You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/essentials/diagnostic-settings-policy.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Create diagnostic settings at scale using Azure Policies and Initiatives
3
-
description: Use Azure Policy to create diagnostic settings in Azure Monitor to be created at scale as each Azure resource is created.
3
+
description: Use Azure Policy to create diagnostic settings in Azure Monitor at scale as each Azure resource is created.
4
4
author: EdB-MSFT
5
5
ms.author: edbaynash
6
6
services: azure-monitor
@@ -12,28 +12,28 @@ ms.reviewer: lualderm
12
12
13
13
# Create diagnostic settings at scale using Azure Policies and Initiatives
14
14
15
-
In order to monitor Azure resources, it is necessary to create [diagnostic settings](./diagnostic-settings.md) for each resource. This can be difficult to manage when you have many resources. To simplify the process of creating and applying diagnostic settings at scale, use Azure Policy to automatically generate diagnostic settings for both new and existing resources.
15
+
In order to monitor Azure resources, it's necessary to create [diagnostic settings](./diagnostic-settings.md) for each resource. This process can be difficult to manage when you have many resources. To simplify the process of creating and applying diagnostic settings at scale, use Azure Policy to automatically generate diagnostic settings for both new and existing resources.
16
16
17
-
Each Azure resource type has a unique set of categories that are listed in the diagnostic settings. Each resource type therefor requires a separate policy definition. Some resource types have built-in policy definitions that you can assign without modification. For other resource types, you can create a custom definition.
17
+
Each Azure resource type has a unique set of categories listed in the diagnostic settings. Each resource type therefore requires a separate policy definition. Some resource types have built-in policy definitions that you can assign without modification. For other resource types, you can create a custom definition.
18
18
19
19
## Log category groups
20
20
21
-
Log category groups, group together similar types of logs. Categrory groups make it easy to refer to multiple logs in a single command. An **allLogs** category group exists containg all of the logs. There is also an **audit** category group that includes all audit logs. By using to a category group, you can define a policy that dynamically updates as new log categories are added to group.
21
+
Log category groups, group together similar types of logs. Category groups make it easy to refer to multiple logs in a single command. An **allLogs** category group exists containing all of the logs. There's also an **audit** category group that includes all audit logs. By using to a category group, you can define a policy that dynamically updates as new log categories are added to group.
22
22
23
23
## Built-in policy definitions for Azure Monitor
24
-
There are generally three built-in policy definitions for each resource type, corresponding to the three destinations that diagnostics can be sent to:
24
+
There are generally three built-in policy definitions for each resource type, corresponding to the three destinations to send diagnostics to:
25
25
* Log Analytics workspaces
26
26
* Azure Storage accounts
27
27
* Event hubs
28
28
29
29
Assign the policies for the resource type according to which destinations you need.
30
30
31
-
A set of policies built-in policies and initiatives based on the audit log category groups have been developed to help you apply diagnostics settings with only a few steps. For more information see [Enable Diagnostics settings by category group using built-in policies.](./diagnostics-settings-policies-deployifnotexists.md)
31
+
A set of policies built-in policies and initiatives based on the audit log category groups have been developed to help you apply diagnostics settings with only a few steps. For more information, see [Enable Diagnostics settings by category group using built-in policies.](./diagnostics-settings-policies-deployifnotexists.md)
32
32
33
33
For a complete list of built-in policies for Azure Monitor, see [Azure Policy built-in definitions for Azure Monitor](../policy-reference.md)
34
34
35
35
## Custom policy definitions
36
-
For resource types that don't have a built-in policy, you need to create a custom policy definition. You could do this manually in the Azure portal by copying an existing built-in policy and then modifying it for your resource type. It's more efficient, though, to create the policy programmatically by using a script in the PowerShell Gallery.
36
+
For resource types that don't have a built-in policy, you need to create a custom policy definition. You could do create a new policy manually in the Azure portal by copying an existing built-in policy and then modifying it for your resource type. Alternatively, create the policy programmatically by using a script in the PowerShell Gallery.
37
37
38
38
The script [Create-AzDiagPolicy](https://www.powershellgallery.com/packages/Create-AzDiagPolicy) creates policy files for a particular resource type that you can install by using PowerShell or the Azure CLI. Use the following procedure to create a custom policy definition for diagnostic settings:
39
39
@@ -93,7 +93,7 @@ By using initiative parameters, you can specify the workspace or any other detai
93
93
94
94
95
95
## Remediation
96
-
The initiative will apply to each virtual machine as it's created. A [remediation task](../../governance/policy/how-to/remediate-resources.md) deploys the policy definitions in the initiative to existing resources, so you can create diagnostic settings for any resources that were already created.
96
+
The initiative will be applied to each virtual machine as it's created. A [remediation task](../../governance/policy/how-to/remediate-resources.md) deploys the policy definitions in the initiative to existing resources, so you can create diagnostic settings for any resources that were already created.
97
97
98
98
When you create the assignment by using the Azure portal, you have the option of creating a remediation task at the same time. See [Remediate non-compliant resources with Azure Policy](../../governance/policy/how-to/remediate-resources.md) for details on the remediation.
99
99
@@ -105,15 +105,15 @@ When you create the assignment by using the Azure portal, you have the option of
105
105
106
106
When deploying a diagnostic setting, you receive an error message, similar to *Metric category 'xxxx' is not supported*. You may receive this error even though your previous deployment succeeded.
107
107
108
-
The problem occurs when using a Resource Manager template, REST API, Azure CLI, or Azure PowerShell. Diagnostic settings created via the Azure portal are not affected as only the supported category names are presented.
108
+
The problem occurs when using a Resource Manager template, REST API, Azure CLI, or Azure PowerShell. Diagnostic settings created via the Azure portal aren't affected as only the supported category names are presented.
109
109
110
-
The problem is caused by a recent change in the underlying API. Metric categories other than 'AllMetrics' are not supported and never were except for a few specific Azure services. In the past, other category names were ignored when deploying a diagnostic setting. The Azure Monitor backend redirected these categories to 'AllMetrics'. As of February 2021, the backend was updated to specifically confirm the metric category provided is accurate. This change has caused some deployments to fail.
110
+
The problem is caused by a recent change in the underlying API. Metric categories other than 'AllMetrics' aren't supported and never were except for a few specific Azure services. In the past, other category names were ignored when deploying a diagnostic setting. The Azure Monitor backend redirected these categories to 'AllMetrics'. As of February 2021, the backend was updated to specifically confirm the metric category provided is accurate. This change has caused some deployments to fail.
111
111
112
112
If you receive this error, update your deployments to replace any metric category names with 'AllMetrics' to fix the issue. If the deployment was previously adding multiple categories, only one with the 'AllMetrics' reference should be kept. If you continue to have the problem, contact Azure support through the Azure portal.
113
113
114
114
### Setting disappears due to non-ASCII characters in resourceID
115
115
116
-
Diagnostic settings do not support resourceIDs with non-ASCII characters (for example, Preproducción). Since you cannot rename resources in Azure, your only option is to create a new resource without the non-ASCII characters. If the characters are in a resource group, you can move the resources under it to a new one. Otherwise, you'll need to recreate the resource.
116
+
Diagnostic settings don't support resourceIDs with non-ASCII characters (for example, Preproducción). Since you can't rename resources in Azure, your only option is to create a new resource without the non-ASCII characters. If the characters are in a resource group, you can move the resources under it to a new one. Otherwise, you'll need to recreate the resource.
0 commit comments