Enterprise-Scale
Enterprise-Scale copied to clipboard
Azure
Log categories "Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories."
The built-in policy Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories only checks the logcategories: "CoreAzureBackup", "AddonAzureBackupJobs", "AddonAzureBackupAlerts", "AddonAzureBackupPolicy", "AddonAzureBackupStorage", "AddonAzureBackupProtectedInstance"
However a recovery services vault has the following log categories available: AzureBackupReport CoreAzureBackup AddonAzureBackupJobs AddonAzureBackupAlerts AddonAzureBackupPolicy AddonAzureBackupStorage AddonAzureBackupProtectedInstance AzureSiteRecoveryJobs AzureSiteRecoveryEvents AzureSiteRecoveryReplicatedItems AzureSiteRecoveryReplicationStats AzureSiteRecoveryRecoveryPoints AzureSiteRecoveryReplicationDataUploadRate AzureSiteRecoveryProtectedDiskDataChurn Health
So this conflicts with the builtin policy Audit Diagnostic Settings which checks for all log categories. Please modify the policy "Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories." so that it inspects all log categories available for recovery services vault.
Hey @neok-g,
We are awaiting to review and merge PR #1022 before working on these. We hope to review and merge this PR this week.
this is some internal stuff for us syncing issues to our ADO instance. Please ignore
OK. So I understand that #1022 has been merged so now all these issues are being fixed? Is there a ETC available yet?
We are looking to get started on these soon, yes. No ETA to share at this time. But please feel free to also contribute if you have the time and wish too. If not, we will get to in the coming weeks
Yes I might have time to contribute the coming days but not sure how sure how this process works.
Hey @neok-g,
Im really sorry but ive just checked and this policy is infact a built-in policy, so please could you raise an issue on the "azure-policy" repo (https://github.com/Azure/azure-policy/issues) and link to this issue here for tracking.
Or we could consider adding a custom definition for it here in ALZ and then also changing the reference in our initiative.
You'll also need to add this new definition to this array
Really sorry for only just spotting this was a built-in. Let me know once created on the Azure Policy repo and I can follow up with the PG 👍
Hi @neok-g just in the way of an update, internal discussions are still ongoing regarding this across engineering teams and some progress has been made but nothing I can firm up but will keep you posted.
Hi @neok-g I've just heard back from the team responsible for this Policy and they are planning to work on this Q2 CY2023.
Further update on this, I've just spoken to the BCDR PM responsible for this and as part of plans to move diagnostic logs to resource-specific tables as per https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs#resource-specific these categories will be included, timescales for this being available are towards end of CY2023.
Just to provide an update on this, I connected with the engineering owner on this item and there is a dependency from another team meaning this has introduced a slip from planned date communicated in previous post (end of CY2023), it could still make this timescale but more realistically its likely CY2024 Q1.
Following up on previous updates I have spoken with the PM owner for this, they are code complete and on track.
One thing to note is that for ALZ we are working separately with diagnostic team on updated diag policies that allow you to choose either 'audit' or 'alllogs' so ALZ won't be catering for level of granularity by default moving forward but we will provide guidance on how to adopt this granularity should you require. cc: @Springstone