Does anybody know what the current values for enable_log for azurerm_monitor_diagnostic_setting. I have used all and allLogs none have worked. Thank you. And the code below is unsupported.
enabled_log {
category = "AuditEvent"
What is available to be used for that parameter depends upon the resource you are applying the diagnostic settings to.
A list is provided here, which includes categories but not category groups:
Supported categories for Azure Monitor resource logs | Microsoft Learn
But you may also want to use category groups (such as allLogs, audit, etc.)
Here is a small Powershell-AZ script that will list out all of the current valid diagnostic settings categories and the diagnostic settings category groups they are part of. It queries the Azure Resource Manager API directly
Ensure you are running with an up to date Powershell with an up to date Azure Az Powershelll module installed and that you have authenticated (connect-azaccount) against the subscription that contains the resource you are querying.
## Replace the below string with a full resource Id
$ResourceId = "ReplaceWithResourceId"
$DiagSettingsCategoriesRequest = invoke-azrestmethod -path "$($ResourceId)/providers/microsoft.insights/diagnosticSettingsCategories?api-version=2021-05-01-preview"
$DiagSettingsCategories = $DiagSettingsCategoriesRequest.Content | convertfrom-json
$DiagSettingsCategories.value | ForEach-Object {
[PSCustomObject]@{
name = $_.name
displayname = $_.properties.displayname
CategoryType = $_.properties.CategoryType
CategoryGroups = $_.properties.CategoryGroups -join ', '
}
}
Hope that helps
Happy Terraforming!
Thanks for sharing and the time and response. I will try this solution.
Hi guys, this configuration is working for my storage account with blob containers (23 February 2024):
# Diagnostic settings for the metrics of the storage account.
resource "azurerm_monitor_diagnostic_setting" "storageaccount_diagnostic" {
name = "${var.environment}-${var.storage_account.name}-diagnostic"
target_resource_id = azurerm_storage_account.storageaccount.id
log_analytics_workspace_id = var.loganalytics_workspace_id
# All metrics
metric {
category = "Capacity"
enabled = true
}
metric {
category = "Transaction"
enabled = true
}
}
# Diagnostic settings (metrics and logs) for the storage account's blob containers. It's configured once to cover all blobs.
resource "azurerm_monitor_diagnostic_setting" "storageaccount_diagnostic_blobs" {
name = "${var.environment}-${var.storage_account.name}-diagnostic-blobs"
target_resource_id = "${azurerm_storage_account.storageaccount.id}/blobServices/default/"
log_analytics_workspace_id = var.loganalytics_workspace_id
enabled_log {
category_group = "allLogs"
}
# All metrics
metric {
category = "Capacity"
enabled = true
}
metric {
category = "Transaction"
enabled = true
}
}
I did the same for the tables and queues, using an additional resource and changing the target_resource_id reference to:
"${azurerm_storage_account.storageaccount[0].id}/tableServices/default/""${azurerm_storage_account.storageaccount[0].id}/queueServices/default/"
Naturally the variables will need to be updated to reflect your environment.