问题描述
我一直在努力让此策略完全检查 blob、文件、队列和表服务是否正确配置了诊断设置。最终结果是确保每个存储服务都将诊断日志发送到 StorageRead、StorageWrite 和 StorageDelete 类别的日志分析工作区。
请注意,这是使用 https://docs.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal
中描述的较新方法我一直试图解决的主要问题是在所有 blob 服务中检测这一点的逻辑。部署逻辑工作正常,它只是确保启用 blob、文件、队列和表服务的合规性检查部分。目前以下回报
No related resources match the effect details in the policy deFinition. (Error code: Not Found)
"policyRule": {
"if": {
"field": "type","equals": "Microsoft.Storage/storageAccounts"
},"then": {
"effect": "[parameters('effect')]","details": {
"type": "Microsoft.Insights/diagnosticSettings","existenceCondition": {
"allOf": [
{
"count": {
"field": "Microsoft.Insights/diagnosticSettings/logs[*]","where": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].category","in": [
"StorageRead","StorageWrite","StorageDelete"
]
},{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals": "[parameters('logsEnabled')]"
}
]
}
},"greater": 0
},{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId","equals": "[parameters('logAnalytics')]"
}
]
},解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)