policy Definition
I am trying to set inbuilt policy definition to send logs of storage account to Log analytics workspace using Azure Portal.我正在尝试设置内置策略定义以使用 Azure 门户将存储帐户的日志发送到日志分析工作区。
Note: I am using personal azure account subscription with Free Trail.注意:我在 Free Trail 中使用个人 azure 帐户订阅。
1st Step: Configure diagnostic settings for storage accounts to Log Analytics workspace第一步: 将存储帐户的诊断设置配置到 Log Analytics 工作区
2nd Step: Clicked on Assign --> Scope set to Resource Group then Log Analytics resource selected in Parameter tab - > Review +Create第二步:点击分配 --> 范围设置为资源组,然后在参数选项卡中选择 Log Analytics 资源 -> 查看 +创建
3rd Step: Created Policy Assignment Success, Role Assignments creation succeeded in Azure Portal第 3 步:创建策略分配成功,在 Azure 门户中成功创建角色分配
4th Step: After waiting for 15 mins, Storage Account --> Diagnostic settings (preview) -- > I don't see Diagnostic Settings are enabled in Storage Account.第 4 步:等待 15 分钟后,存储帐户 --> 诊断设置(预览)--> 我没有看到存储帐户中启用了诊断设置。
I can see Non Compliance Issue in policy .我可以在 policy 中看到Non Compliance Issue 。 Below is details for same.
以下是相同的详细信息。
What I am missing?我缺少什么?
Update:更新:
The issue must be for existing storage accounts only if you are not selecting the create the remediation task
as shown below:仅当您没有选择
create the remediation task
,问题才必须出现在现有存储帐户上,如下所示:
If the above is selected then your all the storage accounts present in subscription will become compliant (I have tested it for a resource group and not subscription).如果选择上述选项,则订阅中存在的所有存储帐户都将合规(我已针对资源组而不是订阅对其进行了测试)。
Note: If this is not selected then existing storage account will error out with the same error you are getting, but the new ones which will be created will get compliant .注意:如果未选择此选项,则现有存储帐户将出现与您相同的错误,但将创建的新帐户将符合 。
Steps to follow if the Policy is applied and remediation is not selected :如果应用了策略但未选择补救,则应遵循的步骤:
Click on Create remediation task from the compliance page and it will automatically populate the non-compliant storage accounts .单击合规性页面中的创建修复任务,它将自动填充不合规的存储帐户。
Click on remediate.点击修复。 It will submit the process and after the remediate process succeeds , it will take around 15 mins for all non-compliant storage account to become compliant.
它将提交流程,在修复流程成功后,所有不合规的存储帐户需要大约 15 分钟才能合规。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.