使用资源管理器模板在 Azure 中创建诊断设置Create diagnostic setting in Azure using a Resource Manager template

Azure Monitor 中的诊断设置指定 Azure 资源及其依赖的 Azure 平台所收集的平台日志的发送位置。Diagnostic settings in Azure Monitor specify where to send Platform logs that are collected by Azure resources and the Azure platform they depend on. 本文详细地举例说明了如何使用 Azure 资源管理器模板将诊断设置创建并配置为将平台日志收集到不同的目标。This article provides details and examples for using an Azure Resource Manager template to create and configure diagnostic settings to collect platform logs to different destinations.

Note

由于不能使用 PowerShell 或 CLI 为 Azure 活动日志创建诊断设置(例如其他 Azure 资源的诊断设置),因此请根据本文中的信息为活动日志创建资源管理器模板,并使用 PowerShell 或 CLI 部署模板。Since you can't create a diagnostic setting for the Azure Activity log using PowerShell or CLI like diagnostic settings for other Azure resources, create a Resource Manager template for the Activity log using the information in this article and deploy the template using PowerShell or CLI.

部署方法Deployment methods

可以使用任何有效的方法(包括 PowerShell 和 CLI)部署资源管理器模板。You can deploy Resource Manager templates using any valid method including PowerShell and CLI. 活动日志的诊断设置必须使用适用于 CLI 的 az deployment create 或 PowerShell 的 New-AzDeployment 部署到订阅。Diagnostic settings for Activity log must deploy to a subscription using az deployment create for CLI or New-AzDeployment for PowerShell. 资源日志的诊断设置必须使用适用于 CLI 的 az group deployment create 或 PowerShell 的 New-AzResourceGroupDeployment 部署到资源组。Diagnostic settings for resource logs must deploy to a resource group using az group deployment create for CLI or New-AzResourceGroupDeployment for PowerShell.

有关详细信息,请参阅使用资源管理器模板和 Azure PowerShell 部署资源使用资源管理器模板和 Azure CLI 部署资源See Deploy resources with Resource Manager templates and Azure PowerShell and Deploy resources with Resource Manager templates and Azure CLI for details.

资源日志Resource logs

对于资源日志,请将类型为 <resource namespace>/providers/diagnosticSettings 的资源添加到模板。For resource logs, add a resource of type <resource namespace>/providers/diagnosticSettings to the template. “属性”部分遵循诊断设置 - 创建或更新中所述的格式。The properties section follows the format described in Diagnostic Settings - Create Or Update. logs 部分中为要收集的资源提供每个有效类别的 categoryProvide a category in the logs section for each of the categories valid for the resource that you want to collect. 如果资源支持指标,则添加 metrics 属性以将资源指标收集到相同的目标。Add the metrics property to collect resource metrics to the same destinations if the resource supports metrics.

下面是一个模板,可将特定资源的资源日志类别收集到 Log Analytics 工作区、存储帐户和事件中心。Following is a template that collects a resource log category for a particular resource to a Log Analytics workspace, storage account, and event hub.

"resources": [
  {
    "type": "/<resource namespace>/providers/diagnosticSettings",
    "name": "[concat(parameters('resourceName'),'/microsoft.insights/', parameters('settingName'))]",
    "dependsOn": [
      "[<resource Id for which resource logs will be enabled>]"
    ],
    "apiVersion": "2017-05-01-preview",
    "properties": {
      "name": "[parameters('settingName')]",
      "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
      "eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",
      "eventHubName": "[parameters('eventHubName')]",
      "workspaceId": "[parameters('workspaceId')]",
      "logs": [
        {
          "category": "<category name>",
          "enabled": true
        }
      ],
      "metrics": [
        {
          "category": "AllMetrics",
          "enabled": true
        }
      ]
    }
  }
]

示例Example

下面是一个示例,该示例创建自动缩放设置的诊断设置,而该设置允许将资源日志流式传输到事件中心、存储帐户和 Log Analytics 工作区。Following is an example that creates a diagnostic setting for an autoscale setting that enables streaming of resource logs to an event hub, a storage account, and a Log Analytics workspace.

{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "autoscaleSettingName": {
            "type": "string",
            "metadata": {
                "description": "The name of the autoscale setting"
            }
        },
        "settingName": {
            "type": "string",
            "metadata": {
                "description": "The name of the diagnostic setting"
            }
        },
        "workspaceId": {
            "type": "string",
            "metadata": {
                "description": "ResourceIDl of the Log Analytics workspace in which resource logs should be saved."
            }
        },
        "storageAccountId": {
            "type": "string",
            "metadata": {
              "description": "ResourceID of the Storage Account in which resource logs should be saved."
            }
        },
        "eventHubAuthorizationRuleId": {
            "type": "string",
            "metadata": {
              "description": "Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
            }
        },
        "eventHubName": {
            "type": "string",
            "metadata": {
                "description": "Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category."
            }
        }
    },
    "variables": {},
    "resources": [
    {
      "type": "microsoft.insights/autoscalesettings/providers/diagnosticSettings",
      "apiVersion": "2017-05-01-preview",
      "name": "[concat(parameters('autoscaleSettingName'),'/microsoft.insights/', parameters('settingName'))]",
      "dependsOn": [
        "[resourceId('Microsoft.Insights/autoscalesettings', parameters('autoscaleSettingName'))]"
      ],
      "properties": {
        "workspaceId": "[parameters('workspaceId')]",
        "storageAccountId": "[parameters('storageAccountId')]",
        "eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",
        "eventHubName": "[parameters('eventHubName')]",
        "logs": [
          {
            "category": "AutoscaleScaleActions",
            "enabled": true
          },
          {
            "category": "AutoscaleEvaluations",
            "enabled": true
          }
        ]
      }
    }
  ]
}

活动日志Activity log

对于 Azure 活动日志,请添加一个 Microsoft.Insights/diagnosticSettings 类型的资源。For the Azure Activity log, add a resource of type Microsoft.Insights/diagnosticSettings. 可用类别在活动日志中的类别中列出。The available categories are listed in Categories in the Activity Log. 下面是一个模板,可将所有活动日志类别收集到 Log Analytics 工作区、存储帐户和事件中心。Following is a template that collects all Activity log categories to a Log Analytics workspace, storage account, and event hub.

{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "settingName": {
            "type": "string",
            "metadata": {
                "description": "The name of the diagnostic setting"
            }
        },
        "workspaceId": {
            "type": "string",
            "metadata": {
                "description": "ResourceID of the Log Analytics workspace in which resource logs should be saved."
            }
        },
        "storageAccountId": {
            "type": "string",
            "metadata": {
              "description": "ResourceID of the Storage Account in which resource logs should be saved."
            }
        },
        "eventHubAuthorizationRuleId": {
            "type": "string",
            "metadata": {
              "description": "Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
            }
        },
        "eventHubName": {
            "type": "string",
            "metadata": {
                "description": "Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category."
            }
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Insights/diagnosticSettings",
            "apiVersion": "2017-05-01-preview",
            "name": "[parameters('settingName')]",
            "location": "global",
            "properties": {
                "workspaceId": "[parameters('workspaceId')]",
                "storageAccountId": "[parameters('storageAccountId')]",
                "eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",
                "eventHubName": "[parameters('eventHubName')]",
                "logs": [
                    {
                        "category": "Administrative",
                        "enabled": true
                    },
                    {
                        "category": "Security",
                        "enabled": true
                    },
                    {
                        "category": "ServiceHealth",
                        "enabled": true
                    },
                    {
                        "category": "Alert",
                        "enabled": true
                    },
                    {
                        "category": "Recommendation",
                        "enabled": true
                    },
                    {
                        "category": "Policy",
                        "enabled": true
                    },
                    {
                        "category": "Autoscale",
                        "enabled": true
                    },
                    {
                        "category": "ResourceHealth",
                        "enabled": true
                    }
                ]
            }
        }
    ]
}

后续步骤Next steps