In this article, I will share with you how to find the diagnostic settings configuration for all Azure resources in your Azure Subscription with PowerShell.
Contents of this Article
Introduction
Platform logs in Azure provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. They are automatically generated although you need to configure certain platform logs to be forwarded to one or more destinations to be retained. Current destinations include Log Analytics workspace, Event Hubs, and Azure Storage.
The platform logs include Azure resources (resource logs), Azure Subscription (Activity logs), and Azure Tenant (Azure Active Directory logs). And each Azure resource requires its own diagnostic setting, which defines the following criteria:
- Categories of logs and metric data sent to the destinations defined in the setting. The available categories will vary for different resource types.
- You can send the logs to one or more of the 3 destinations below depending on your monitoring requirements.
- Storage account
- Event Hub
- Log Analytics workspace
Please note that a single diagnostic setting can define only one of each of the destinations. If you want to send the logs to more than one of a particular destination type (for example, two different storage accounts), then you need to create multiple diagnostic settings. At the time of this writing, each resource can have up to 5 diagnostic settings.
I have recently come across a challenging scenario where I want to find the diagnostic settings configuration for all my Azure resources which reside in multiple Azure subscriptions. And some Azure resources have more than one diagnostic settings configured as well.
After some digging, I’ve found that I can pull the diagnostics settings configuration for each Azure resource with PowerShell.
In this article, I will share with you the PowerShell script that helped me to pull out all the diagnostics settings configuration for all my Azure resources.
Get Azure Diagnostic Settings Configuration
Assuming you have the right permissions and the latest AZ and AZ Monitor PowerShell module installed, log in with Connect-AzAccount if NOT using Cloud Shell and run the following script:
<#
.Synopsis
A script used to export diagnostics settings configuration for all Azure resources.
.DESCRIPTION
A script used to find and export diagnostics settings configuration for Azure resources in all Azure Subscriptions.
Finally, it will save the report as text file for each Azure Subscription.
.Notes
Created : 2020-11-16
Version : 1.0
Author : Charbel Nemnom
Twitter : @CharbelNemnom
Blog : https://charbelnemnom.com
Disclaimer: This script is provided "AS IS" with no warranties.
#>
# Login with Connect-AzAccount if not using Cloud Shell
Connect-AzAccount
# Get all Azure Subscriptions
$azSubs = Get-AzSubscription
# Loop through all Azure Subscriptions
foreach ($azSub in $azSubs) {
Set-AzContext $azSub.id | Out-Null
# Set array
$azlogs = @()
# Get all Azure resources deployed in each Subscription
$azResources = Get-AZResource
# Get all Azure resources which have Diagnostic settings enabled and configured
foreach ($azResource in $azResources) {
$resourceId = $azResource.ResourceId
$azDiagSettings = Get-AzDiagnosticSetting -ResourceId $resourceId | Where-Object {$_.Id -ne $NULL}
foreach ($azDiag in $azDiagSettings) {
If ($azDiag.StorageAccountId) {
[string]$storage = $azDiag.StorageAccountId
[string]$storageAccount = $storage.Split('/')[-1]
}
If ($azDiag.WorkspaceId) {
[string]$workspace = $azDiag.WorkspaceId
[string]$logAnalytics = $workspace.Split('/')[-1]
}
If ($azDiag.EventHubAuthorizationRuleId) {
[string]$eHub = $azDiag.EventHubAuthorizationRuleId
[string]$eventHub = $eHub.Split('/')[-3]
}
[string]$resource = $azDiag.id
[string]$resourceName = $resource.Split('/')[-5]
$azlogs += @($("Diagnostic setting name: " + $azDiag.Name), ("Azure Resource name: " + $resourceName), `
("Logs: " + $azDiag.Logs), ("Metrics: " + $azDiag.Metrics), `
("Storage Account Name: " + $storageAccount), ("Log Analytics workspace: " + $logAnalytics), `
("Event Hub Namespace: " + $eventHub))
$azlogs += @(" ")
}
}
# Save Diagnostic settings report for each Azure Subscription
$azSubName = $azSub.Name
$azlogs > .\$azSubName.txt
}
From the example above, I am pulling the following information:
- Diagnostic Settings Name
- Azure Resource Name
- Logs
- Enabled (True or False)
- Category
- Retention Policy
- Metrics
- Enabled (True or False)
- Category
- Retention Policy
- Storage account Name
- Log Analytics Workspace
- Event Hub Namespace
The Diagnostic settings configuration report will be saved in the current working path following the Azure Subscription name.
In my example, the output looks like this.
That’s it there you have it!
Please note that this approach is not perfect in any way, but I think it serves its purpose. You could export all the records to a CSV file for easy reading instead of text file, and so on.
I am planning to improve this tool in the future. If you have any feedback or changes that everyone should receive, please feel free to share your thoughts in the comment section below.
Summary
In this article, I showed you how to find the diagnostic settings configuration for all Azure resources in your subscription with Azure PowerShell.
To learn more about diagnostic settings, please check the official documentation from Microsoft here.
To learn more about the Azure resource logs, please check the official documentation from Microsoft here.
To learn more about the Azure Activity log, please check the official documentation from Microsoft here.
__
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.
-Charbel Nemnom-