Hi everyone,
First off, thanks in advance of taking the time to read through my subject!
I’m experiencing an issue with azurerm_monitor_diagnostic_setting. I try to create the diagnostic log settings for Network Security Group by tracking the nsg using its ID. But it return an “Unknown service error”. Had anyone faced this error when setting Diagnostic Log Settings for NSG?
Thanks in advance.
I share with a simple code that I’m using :
resource “azurerm_network_security_group” “my_nsg” {
name = “00test-nsg”
location = “West Europe”
resource_group_name = “test_RG”
tags = {
environment = "Terraform test"
}
}
variable “nsg_log_category” {
type = list(string)
default = [“NetworkSecurityGroupEvent”, “NetworkSecurityGroupRuleCounter”]
}
resource “azurerm_monitor_diagnostic_setting” “nsg_diagnostic_setting” {
name = “00testDiagnostics-NSG”
target_resource_id = azurerm_network_security_group.my_nsg.id
storage_account_id = “/subscriptions/xxxxxxxxxxxxxxxxxxxxxx/resourceGroups/test_RG/providers/Microsoft.Storage/storageAccounts/00teststorage”
log_analytics_workspace_id = “/subscriptions/xxxxxxxxxxxxxxxxxxxxxxx/resourcegroups/test_RG/providers/microsoft.operationalinsights/workspaces/test-analytics”
dynamic “log” {
for_each = var.nsg_log_category
content {
category = log.value
enabled = true
retention_policy {
enabled = true
days = 365
}
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = true
days = 365
}
}
}
The error that I’m getting is below :
Error: Error creating Monitor Diagnostics Setting “00testDiagnostics-NSG” for Resource “/subscriptions/xxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/test_RG/providers/Microsoft.Network/networkSecurityGroups/00test-nsg”: insights.DiagnosticSettingsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 – Original Error: autorest/azure: Service returned an error. Status=400 Code=“Unknown” Message=“Unknown service error” Details=[{“code”:“BadRequest”,“message”:""}]