none
Azure Policy - trouble targeting specific logs in Application Gateway diagnostic settings RRS feed

  • Question

  • Hi,

    I’m trying to write an Azure Policy for Application Gateway that audits the diagnostic settings I have. The policy should check to see if it is sending ApplicationGatewayAccessLog and ApplicationGatewayFirewallLog but NOT ApplicationGatewayPerformanceLog or Metrics to an oms workspace.

    I can write a policy that will check all logs but I only want 2 out of the 3 being fed into a workspace. Haw can I target those two only?

    Any help would be lovely. Thanks.


    Friday, August 2, 2019 9:28 AM

All replies

  • Thanks for reaching out! We are looking into it and we will update you soon.
    Wednesday, August 7, 2019 3:04 PM
    Moderator
  • AFAIK ,here is the policy definition that denies setting the ApplicationGatewayPerformanceLog  to true .

    {
        "properties": {
            "displayName": "Audit diagnostic setting",
            "description": "This policy enables you to Audit diagnostic setting of application Gateway that are allowed",
    		"mode": "All",
            "parameters": {
    
            },
            "policyRule": {
                "if": {
                    "allOf": [
                        {
                            "field": "type",
                            "equals": "Microsoft.Network/applicationGateways"
                        },
                        {
                            "field": "Microsoft.Insights/diagnosticSettings/logs[*].category"",
                            "equals": "ApplicationGatewayPerformanceLog"
                        },
    					                    {
                            "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled"",
                            "equals": "true"
                        }
                    ]
                },
                "then": {
                    "effect": "Deny"
                }
            }
        }
    }



    Thursday, August 22, 2019 10:37 AM
    Moderator