Used in 2 Policy Set(s):
• Enable allLogs category group resource logging for supported resources to Event Hub (85175a36-2f12-419a-96b4-18d5b0096531) [Monitoring] BuiltIn
• Enable audit category group resource logging for supported resources to Event Hub (1020d527-2764-4230-92cc-7035e4fcf8a7) [Monitoring] BuiltIn
thenExistenceCondition (5)
• 'Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId' (ref)
• 'Microsoft.Insights/diagnosticSettings/eventHubName' (ref)
• 'Microsoft.Insights/diagnosticSettings/logs[*]' (ref)
• 'Microsoft.Insights/diagnosticSettings/logs[*].enabled' (ref)
• 'microsoft.insights/diagnosticSettings/logs[*].categoryGroup' (ref)
{ "displayName": "Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Event Hub", "policyType": "BuiltIn", "mode": "Indexed", "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).", "metadata": { "category": "Monitoring", "version": "1.2.0" }, "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "DeployIfNotExists", "AuditIfNotExists", "Disabled" ], "defaultValue": "DeployIfNotExists" }, "diagnosticSettingName": { "type": "String", "metadata": { "displayName": "Diagnostic Setting Name", "description": "Diagnostic Setting Name" }, "defaultValue": "setByPolicy-EventHub" }, "categoryGroup": { "type": "String", "metadata": { "displayName": "Category Group", "description": "Diagnostic category group - none, audit, or allLogs." }, "allowedValues": [ "audit", "allLogs" ], "defaultValue": "audit" }, "resourceLocation": { "type": "String", "metadata": { "displayName": "Resource Location", "description": "Resource Location must be in the same location as the Event Hub Namespace.", "strongType": "location" } }, "eventHubAuthorizationRuleId": { "type": "String", "metadata": { "displayName": "Event Hub Authorization Rule Id", "description": "Event Hub Authorization Rule Id - the authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}", "strongType": "Microsoft.EventHub/Namespaces/AuthorizationRules", "assignPermissions": true } }, "eventHubName": { "type": "String", "metadata": { "displayName": "Event Hub Name", "description": "Event Hub Name." }, "defaultValue": "Monitoring" } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "microsoft.agfoodplatform/farmbeats" }, { "field": "location", "equals": "[parameters('resourceLocation')]" } ] }, "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/diagnosticSettings", "evaluationDelay": "AfterProvisioning", "existenceCondition": { "allOf": [ { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'audit')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "audit" } ] } }, "equals": 1 }, { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'allLogs')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "allLogs" } ] } }, "equals": 1 }, { "field": "Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId", "equals": "[parameters('eventHubAuthorizationRuleId')]" }, { "field": "Microsoft.Insights/diagnosticSettings/eventHubName", "equals": "[parameters('eventHubName')]" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "diagnosticSettingName": { "type": "string" }, "categoryGroup": { "type": "String" }, "eventHubName": { "type": "string" }, "eventHubAuthorizationRuleId": { "type": "string" }, "resourceLocation": { "type": "string" }, "resourceName": { "type": "string" } }, "variables": {}, "resources": [ { "type": "microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]", "location": "[parameters('resourceLocation')]", "properties": { "eventHubName": "[parameters('eventHubName')]", "eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]", "logs": [ { "categoryGroup": "audit", "enabled": "[equals(parameters('categoryGroup'), 'audit')]" }, { "categoryGroup": "allLogs", "enabled": "[equals(parameters('categoryGroup'), 'allLogs')]" } ], "metrics": [] } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats), resourceName ', parameters('resourceName'), ' to EventHub ', parameters('eventHubAuthorizationRuleId'), ':', parameters('eventHubName'), ' configured')]" } } }, "parameters": { "diagnosticSettingName": { "value": "[parameters('diagnosticSettingName')]" }, "categoryGroup": { "value": "[parameters('categoryGroup')]" }, "eventHubName": { "value": "[parameters('eventHubName')]" }, "eventHubAuthorizationRuleId": { "value": "[parameters('eventHubAuthorizationRuleId')]" }, "resourceLocation": { "value": "[field('location')]" }, "resourceName": { "value": "[field('name')]" } } } } } } } }
{"displayName":"Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).","metadata":{"category":"Monitoring","version":"1.2.0"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","AuditIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"diagnosticSettingName":{"type":"String","metadata":{"displayName":"Diagnostic Setting Name","description":"Diagnostic Setting Name"},"defaultValue":"setByPolicy-EventHub"},"categoryGroup":{"type":"String","metadata":{"displayName":"Category Group","description":"Diagnostic category group - none,audit,or allLogs."},"allowedValues":["audit","allLogs"],"defaultValue":"audit"},"resourceLocation":{"type":"String","metadata":{"displayName":"Resource Location","description":"Resource Location must be in the same location as the Event Hub Namespace.","strongType":"location"}},"eventHubAuthorizationRuleId":{"type":"String","metadata":{"displayName":"Event Hub Authorization Rule Id","description":"Event Hub Authorization Rule Id - the authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"eventHubName":{"type":"String","metadata":{"displayName":"Event Hub Name","description":"Event Hub Name."},"defaultValue":"Monitoring"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.agfoodplatform/farmbeats"},{"field":"location","equals":"[parameters('resourceLocation')]"}]},"then":{"effect":"[parameters('effect')]","details":{"type":"Microsoft.Insights/diagnosticSettings","evaluationDelay":"AfterProvisioning","existenceCondition":{"allOf":[{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'audit')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"audit"}]}},"equals":1},{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'allLogs')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"allLogs"}]}},"equals":1},{"field":"Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId","equals":"[parameters('eventHubAuthorizationRuleId')]"},{"field":"Microsoft.Insights/diagnosticSettings/eventHubName","equals":"[parameters('eventHubName')]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"diagnosticSettingName":{"type":"string"},"categoryGroup":{"type":"String"},"eventHubName":{"type":"string"},"eventHubAuthorizationRuleId":{"type":"string"},"resourceLocation":{"type":"string"},"resourceName":{"type":"string"}},"variables":{},"resources":[{"type":"microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings","apiVersion":"2021-05-01-preview","name":"[concat(parameters('resourceName'),'/','Microsoft.Insights/',parameters('diagnosticSettingName'))]","location":"[parameters('resourceLocation')]","properties":{"eventHubName":"[parameters('eventHubName')]","eventHubAuthorizationRuleId":"[parameters('eventHubAuthorizationRuleId')]","logs":[{"categoryGroup":"audit","enabled":"[equals(parameters('categoryGroup'),'audit')]"},{"categoryGroup":"allLogs","enabled":"[equals(parameters('categoryGroup'),'allLogs')]"}],"metrics":[]}}],"outputs":{"policy":{"type":"string","value":"[concat('Diagnostic setting ',parameters('diagnosticSettingName'),' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats),resourceName ',parameters('resourceName'),' to EventHub ',parameters('eventHubAuthorizationRuleId'),':',parameters('eventHubName'),' configured')]"}}},"parameters":{"diagnosticSettingName":{"value":"[parameters('diagnosticSettingName')]"},"categoryGroup":{"value":"[parameters('categoryGroup')]"},"eventHubName":{"value":"[parameters('eventHubName')]"},"eventHubAuthorizationRuleId":{"value":"[parameters('eventHubAuthorizationRuleId')]"},"resourceLocation":{"value":"[field('location')]"},"resourceName":{"value":"[field('name')]"}}}}}}}}
Used in 2 Policy Set(s):
• Enable allLogs category group resource logging for supported resources to Log Analytics (0884adba-2312-4468-abeb-5422caed1038) [Monitoring] BuiltIn
• Enable audit category group resource logging for supported resources to Log Analytics (f5b29bc4-feca-4cc6-a58a-772dd5e290a5) [Monitoring] BuiltIn
{ "displayName": "Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Log Analytics", "policyType": "BuiltIn", "mode": "Indexed", "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).", "metadata": { "category": "Monitoring", "version": "1.1.0" }, "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "DeployIfNotExists", "AuditIfNotExists", "Disabled" ], "defaultValue": "DeployIfNotExists" }, "diagnosticSettingName": { "type": "String", "metadata": { "displayName": "Diagnostic Setting Name", "description": "Diagnostic Setting Name" }, "defaultValue": "setByPolicy-LogAnalytics" }, "categoryGroup": { "type": "String", "metadata": { "displayName": "Category Group", "description": "Diagnostic category group - none, audit, or allLogs." }, "allowedValues": [ "audit", "allLogs" ], "defaultValue": "audit" }, "resourceLocationList": { "type": "Array", "metadata": { "displayName": "Resource Location List", "description": "Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)." }, "defaultValue": [ "*" ] }, "logAnalytics": { "type": "String", "metadata": { "displayName": "Log Analytics Workspace", "description": "Log Analytics Workspace", "strongType": "omsWorkspace", "assignPermissions": true } } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "microsoft.agfoodplatform/farmbeats" }, { "anyOf": [ { "value": "[first(parameters('resourceLocationList'))]", "equals": "*" }, { "field": "location", "in": "[parameters('resourceLocationList')]" } ] } ] }, "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/diagnosticSettings", "evaluationDelay": "AfterProvisioning", "existenceCondition": { "allOf": [ { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'audit')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "audit" } ] } }, "equals": 1 }, { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'allLogs')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "allLogs" } ] } }, "equals": 1 }, { "field": "Microsoft.Insights/diagnosticSettings/workspaceId", "equals": "[parameters('logAnalytics')]" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "diagnosticSettingName": { "type": "string" }, "logAnalytics": { "type": "string" }, "categoryGroup": { "type": "String" }, "resourceName": { "type": "string" } }, "variables": {}, "resources": [ { "type": "microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]", "properties": { "workspaceId": "[parameters('logAnalytics')]", "logs": [ { "categoryGroup": "audit", "enabled": "[equals(parameters('categoryGroup'), 'audit')]" }, { "categoryGroup": "allLogs", "enabled": "[equals(parameters('categoryGroup'), 'allLogs')]" } ], "metrics": [] } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats), resourceName ', parameters('resourceName'), ' to Log Analytics ', parameters('logAnalytics'), ' configured')]" } } }, "parameters": { "diagnosticSettingName": { "value": "[parameters('diagnosticSettingName')]" }, "logAnalytics": { "value": "[parameters('logAnalytics')]" }, "categoryGroup": { "value": "[parameters('categoryGroup')]" }, "resourceName": { "value": "[field('name')]" } } } } } } } }
{"displayName":"Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Log Analytics","policyType":"BuiltIn","mode":"Indexed","description":"Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).","metadata":{"category":"Monitoring","version":"1.1.0"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","AuditIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"diagnosticSettingName":{"type":"String","metadata":{"displayName":"Diagnostic Setting Name","description":"Diagnostic Setting Name"},"defaultValue":"setByPolicy-LogAnalytics"},"categoryGroup":{"type":"String","metadata":{"displayName":"Category Group","description":"Diagnostic category group - none,audit,or allLogs."},"allowedValues":["audit","allLogs"],"defaultValue":"audit"},"resourceLocationList":{"type":"Array","metadata":{"displayName":"Resource Location List","description":"Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)."},"defaultValue":["*"]},"logAnalytics":{"type":"String","metadata":{"displayName":"Log Analytics Workspace","description":"Log Analytics Workspace","strongType":"omsWorkspace","assignPermissions":true}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.agfoodplatform/farmbeats"},{"anyOf":[{"value":"[first(parameters('resourceLocationList'))]","equals":"*"},{"field":"location","in":"[parameters('resourceLocationList')]"}]}]},"then":{"effect":"[parameters('effect')]","details":{"type":"Microsoft.Insights/diagnosticSettings","evaluationDelay":"AfterProvisioning","existenceCondition":{"allOf":[{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'audit')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"audit"}]}},"equals":1},{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'allLogs')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"allLogs"}]}},"equals":1},{"field":"Microsoft.Insights/diagnosticSettings/workspaceId","equals":"[parameters('logAnalytics')]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"diagnosticSettingName":{"type":"string"},"logAnalytics":{"type":"string"},"categoryGroup":{"type":"String"},"resourceName":{"type":"string"}},"variables":{},"resources":[{"type":"microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings","apiVersion":"2021-05-01-preview","name":"[concat(parameters('resourceName'),'/','Microsoft.Insights/',parameters('diagnosticSettingName'))]","properties":{"workspaceId":"[parameters('logAnalytics')]","logs":[{"categoryGroup":"audit","enabled":"[equals(parameters('categoryGroup'),'audit')]"},{"categoryGroup":"allLogs","enabled":"[equals(parameters('categoryGroup'),'allLogs')]"}],"metrics":[]}}],"outputs":{"policy":{"type":"string","value":"[concat('Diagnostic setting ',parameters('diagnosticSettingName'),' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats),resourceName ',parameters('resourceName'),' to Log Analytics ',parameters('logAnalytics'),' configured')]"}}},"parameters":{"diagnosticSettingName":{"value":"[parameters('diagnosticSettingName')]"},"logAnalytics":{"value":"[parameters('logAnalytics')]"},"categoryGroup":{"value":"[parameters('categoryGroup')]"},"resourceName":{"value":"[field('name')]"}}}}}}}}
Used in 2 Policy Set(s):
• Enable allLogs category group resource logging for supported resources to storage (b6b86da9-e527-49de-ac59-6af0a9db10b8) [Monitoring] BuiltIn
• Enable audit category group resource logging for supported resources to storage (8d723fb6-6680-45be-9d37-b1a4adb52207) [Monitoring] BuiltIn
{ "displayName": "Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Storage", "policyType": "BuiltIn", "mode": "Indexed", "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).", "metadata": { "category": "Monitoring", "version": "1.1.0" }, "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "DeployIfNotExists", "AuditIfNotExists", "Disabled" ], "defaultValue": "DeployIfNotExists" }, "diagnosticSettingName": { "type": "String", "metadata": { "displayName": "Diagnostic Setting Name", "description": "Diagnostic Setting Name" }, "defaultValue": "setByPolicy-Storage" }, "categoryGroup": { "type": "String", "metadata": { "displayName": "Category Group", "description": "Diagnostic category group - none, audit, or allLogs." }, "allowedValues": [ "audit", "allLogs" ], "defaultValue": "audit" }, "resourceLocation": { "type": "String", "metadata": { "displayName": "Resource Location", "description": "Resource Location must be in the same location as the Storage Account.", "strongType": "location" } }, "storageAccount": { "type": "String", "metadata": { "displayName": "Storage Account", "description": "Full path (resourceId) to the storage account.", "assignPermissions": true } } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "microsoft.agfoodplatform/farmbeats" }, { "field": "location", "equals": "[parameters('resourceLocation')]" } ] }, "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/diagnosticSettings", "evaluationDelay": "AfterProvisioning", "existenceCondition": { "allOf": [ { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'audit')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "audit" } ] } }, "equals": 1 }, { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'allLogs')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "allLogs" } ] } }, "equals": 1 }, { "field": "Microsoft.Insights/diagnosticSettings/storageAccountId", "equals": "[parameters('storageAccount')]" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "diagnosticSettingName": { "type": "string" }, "categoryGroup": { "type": "String" }, "storageAccount": { "type": "string" }, "resourceLocation": { "type": "string" }, "resourceName": { "type": "string" } }, "variables": {}, "resources": [ { "type": "microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]", "location": "[parameters('resourceLocation')]", "properties": { "storageAccountId": "[parameters('storageAccount')]", "logs": [ { "categoryGroup": "audit", "enabled": "[equals(parameters('categoryGroup'), 'audit')]" }, { "categoryGroup": "allLogs", "enabled": "[equals(parameters('categoryGroup'), 'allLogs')]" } ], "metrics": [] } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats), resourceName ', parameters('resourceName'), ' to Storage Account ', parameters('storageAccount'), ' configured')]" } } }, "parameters": { "diagnosticSettingName": { "value": "[parameters('diagnosticSettingName')]" }, "categoryGroup": { "value": "[parameters('categoryGroup')]" }, "storageAccount": { "value": "[parameters('storageAccount')]" }, "resourceLocation": { "value": "[field('location')]" }, "resourceName": { "value": "[field('name')]" } } } } } } } }
{"displayName":"Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Storage","policyType":"BuiltIn","mode":"Indexed","description":"Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Azure FarmBeats (microsoft.agfoodplatform/farmbeats).","metadata":{"category":"Monitoring","version":"1.1.0"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","AuditIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"diagnosticSettingName":{"type":"String","metadata":{"displayName":"Diagnostic Setting Name","description":"Diagnostic Setting Name"},"defaultValue":"setByPolicy-Storage"},"categoryGroup":{"type":"String","metadata":{"displayName":"Category Group","description":"Diagnostic category group - none,audit,or allLogs."},"allowedValues":["audit","allLogs"],"defaultValue":"audit"},"resourceLocation":{"type":"String","metadata":{"displayName":"Resource Location","description":"Resource Location must be in the same location as the Storage Account.","strongType":"location"}},"storageAccount":{"type":"String","metadata":{"displayName":"Storage Account","description":"Full path (resourceId) to the storage account.","assignPermissions":true}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.agfoodplatform/farmbeats"},{"field":"location","equals":"[parameters('resourceLocation')]"}]},"then":{"effect":"[parameters('effect')]","details":{"type":"Microsoft.Insights/diagnosticSettings","evaluationDelay":"AfterProvisioning","existenceCondition":{"allOf":[{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'audit')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"audit"}]}},"equals":1},{"count":{"field":"Microsoft.Insights/diagnosticSettings/logs[*]","where":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].enabled","equals":"[equals(parameters('categoryGroup'),'allLogs')]"},{"field":"microsoft.insights/diagnosticSettings/logs[*].categoryGroup","equals":"allLogs"}]}},"equals":1},{"field":"Microsoft.Insights/diagnosticSettings/storageAccountId","equals":"[parameters('storageAccount')]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"diagnosticSettingName":{"type":"string"},"categoryGroup":{"type":"String"},"storageAccount":{"type":"string"},"resourceLocation":{"type":"string"},"resourceName":{"type":"string"}},"variables":{},"resources":[{"type":"microsoft.agfoodplatform/farmbeats/providers/diagnosticSettings","apiVersion":"2021-05-01-preview","name":"[concat(parameters('resourceName'),'/','Microsoft.Insights/',parameters('diagnosticSettingName'))]","location":"[parameters('resourceLocation')]","properties":{"storageAccountId":"[parameters('storageAccount')]","logs":[{"categoryGroup":"audit","enabled":"[equals(parameters('categoryGroup'),'audit')]"},{"categoryGroup":"allLogs","enabled":"[equals(parameters('categoryGroup'),'allLogs')]"}],"metrics":[]}}],"outputs":{"policy":{"type":"string","value":"[concat('Diagnostic setting ',parameters('diagnosticSettingName'),' for type Azure FarmBeats (microsoft.agfoodplatform/farmbeats),resourceName ',parameters('resourceName'),' to Storage Account ',parameters('storageAccount'),' configured')]"}}},"parameters":{"diagnosticSettingName":{"value":"[parameters('diagnosticSettingName')]"},"categoryGroup":{"value":"[parameters('categoryGroup')]"},"storageAccount":{"value":"[parameters('storageAccount')]"},"resourceLocation":{"value":"[field('location')]"},"resourceName":{"value":"[field('name')]"}}}}}}}}