Esempi di modelli di Resource Manager per le impostazioni di diagnostica in Monitoraggio di Azure

Questo articolo include esempi di modelli di Azure Resource Manager per creare impostazioni di diagnostica per una risorsa di Azure. Ogni esempio include un file modello e un file di parametri con valori di esempio da fornire al modello.

Per creare un'impostazione di diagnostica per una risorsa di Azure, aggiungere una risorsa di tipo <resource namespace>/providers/diagnosticSettings al modello. Questo articolo fornisce esempi per alcuni tipi di risorse, ma è possibile applicare lo stesso modello ad altri tipi. La raccolta di metriche e log consentiti può variare per ogni tipo di risorsa.

Nota

Vedere Esempi di Azure Resource Manager per Monitoraggio di Azure per un elenco di esempi disponibili e indicazioni sulla distribuzione nella sottoscrizione di Azure.

Impostazione di diagnostica per un log attività

Nell'esempio seguente viene creata un'impostazione di diagnostica per un log attività aggiungendo una risorsa di tipo Microsoft.Insights/diagnosticSettings al modello.

Importante

Le impostazioni di diagnostica per i log attività vengono create per una sottoscrizione, non per un gruppo di risorse come le impostazioni per le risorse di Azure. Per distribuire il modello di Resource Manager, usare New-AzSubscriptionDeployment PowerShell o az deployment sub create per l'interfaccia della riga di comando di Azure.

File modello

targetScope = 'subscription'

@description('The name of the diagnostic setting.')
param settingName string

@description('The resource Id for the workspace.')
param workspaceId string

@description('The resource Id for the storage account.')
param storageAccountId string

@description('The resource Id for the event hub authorization rule.')
param eventHubAuthorizationRuleId string

@description('The name of the event hub.')
param eventHubName string

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'Administrative'
        enabled: true
      }
      {
        category: 'Security'
        enabled: true
      }
      {
        category: 'ServiceHealth'
        enabled: true
      }
      {
        category: 'Alert'
        enabled: true
      }
      {
        category: 'Recommendation'
        enabled: true
      }
      {
        category: 'Policy'
        enabled: true
      }
      {
        category: 'Autoscale'
        enabled: true
      }
      {
        category: 'ResourceHealth'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "settingName": {
      "value": "Send to all locations"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "my-eventhub"
    }
  }
}

Impostazione di diagnostica per Esplora dati di Azure

Nell'esempio seguente viene creata un'impostazione di diagnostica per un cluster di Esplora dati di Azure aggiungendo una risorsa di tipo Microsoft.Kusto/clusters/providers/diagnosticSettings al modello.

File modello

param clusterName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource cluster 'Microsoft.Kusto/clusters@2022-02-01' existing = {
  name: clusterName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: cluster
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    metrics: []
    logs: [
      {
        category: 'Command'
        categoryGroup: null
        enabled: true
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'Query'
        categoryGroup: null
        enabled: true
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'Journal'
        categoryGroup: null
        enabled: true
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'SucceededIngestion'
        categoryGroup: null
        enabled: false
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'FailedIngestion'
        categoryGroup: null
        enabled: false
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'IngestionBatching'
        categoryGroup: null
        enabled: false
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'TableUsageStatistics'
        categoryGroup: null
        enabled: false
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
      {
        category: 'TableDetails'
        categoryGroup: null
        enabled: false
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "clusterName": {
      "value": "kustoClusterName"
    },
    "diagnosticSettingName": {
      "value": "A new Diagnostic Settings configuration"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "myEventhub"
    }
  }
}

File modello: Abilitazione del gruppo di categorie 'audit'

param clusterName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource cluster 'Microsoft.Kusto/clusters@2022-02-01' existing = {
  name: clusterName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: cluster
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: null
        categoryGroup: 'audit'
        enabled: true
        retentionPolicy: {
          enabled: false
          days: 0
        }
      }
    ]
  }
}

Impostazione di diagnostica per Azure Key Vault

Nell'esempio seguente viene creata un'impostazione di diagnostica per un'istanza di Azure Key Vault aggiungendo una risorsa di tipo Microsoft.KeyVault/vaults/providers/diagnosticSettings al modello.

Importante

Per Azure Key Vault, l'hub eventi deve trovarsi nella stessa area dell'insieme di credenziali delle chiavi.

File modello

@description('The name of the diagnostic setting.')
param settingName string

@description('The name of the key vault.')
param vaultName string

@description('The resource Id of the workspace.')
param workspaceId string

@description('The resource Id of the storage account.')
param storageAccountId string

@description('The resource Id for the event hub authorization rule.')
param eventHubAuthorizationRuleId string

@description('The name of the event hub.')
param eventHubName string

resource vault 'Microsoft.KeyVault/vaults@2021-11-01-preview' existing = {
  name: vaultName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: vault
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'AuditEvent'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'AllMetrics'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "settingName": {
        "value": "Send to all locations"
    },
    "vaultName": {
      "value": "MyVault"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "my-eventhub"
    }
  }
}

Impostazione di diagnostica per Azure SQL database

Nell'esempio seguente viene creata un'impostazione di diagnostica per un'istanza di Azure SQL Database aggiungendo una risorsa di tipo microsoft.sql/servers/databases/providers/diagnosticSettings al modello.

File modello

@description('The name of the diagnostic setting.')
param settingName string

@description('The name of the Azure SQL database server.')
param serverName string

@description('The name of the SQL database.')
param dbName string

@description('The resource Id of the workspace.')
param workspaceId string

@description('The resource Id of the storage account.')
param storageAccountId string

@description('The resource Id of the event hub authorization rule.')
param eventHubAuthorizationRuleId string

@description('The name of the event hub.')
param eventHubName string

resource dbServer 'Microsoft.Sql/servers@2021-11-01-preview' existing = {
  name: serverName
}

resource db 'Microsoft.Sql/servers/databases@2021-11-01-preview' existing = {
  parent: dbServer
  name: dbName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: db
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'SQLInsights'
        enabled: true
      }
      {
        category: 'AutomaticTuning'
        enabled: true
      }
      {
        category: 'QueryStoreRuntimeStatistics'
        enabled: true
      }
      {
        category: 'QueryStoreWaitStatistics'
        enabled: true
      }
      {
        category: 'Errors'
        enabled: true
      }
      {
        category: 'DatabaseWaitStatistics'
        enabled: true
      }
      {
        category: 'Timeouts'
        enabled: true
      }
      {
        category: 'Blocks'
        enabled: true
      }
      {
        category: 'Deadlocks'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'Basic'
        enabled: true
      }
      {
        category: 'InstanceAndAppAdvanced'
        enabled: true
      }
      {
        category: 'WorkloadManagement'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "settingName": {
        "value": "Send to all locations"
    },
    "serverName": {
      "value": "MySqlServer"
    },
    "dbName": {
      "value": "MySqlDb"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "my-eventhub"
    }
  }
}

Impostazione di diagnostica per Istanza gestita di SQL di Azure

Nell'esempio seguente viene creata un'impostazione di diagnostica per un'istanza di Istanza gestita di SQL di Azure aggiungendo una risorsa di tipo microsoft.sql/managedInstances/providers/diagnosticSettings al modello.

File modello

param sqlManagedInstanceName string
param diagnosticSettingName string
param diagnosticWorkspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource instance 'Microsoft.Sql/managedInstances@2021-11-01-preview' existing = {
  name: sqlManagedInstanceName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: diagnosticSettingName
  scope: instance
  properties: {
    workspaceId: diagnosticWorkspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'ResourceUsageStats'
        enabled: true
      }
      {
        category: 'DevOpsOperationsAudit'
        enabled: true
      }
      {
        category: 'SQLSecurityAuditEvents'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "sqlManagedInstanceName": {
        "value": "MyInstanceName"
    },
    "diagnosticSettingName": {
        "value": "Send to all locations"
    },
    "diagnosticWorkspaceId": {
        "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
        "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
        "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
        "value": "myEventhub"
    }
  }
}

Impostazione di diagnostica per un'istanza gestita di Azure SQL Database

Nell'esempio seguente viene creata un'impostazione di diagnostica per un'istanza gestita di Azure SQL Database aggiungendo una risorsa di tipo microsoft.sql/managedInstances/databases/providers/diagnosticSettings al modello.

File modello

param sqlManagedInstanceName string
param sqlManagedDatabaseName string
param diagnosticSettingName string
param diagnosticWorkspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource dbInstance 'Microsoft.Sql/managedInstances@2021-11-01-preview' existing = {
  name:sqlManagedInstanceName
}

resource db 'Microsoft.Sql/managedInstances/databases@2021-11-01-preview' existing = {
  name: sqlManagedDatabaseName
  parent: dbInstance
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: diagnosticSettingName
  scope: db
  properties: {
    workspaceId: diagnosticWorkspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'SQLInsights'
        enabled: true
      }
      {
        category: 'QueryStoreRuntimeStatistics'
        enabled: true
      }
      {
        category: 'QueryStoreWaitStatistics'
        enabled: true
      }
      {
        category: 'Errors'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "sqlManagedInstanceName": {
      "value": "MyInstanceName"
    },
    "sqlManagedDatabaseName": {
      "value": "MyManagedDatabaseName"
    },
    "diagnosticSettingName": {
      "value": "Send to all locations"
    },
    "diagnosticWorkspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "myEventhub"
    }
  }
}

Impostazione di diagnostica per l'insieme di credenziali di Servizi di ripristino

L'esempio seguente crea un'impostazione di diagnostica per un insieme di credenziali di Servizi di ripristino aggiungendo una risorsa di tipo microsoft.recoveryservices/vaults/providers/diagnosticSettings al modello. Questo esempio specifica la modalità di raccolta descritta in Log delle risorse di Azure. Specificare Dedicated o AzureDiagnostics per la proprietà logAnalyticsDestinationType.

File modello

param recoveryServicesName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource vault 'Microsoft.RecoveryServices/vaults@2021-08-01' existing = {
  name: recoveryServicesName
}

resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: vault
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'AzureBackupReport'
        enabled: false
      }
      {
        category: 'CoreAzureBackup'
        enabled: true
      }
      {
        category: 'AddonAzureBackupJobs'
        enabled: true
      }
      {
        category: 'AddonAzureBackupAlerts'
        enabled: true
      }
      {
        category: 'AddonAzureBackupPolicy'
        enabled: true
      }
      {
        category: 'AddonAzureBackupStorage'
        enabled: true
      }
      {
        category: 'AddonAzureBackupProtectedInstance'
        enabled: true
      }
      {
        category: 'AzureSiteRecoveryJobs'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryEvents'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryReplicatedItems'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryReplicationStats'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryRecoveryPoints'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryReplicationDataUploadRate'
        enabled: false
      }
      {
        category: 'AzureSiteRecoveryProtectedDiskDataChurn'
        enabled: false
      }
    ]
    logAnalyticsDestinationType: 'Dedicated'
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "settingName": {
      "value": "Send to all locations"
    },
    "recoveryServicesName": {
      "value": "my-vault"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "my-eventhub"
    }
  }
}

Impostazione di diagnostica per un'area di lavoro Log Analytics

Nell'esempio seguente viene creata un'impostazione di diagnostica per un'area di lavoro Log Analytics aggiungendo una risorsa di tipo Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings al modello. In questo esempio, i dati di controllo sulle query eseguite nell'area di lavoro vengono inviati alla stessa area di lavoro.

File modello

param workspaceName string
param settingName string
param workspaceId string
param storageAccountId string
param eventHubAuthorizationRuleId string
param eventHubName string

resource workspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = {
  name: workspaceName
}
resource setting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: workspace
  properties: {
    workspaceId: workspaceId
    storageAccountId: storageAccountId
    eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
    eventHubName: eventHubName
    logs: [
      {
        category: 'Audit'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "settingName": {
        "value": "Send to all locations"
    },
    "workspaceName": {
      "value": "MyWorkspace"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    },
    "storageAccountId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
    },
    "eventHubAuthorizationRuleId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup/providers/Microsoft.EventHub/namespaces/MyNameSpace/authorizationrules/RootManageSharedAccessKey"
    },
    "eventHubName": {
      "value": "my-eventhub"
    }
  }
}

Impostazione di diagnostica per Archiviazione di Azure

L'esempio seguente crea un'impostazione di diagnostica per ogni endpoint del servizio di archiviazione disponibile nell'account di archiviazione di Azure. Un'impostazione viene applicata a ogni singolo servizio di archiviazione disponibile nell'account. I servizi di archiviazione disponibili dipendono dal tipo di account di archiviazione.

Questo modello crea un'impostazione di diagnostica per un servizio di archiviazione nell'account solo se esiste per l'account. Per ogni servizio disponibile, l'impostazione di diagnostica abilita le metriche delle transazioni e la raccolta di log delle risorse per le operazioni di lettura, scrittura ed eliminazione.

File modello

main.bicep

param storageAccountName string
param settingName string
param storageSyncName string
param workspaceId string

module nested './module.bicep' = {
  name: 'nested'
  params: {
    endpoints: reference(resourceId('Microsoft.Storage/storageAccounts', storageAccountName), '2019-06-01', 'Full').properties.primaryEndpoints
    settingName: settingName
    storageAccountName: storageAccountName
    storageSyncName: storageSyncName
    workspaceId: workspaceId
  }
}

module.bicep

param endpoints object
param settingName string
param storageAccountName string
param storageSyncName string
param workspaceId string

var hasblob = contains(endpoints, 'blob')
var hastable = contains(endpoints, 'table')
var hasfile = contains(endpoints, 'file')
var hasqueue = contains(endpoints, 'queue')

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
  name: storageAccountName
}

resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: settingName
  scope: storageAccount
  properties: {
    workspaceId: workspaceId
    storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
    metrics: [
      {
        category: 'Transaction'
        enabled: true
      }
    ]
  }
}

resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
  name:'default'
  parent:storageAccount
}

resource blobSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasblob) {
  name: settingName
  scope: blob
  properties: {
    workspaceId: workspaceId
    storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
    logs: [
      {
        category: 'StorageRead'
        enabled: true
      }
      {
        category: 'StorageWrite'
        enabled: true
      }
      {
        category: 'StorageDelete'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'Transaction'
        enabled: true
      }
    ]
  }
}

resource table 'Microsoft.Storage/storageAccounts/tableServices@2021-09-01' existing = {
  name:'default'
  parent:storageAccount
}

resource tableSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hastable) {
  name: settingName
  scope: table
  properties: {
    workspaceId: workspaceId
    storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
    logs: [
      {
        category: 'StorageRead'
        enabled: true
      }
      {
        category: 'StorageWrite'
        enabled: true
      }
      {
        category: 'StorageDelete'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'Transaction'
        enabled: true
      }
    ]
  }
}

resource file 'Microsoft.Storage/storageAccounts/fileServices@2021-09-01' existing = {
  name:'default'
  parent:storageAccount
}

resource fileSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasfile) {
  name: settingName
  scope: file
  properties: {
    workspaceId: workspaceId
    storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
    logs: [
      {
        category: 'StorageRead'
        enabled: true
      }
      {
        category: 'StorageWrite'
        enabled: true
      }
      {
        category: 'StorageDelete'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'Transaction'
        enabled: true
      }
    ]
  }
}

resource queue 'Microsoft.Storage/storageAccounts/queueServices@2021-09-01' existing = {
  name:'default'
  parent:storageAccount
}


resource queueSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (hasqueue) {
  name: settingName
  scope: queue
  properties: {
    workspaceId: workspaceId
    storageAccountId: resourceId('Microsoft.Storage/storageAccounts', storageSyncName)
    logs: [
      {
        category: 'StorageRead'
        enabled: true
      }
      {
        category: 'StorageWrite'
        enabled: true
      }
      {
        category: 'StorageDelete'
        enabled: true
      }
    ]
    metrics: [
      {
        category: 'Transaction'
        enabled: true
      }
    ]
  }
}

File di parametri

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountName": {
      "value": "mymonitoredstorageaccount"
    },
    "settingName": {
      "value": "Send to all locations"
    },
    "storageSyncName": {
      "value": "mystorageaccount"
    },
    "workspaceId": {
      "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup/providers/microsoft.operationalinsights/workspaces/MyWorkspace"
    }
  }
}

Passaggi successivi