Enable Diagnostics Logs for App Service using ARM Template - azure

I am trying to setup enable diagnostics logs for app service using portal, which is working fine as below :
The same settings i am trying create using ARM Template but it is not working.
My ARM Template looks like below :
Is there anything wrong with settings or any other ways to enable logs ?
Anyone help is appreciated.
Regards,
Dipti Mamidala

In the resources array of the resource for which you want to enable Diagnostic Logs, add a resource of type [resource namespace]/providers/diagnosticSettings.
Example :
"resources": [
{
"type": "providers/diagnosticSettings",
"name": "[concat('Microsoft.Insights/', parameters('settingName'))]",
"dependsOn": [
"[/*resource Id for which Diagnostic Logs will be enabled>*/]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "[parameters('settingName')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",
"eventHubName": "[parameters('eventHubName')]",
"workspaceId": "[parameters('workspaceId')]",
"logs": [
{
"category": "/* log category name */",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
}
}
]
Read more here in documentation
Update : To set the value of Web Server logging use the below example
"properties": {
"applicationLogs": {
"Storage": {
"level": "Verbose"
}
},
"httpLogs": {
"fileSystem": {
}
}
}
If you want Storage or fileSystem use any one of above

I got this working by setting the httpLogs and httpLoggingEnabled properties.
This is the config resource nested within a site resource:
"resources": [
{
"apiVersion": "2018-02-01",
"type": "config",
"name": "logs",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('name'))]"
],
"properties": {
"applicationLogs": {
"azureBlobStorage": {
"level": "information",
"retentionInDays": 15
}
},
"httpLogs": {
"fileSystem": {
"retentioninMb": 35,
"retentioninDays": 15,
"enabled": true
}
},
"requestTracingEnabled": true,
"requestTracingExpirationTime": "9999-12-31T23:59:00Z",
"remoteDebuggingEnabled": false,
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 34,
"detailedErrorLoggingEnabled": true
}
}
]

Related

Azure Gateway ARM template to configure diagnostic setting (Log Analytics workspace)

I am looking for ARM template that will help to configure (Log Analytics) diagnostic setting. Have search few templates but no hope. Tried by export template and also with Resource Explorer didn't find the diagnostic setting configurations. Please share your idea
Here is the ARM template which i am trying
"apiVersion": "2015-07-01",
"name": "[concat(parameters('applicationGateways_name'), '/Microsoft.Insights/service')]",
"type": "Microsoft.Network/applicationGateways/providers/diagnosticsettings",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/ApplicationGateways/', parameters('applicationGateways_name'))]"
],
"properties":{
"name":"DiagService",
"workspaceId":"[variables('workspaceId')]",
"logs":[
{
Where as for "type": "Microsoft.Network/applicationGateways/providers/diagnosticsettings" not deducting
I am trying to add in the existing workspace
it worked with the following changes
{
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('applicationGatewayName'), '/Microsoft.Insights/diagnosticSettings')]",
"type":"Microsoft.Network/applicationGateways/providers/diagnosticSettings",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/ApplicationGateways/', parameters('applicationGatewayName'))]"
],
"properties":{
"name":"Diag",
"workspaceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.operationalinsights/workspaces/', parameters('workspaceId'))]",
"logs":[
{
"category": "ApplicationGatewayAccessLog",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ApplicationGatewayPerformanceLog",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "ApplicationGatewayFirewallLog",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
}
}
Please NOTE Here I have used common workspace which created earlier
The ARM template is missing what kind of logs/metrics to send to the workspace. Try adding this in your section:
"logs": [
{
"category": "ApplicationGatewayAccessLog",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ApplicationGatewayPerformanceLog",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ApplicationGatewayFirewallLog",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"metrics": [
{
"category": "AllMetrics",
"timeGrain": "PT1M",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
Edit the retention as needed.

Enable azure diagonstic setting using ARM template for azure data factory,azure sql

When I am enabling the diagonstic setting fromt the azure portal for ADF & Azuresql, in the ARM template I am not able to find anything in ARM with respect to diagonstic setting.Similar way for keyvault and sql I need the ARM template for enabling the diagonstic setting.
I tried from my side for ADF since I new to ARM template I am not able to find the method for enabling the diagonstic setting.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"factoryName": {
"type": "string",
"metadata": {
"description": "The name of the Data Factory"
}
}
},
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[parameters('factoryName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
},
"resources": [
{
"type": "Microsoft.DataFactory/factories/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('factoryName'),'/microsoft.insights/', parameters('settingName'))]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('factoryName'))]"
],
"properties": {
"name": "[parameters('DS03')]",
"workspaceId": "[/subscriptions/3xxxxx-xxxxx-x-xxxx--xx/resourceGroups/BDAZxfdfG01]"
}
}
]
}
]
}
The ARM template above is creating the diagnostic settings; however it is not actually configuring the logging of anything. Add the following for all Data Factory metrics after your workspaceID property.
"logAnalyticsDestinationType": "Dedicated",
"logs": [
{
"category": "PipelineRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "TriggerRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ActivityRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"metrics": [
{
"category": "AllMetrics",
"timeGrain": "PT1M",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
Besides configuring the diagnostic settings what metrics and diagnostics must be select to send to log analytics. These fields align to those on the diagnostic blade:
The "logAnalyticsDestinationType": "Dedicated" is to ensure the logs go to their own table as opposed to the default AzureDiagnostic table. There is documented limitation in the original table.

enabling diagnostics in an Azure datafactory using arm template

I would like to enable diagnostics for Azure Datafactory using ARM-Template.
I have found this post and then I try to test my code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": { },
"variables": {},
"resources": [
{
"name": "test-adf2-we",
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"location": "West Europe",
"identity": {
"type": "SystemAssigned"
}
},
{
"name": "test-ala-we",
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2015-11-01-preview",
"location": "West Europe"
},
{
"type": "microsoft.datafactory/factories/providers/diagnosticsettings",
"name": "[concat('test-adf2-we','/Microsoft.Insights/diagnostics')]",
"location": "West Europe",
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "diagnostics",
"storageAccountId": null,
"eventHubAuthorizationRuleId": null,
"eventHubName": null,
"workspaceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-arm/providers/Microsoft.OperationalInsights/test-ala-we"
"logs": [
{
"category": "PipelineRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "TriggerRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ActivityRuns",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"metrics": [
{
"category": "AllMetrics",
"timeGrain": "PT1M",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
}
}
}
After running this code. I get this error:
Template deployment returned the following errors:
Resource microsoft.datafactory/factories/providers/diagnosticsettings 'test-adf2-we/Microsoft.Insights/diagnostics' failed with message '{
"code": "BadRequest",
"message": "\"Resource type 'microsoft.operationalinsights/test-ala-we' is invalid for property 'properties.workspaceId'. Expected types are 'microsoft.operationalinsights/workspaces'\""
}'
could you help me to fix this problem?
Be sure to add
"logAnalyticsDestinationType": "Dedicated"
Otherwise Log Analytics will write to the Default AzureDiagnostic Tables. This is Microsoft Best Practice when using Log Analytics since there is a hard stop at 500 columns in the AzureDiagnostics table. Once the 500 column threshold is met records won't be inserted into the table.
your resourceId is wrong, fix it like so:
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-arm/providers/Microsoft.OperationalInsights/workspaces/test-ala-we"
you left out workspaces (and this is what the error is telling you).

Azure template deployment for IoT Hub and diagnostics settings does not work

I'm using Azure RM Template deployments with a Visual Studio 2017 Resource Group project to deploy IoTHub instance with diagnostics settings in Log Analytics.
Deploying IoTHub alone is successful, the problem is with deployment of the Diagnostics Settings template.
I'm following the instructions for deploying Diagnostics Settings as Non-Compute resource template
The strange error that I receive is the following:
Error: Code=InvalidTemplate; Message=Deployment template validation
failed: 'The template resource 'Microsoft.Insights/BasicDiagnostics'
for type 'providers/diagnosticSettings' at line '69' and column '9'
has incorrect segment lengths. A nested resource type must have
identical number of segments as its resource name. A root resource
type must have segment length one greater than its resource name.
Why does it fail like this, even though I follow the documentation with the provided example?
Here are my template definitions:
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"sku": {
"name": "[parameters('sku.name')]",
"capacity": "[parameters('sku.units')]"
},
"name": "[parameters('iothubname')]",
"apiVersion": "2018-04-01",
"location": "[resourceGroup().location]",
"properties": {
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": "[parameters('endpoints.events.retention')]",
"partitionCount": "[parameters('endpoints.events.partitions')]"
},
"operationsMonitoringEvents": {
"retentionTimeInDays": "[parameters('endpoints.operationsMonitoringEvents.retention')]",
"partitionCount": "[parameters('endpoints.operationsMonitoringEvents.partitions')]"
}
},
"features": "[parameters('features')]"
}
},
{
"type": "providers/diagnosticSettings",
"name": "[concat('Microsoft.Insights/', parameters('iotHub.diagnostics.settingName'))]",
"dependsOn": [
"[resourceId('Microsoft.Devices/IoTHubs', parameters('iothubname'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "[parameters('iotHub.diagnostics.settingName')]",
"workspaceId": "[parameters('iotHub.diagnostics.workspaceId')]",
"logs": [
{
"category": "Connections",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "Configurations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "D2CTwinOperations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "C2DTwinOperations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
]
}
}
]
Any help much appreciated!
this needs to be a sub resource of the IOT hub, not a separate resource.
{
"type": "Microsoft.Devices/IotHubs",
"sku": {
"name": "[parameters('sku.name')]",
"capacity": "[parameters('sku.units')]"
},
"name": "[parameters('iothubname')]",
"apiVersion": "2018-04-01",
"location": "[resourceGroup().location]",
"properties": {
xxx
},
"features": "[parameters('features')]",
"resources": [
{
"type": "providers/diagnosticsSettings",
xxx
}
]
}
},

How to enable app-service-authentication and logging into a blob via ARM-Template?

How to enable app-service-authentication and logging into a blob via ARM-Template?
hello everybody, i have a question i want to activate the app-service-authentication for anonymous requests and also the logging of everything that could happen in the website into a blob of a storageaccount via the resource template. what should i add to the template-json-file to do that?
thanks for every help
Edit:
I found out something.
with this snippet it work but that are not the correct settings
"properties": {
"name": "<#= website.Name #>",
"siteConfig": {
"alwaysOn": true,
"siteAuthEnabled": true,
"siteAuthSettings": null,
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": true
},
now it looks like so:
but that is how it should be looking for:
According to your scenario, I have deployed my ARM template to enable Application Logging and Web server logging against Blob Storage, enable App Service Authentication and allow Anonymous requests for my Web App. Here are some detailed steps, you could refer to them.
1.Create Azure Resource Group project and add the Web App template;
2.Add "MONITORING > Diagnostic logs" configuration as follows:
3.Add "SETTINGS > Authentication/Authorization" configuration as follows:
4.Deploy the Web App and check it on Azure Portal:
Here is my website.json, you could refer to it.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteLogs"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "Error",
"sasUrl": "https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": false
},
"azureBlobStorage": {
"sasUrl":"https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"name": "authsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteAuthSettings"
},
"properties": {
"enabled": true,
"httpApiPrefixPath": null,
"unauthenticatedClientAction": 1,
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": 0,
"clientId": null,
"clientSecret": null,
"issuer": null,
"allowedAudiences": null,
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": [
""
],
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": [
""
]
}
}
]
}
]
}
Additionally, you could retrieve the configurations from resources.azure.com. Here is the screenshot for you to have a better understanding of the ARM template:
WebApp logging and authentication can be enabled via following resources in your template
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "off"
},
"azureTableStorage": {
"level": "off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "off",
"sasUrl": null,
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": true
},
"azureBlobStorage": {
"sasUrl": null,
"retentionInDays": null,
"enabled": false
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"apiVersion": "2015-08-01",
"name": "authsettings",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"enabled": false,
"isAadAutoProvisioned": false
}
}
If you are not sure, what values should be in template.
Do following:
Provision Web App through the portal
Enable necessary settings
Go to https://resources.azure.com/ and check how template is configured for your Web App
Make changes in your template json file
​Log all the things
You could enable Diagnostics Logging (https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log)
for your App Service and add it to your App Service Website by following this guide https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template
For a general logging solution that helps you keep track of (almost) everything that happens in an App Service web site you could use Application Insights (AI). You can add Application Insights to your ARM template by following this article https://learn.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template. This will help you setup AI for your web and define any specific tracking and telemetry you want to log.
Basically this is what you need to add to your ARM template in order to add AI to an App Service:
"resources": [
{
"apiVersion": "2014-08-01",
"location": "[parameters('appLocation')]",
"name": "[parameters('appName')]",
"type": "microsoft.insights/components",
"properties": {
"Application_Type": "[parameters('applicationType')]",
"ApplicationId": "[parameters('appName')]",
"Name": "[parameters('appName')]",
"Flow_Type": "Redfield",
"Request_Source": "IbizaAIExtension"
}
},
{
"name": "[variables('billingplan')]",
"type": "microsoft.insights/components/CurrentBillingFeatures",
"location": "[parameters('appLocation')]",
"apiVersion": "2015-05-01",
"dependsOn": [
"[resourceId('microsoft.insights/components', parameters('appName'))]"
],
"properties": {
"CurrentBillingFeatures": "[variables('pricePlan')]",
"DataVolumeCap": {
"Cap": "[parameters('dailyQuota')]",
"WarningThreshold": "[parameters('warningThreshold')]",
"ResetTime": "[parameters('dailyQuotaResetTime')]"
}
}
},
"__comment":"web test, alert, and any other resources go here"
]
Of course, you need to provide values for all the parameters and variables based on the price plan and quotas you want to set.
You could then setup Continuous Export (https://learn.microsoft.com/en-us/azure/application-insights/app-insights-export-telemetry) from AI to export all logged telemetry to a separate Azure Storage blob for long term retention of your logged data. Unfortunatelly you cannot setup Continuous Export from the ARM template, but it will likely be available soon: https://visualstudio.uservoice.com/forums/357324-application-insights/suggestions/13718607-enable-programatic-configuration-of-continuous-exp
Authenticate all the things
Setting up Authentication in your App Service you can specify the authentication options as properties for your WebSite resource. I suggest you start by configuring the desired authentication model using the portal or PowerShell first and then extract the template from the resulting deployment https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template as the actual properties and values to set are not well documented.
Creating an ARM template from the portal
You can do all the changes to your website, setup diagnostics directly in the portal and then extract a template that reflects what is currently deployed in that Resource Group.
Just go to your Resource Group and select Automation script, this will extract the template definition. It may not be the prettiest template or best structured, but it will contain your deployment (unless it shows a warning for some resources).

Resources