Diagnostic settings not showing as defined for certain resources.

Question

Vnet gateways and subnets diagnostic settings are both accessed the same way. Theyre not under the monitor section of the resource but under activity log then diagnostic settings. I have a policy to define these settings but there is some discrepancy in confirming if it was succesful. For vnet gateways i see diagnostic settings configured when i go to the overall diagnostics blade and can click on the resource and it shows its defined but not going directly to the resource. It also shows 0/1 non compliant so its picking up that its compliant and enabled. For subscriptions how do I confirm this?

Answer 1

Hi @J3

You are incorrect for enabling the Diagnostic logs from the Activity Log, this is for all activity logs generated on the selected subscription.

• For Virtual Network gateways, you can enable it via the Monitor Blade https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-setup-alerts-virtual-network-gateway-log
• Subnets are part of a Virtual Network and the diagnostic settings are enabled at this level https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing.

Azure Policy should be able to deploy these diagnostic settings with ease, if you need to create a new policy I would suggest https://github.com/JimGBritt/AzurePolicy/blob/master/AzureMonitor/Scripts/README.md#overview-of-create-azdiagpolicyps1