question

YannickJanssens-4319 avatar image
0 Votes"
YannickJanssens-4319 asked stan commented

Is it possible to audit App Service Autoscale Diagnostic Settings via Policy?

We've got a bunch of App Services that have AutoScale-settings attached to them. They've got Diagnostic-Settings enabled in order to forward autoScaleActions and Evaluation Events to Log Analytics and a Storage Account. What I'd like to do is create Policy to check these settings in order to detect configuration drift (for example that it has to be sent to a specific Storage Account).

I've done something similar for http logging for Web Apps by creating the following rule:

"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Web/sites/config/logs.httpLogs.azureBlobStorage.sasUrl",
"exists": "True"
},
{
"field": "Microsoft.Web/sites/config/logs.httpLogs.azureBlobStorage.sasUrl",
"like": "[concat(parameters('StorageAccountURL'),'*')]"
}
]
}

However I'm having trouble finding the correct field for the diagnostic settings of the AutoScale. I know that AutoScale is part of Microsoft.Insights and not Microsoft.Web/ServerFarms but Resource Explorer doesn't show me anything related to Diagnostics Settings under Microsoft.Insights/AutoScaleSettings.

Any idea's or am I looking at it the wrong way?

azure-webappsazure-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

stan avatar image
0 Votes"
stan answered

Hi,
You can try some logic like the one below. It is not the full policy code, but I am sure you can figure it out depending on your requirements. Effect will be AuditIfNotExists.


 "if": {
         "field": "type",
         "equals": "Microsoft.Insights/autoscaleSettings"
       },
       "then": {
         "effect": "[parameters('effect')]",
         "details": {
           "type": "Microsoft.Insights/diagnosticSettings",
           "existenceCondition": {
             "count": {
               "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
               "where": {
                 "anyOf": [
                   {
                     "allOf": [
                       {
                         "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                         "equals": "true"
                       },
                       {
                         "anyOf": [
                           {
                             "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
                             "equals": "0"
                           },
                           {
                             "value": "[padLeft(current('Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days'), 3, '0')]",
                             "greaterOrEquals": "[padLeft(parameters('requiredRetentionDays'), 3, '0')]"
                           }
                         ]
                       },
                       {
                         "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
                         "equals": "true"
                       }
                     ]
                   },
                   {
                     "allOf": [
                       {
                         "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
                         "equals": "true"
                       },
                       {
                         "anyOf": [
                           {
                             "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                             "notEquals": "true"
                           },
                           {
                             "field": "Microsoft.Insights/diagnosticSettings/storageAccountId",
                             "exists": false
                           }
                         ]
                       }
                     ]
                   }
                 ]
               }
             },
             "greaterOrEquals": 1
           }


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YannickJanssens-4319 avatar image
0 Votes"
YannickJanssens-4319 answered stan commented

Hi @stan ,

Thank you very much for your answer. It put me on the right way and in the end I created the following DeployIfNotExists Policy... hopefully it can help someone else as well.

 {
   "if": {
     "allOf": [
       {
         "field": "type",
         "equals": "Microsoft.Insights/autoscaleSettings"
       }
     ]
   },
   "then": {
     "effect": "deployIfNotExists",
     "details": {
       "type": "Microsoft.Insights/diagnosticSettings",
       "roleDefinitionIds": [
         "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
       ],
       "existenceCondition": {
         "allOf": [
           {
             "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
             "equals": "True"
           },
           {
             "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
             "matchInsensitively": "[parameters('WorkspaceId')]"
           },
           {
             "field": "Microsoft.Insights/diagnosticSettings/StorageAccountId",
             "matchInsensitively": "[parameters('StorageAccountId')]"
           }
         ]
       },
       "deployment": {
         "properties": {
           "mode": "incremental",
           "template": {
             "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
             "contentVersion": "1.0.0.0",
             "parameters": {
               "RetentionDays": {
                 "type": "int"
               },
               "StorageAccountId": {
                 "type": "string"
               },
               "WorkspaceID": {
                 "type": "string"
               },
               "ScaleName": {
                 "type": "string"
               },
               "location": {
                 "type": "string"
               }
             },
             "variables": {},
               "resources": [
                 {
                   "type": "microsoft.insights/autoscalesettings/providers/diagnosticSettings",
                   "apiVersion": "2017-05-01-preview",
                   "name": "[concat(parameters('ScaleName'), '/', 'Microsoft.Insights/Logs')]",
                   "location": "[parameters('location')]",
                   "dependsOn": [],
                   "properties": {
                     "logs": [
                       {
                         "category": "AutoscaleEvaluations",
                         "enabled": true,
                         "retentionPolicy": {
                           "days": "[parameters('RetentionDays')]",
                           "enabled": true
                         }
                       },
                       {
                         "category": "AutoscaleScaleActions",
                         "enabled": true,
                         "retentionPolicy": {
                           "days": "[parameters('RetentionDays')]",
                           "enabled": true
                         }
                       }
                     ],
                     "storageAccountId": "[parameters('StorageAccountId')]",
                     "workspaceId": "[parameters('WorkspaceId')]",
                     "logAnalyticsDestinationType": null
                   }
                 }
               ]
             },
             "parameters": {
               "RetentionDays": {
                 "value": "[parameters('RetentionDays')]"
               },
               "StorageAccountId": {
                 "value": "[parameters('StorageAccountId')]"
               },
               "WorkspaceID": {
                 "value": "[parameters('WorkspaceId')]"
               },
               "ScaleName": {
                 "value": "[field('name')]"
               },
               "location": {
                 "value": "[field('location')]"
               }
             }
           }
         }
       }
     }
   }
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks for sharing it.

0 Votes 0 ·