question

ChristianCapellan-3279 avatar image
1 Vote"
ChristianCapellan-3279 asked jagadish-7524 answered

Security Center Regulatory Compliance "Audit diagnostic setting" not clearing for linux VM

I can't get this regulatory compliance to clear for a Linux Debian 9 VM I have. When I go to diagnostic settings for the VM, I have confirmed that it's saving diagnostic data to Azure Storage. The Metrics and Insights tabs are both populated with data. One thing I did notice is that the latest Azure Monitor for VMs is currently not supported for this machine (it says "unsupported" when I go to upgrade it in Azure Monitor).

azure-virtual-machinesazure-monitorazure-security-center
· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ChristianCapellan-3279
Thank you for the post and I apologize for the delayed response!

  • Can you provide a screenshot of what you're seeing in Azure Security Center's Regulatory Compliance "Audit diagnostic settings" where it's not clearing for your Linux VM?

  • How did you enable your VMs diagnostic settings?

  • Can you share a screenshot of Azure Monitor not being supported for your VM when you go to upgrade it?

Any additional information would be greatly appreciated!


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

1 Vote 1 ·

@ChristianCapellan-3279
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

1 Vote 1 ·

I'm still having the issue. Below are some screenshots.


42783-image.png


42784-image.png


42629-image.png


42539-image.png


1 Vote 1 ·
image.png (38.8 KiB)
image.png (63.9 KiB)
image.png (107.9 KiB)
image.png (101.9 KiB)

After some more research today, I may have found the issue. Even though I have enabled all of the monitoring and logging features for the VM, the diagnostic settings returns empty when I call it using az monitor diagnostic-settings. This is what the policy is checking for based on the definition of this policy; that monitor and log settings are enabled (see attached policy)42720-policy.txt. I then attempted to manually add a metric and log setting to the VM using az monitor diagnostic-settings create. I was able to successfully add a metric record, but I'm not able to add any type of log record (I can't find a category that is accepted for logs). At this point, I'm just going to remove VM resources from the resource types that this policy applies to for now. See the attached file for the current diagnostic setting for the VM.42851-diagnostic-setting.txt


1 Vote 1 ·

Not sure what happend with my attachements. Here they are again.

Thanks

42861-diagnostic-setting.txt


42862-policy.txt


1 Vote 1 ·
JamesTran-MSFT avatar image JamesTran-MSFT ChristianCapellan-3279 ·

@ChristianCapellan-3279
Thank you for the detailed response!

I've reached out to our Azure Monitor and VM engineers so they can look into this issue as well. In the meantime, if this is urgent, please feel free to email me using the information below so I can enable your subscription for a one-time free technical support request, this way our support engineers can take a closer look into your issue.

Email: AzCommunity@microsoft.com
Subject: ATTN - James Tran
Body:
Azure Subscription ID
Link to this issue


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

2 Votes 2 ·

Hi James I have similar issue, have the issue been resolved

1 Vote 1 ·
Show more comments

1 Answer

jagadish-7524 avatar image
0 Votes"
jagadish-7524 answered

Unlike other Azure resources, you cannot create a diagnostic setting for a virtual machine, Please review the below document to enable diagnostic settings with another method92515-azureauditdiag.png

https://docs.microsoft.com/en-us/azure/azure-monitor/vm/monitor-vm-azure#collect-platform-metrics-and-activity-log "



azureauditdiag.png (163.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.