Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Configure diagnostic settings

  1. Home
  3. Configure diagnostic settings

Go back to Tutorial

In this, we will learn about configuring diagnostic settings with enabling logging with Azure portal, storage. And, also about creating Azure portal for configuring diagnostic settings. However, with Azure diagnostic logs, you can view core analytics and save them into one or more destinations including:

  • Firstly, Azure Storage account
  • Secondly, Log Analytics workspace
  • Lastly, Azure Event Hubs

Diagnostics logs enable you to export basic use metrics from your CDN endpoint to a variety of sources, allowing you to consume them in a customizable manner. You can, however, export the following sorts of data:

  • Firstly, export data to blob storage, export to CSV, and generate graphs in Excel.
  • Then, export data to Event Hubs and correlate with data from other Azure services.
  • Lastly, export data to Azure Monitor logs and view data in your own Log Analytics workspace

Enable logging with the Azure portal

Follow these steps enable logging for your Azure CDN endpoint:

  • Firstly, sign in to the Azure portal.
  • Secondly, in the Azure portal, navigate to All resources -> your-cdn-profile
  • Thirdly, select the CDN endpoint for which you want to enable diagnostics logs:
  • Lastly, select Diagnostics logs in the Monitoring section

Enable logging with Azure Storage

To use a storage account to store the logs, follow these steps:

  • Firstly, for Diagnostic setting name, enter a name for your diagnostic log settings.
  • Secondly, select Archive to a storage account, then select CoreAnalytics.
  • Next, for Retention (days), choose the number of retention days.
  • Then, select the subscription and storage account for the logs.
  • Lastly, select Save.

Send to Log Analytics

To use Log Analytics for the logs, follow these steps:

  • Firstly, for Diagnostic setting name, enter a name for your diagnostic log settings.
  • Then, select Send to Log Analytics, then select CoreAnalytics.
  • Thirdly, select the subscription and Log Analytics workspace for the logs.
  • lastly, select Save.

Stream to an event hub

To use an event hub for the logs, follow these steps:

  • Firstly, for Diagnostic setting name, enter a name for your diagnostic log settings.
  • Then, select Stream to an event hub, then select CoreAnalytics.
  • Thirdly, select the subscription and event hub namespace for the logs.
  • Lastly, select Save.

Resource Manager template samples for diagnostic settings in Azure Monitor

Add a resource of type /providers/diagnostic settings to the template to establish a diagnostic setting for an Azure resource. Although certain resource types include examples, the same technique may be applied to other resource types. The collection of authorized logs and metrics, on the other hand, will differ depending on the resource type.

AZ-104 practice tests

Create diagnostic settings to send platform logs and metrics to different destinations

The Azure Activity log and resource logs, as well as other Azure platform logs, offer extensive diagnostic and auditing information for Azure resources and the Azure platform they rely on. By default, platform metrics are gathered and saved in the Azure Monitor metrics database.

Each Azure resource requires its own diagnostic setting, which defines the following criteria:

  • Firstly, categories of logs and metric data sent to the destinations defined in the setting. The available categories will vary for different resource types.
  • Secondly, one or more destinations to send the logs. Current destinations include Log Analytics workspace, Event Hubs, and Azure Storage.

Create in Azure portal

You can configure diagnostic settings in the Azure portal either from the Azure Monitor menu or from the menu for the resource.

  • Firstly, where you configure diagnostic settings in the Azure portal depends on the resource.
    • For a single resource, click Diagnostic settings under Monitor in the resource’s menu.
    • Next, for one or more resources, click Diagnostic settings under Settings in the Azure Monitor menu and then click on the resource.
    • For the Activity log, click Activity log in the Azure Monitor menu and then Diagnostic settings. Make sure you disable any legacy configuration for the Activity log. See Disable existing settings for details.
  • Secondly, if no settings exist on the resource you have selected, you are prompted to create a setting. Click Add diagnostic setting.
However, if there are existing settings on the resource, you see a list of settings already configured. Either click Add diagnostic setting to add a new setting or Edit setting to edit an existing one.
  • Thirdly, give your setting a name if it doesn’t already have one.
  • Next, category details (what to route) – Check the box for each category of data you want to send to destinations specified later. The list of categories varies for each Azure service.
    • AllMetrics routes a resource’s platform metrics into the Azure Logs store, but in log form. These metrics are usually sent only to the Azure Monitor metrics time-series database. Sending them to the Azure Monitor Logs store (which is searchable via Log Analytics) helps you to integrate them into queries which search across other logs.
    • Logs lists the different categories available depending on the resource type. Check any categories that you would like to route to a destination.
  • After that, destination details – Check the box for each destination. When you check each box, options appear to allow you to add additional information.
    • Log Analytics – Enter the subscription and workspace. If you don’t have a workspace, you need to create one before proceeding.
    • Event hubs – Specify the following criteria:
    • The subscription which the event hub is part of
      • The Event hub namespace – If you do not yet have one, you’ll need to create one
      • An Event hub name (optional) to send all data to. If you don’t specify a name, an event hub is created for each log category. If you are sending multiple categories, you may want to specify a name to limit the number of event hubs created.
    • Storage – Choose the subscription, storage account, and retention policy.
  • Lastly, click Save.

Create using PowerShell

To create a diagnostic setting using Azure PowerShell, use the Set-AzDiagnosticSetting cmdlet. The arguments of this cmdlet are described in the documentation.

Following is an example PowerShell cmdlet to create a diagnostic setting using all three destinations.

PowerShell
Set-AzDiagnosticSetting -Name KeyVault-Diagnostics -ResourceId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault -Category AuditEvent -MetricCategory AllMetrics -Enabled $true -StorageAccountId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount -WorkspaceId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/myworkspace -EventHubAuthorizationRuleId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.EventHub/namespaces/myeventhub/authorizationrules/RootManageSharedAccessKey

Create using Azure CLI

Use the az monitor diagnostic-settings create command to create a diagnostic setting with Azure CLI. See the documentation for this command for descriptions of its parameters.

Following is an example CLI command to create a diagnostic setting using all three destinations.

Azure CLI
az monitor diagnostic-settings create \
–name KeyVault-Diagnostics \
–resource /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault \
–logs ‘[{“category”: “AuditEvent”,”enabled”: true}]’ \
–metrics ‘[{“category”: “AllMetrics”,”enabled”: true}]’ \
–storage-account /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount \
–workspace /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/myworkspace \
–event-hub-rule /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.EventHub/namespaces/myeventhub/authorizationrules/RootManageSharedAccessKey

Configure diagnostic settings AZ-104 online course

Reference: Microsoft Documentation, Documentation 2, Documentation 3

Go back to Tutorial

Menu