Closed NucLabs closed 3 months ago
Closing this as we've deprecated all our diagnostic settings policies and shifted to the PG owned initiative to do the same. Please review https://aka.ms/alz/whatsnew for details.
If you find gaps in diagnostic settings coverage, please add the missing services to this discussion: #1644 as this is where we will track this going forward.
Describe the bug The policy Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (Deploy-Diagnostics-ACI) configures only metrics to be sent to log analytics. Logs are not configured. We found this because the builtin policy Audit diagnostic setting for selected resource types (7f89b1eb-583c-429a-8828-af049802c1d9), which is part of the compliance policy set we have assigned, audits the resource as non-compliant
Steps to reproduce Assign both mentioned policies to a RG and create a container instance. After remediation Deploy Diagnostic Settings for Container Instances to Log Analytics workspace is compliant. The auditing policy is not, because the log are not configured to be sent to log analytics
Diagnostic settings for a container group are not visible in the portal, but with the help of pwsh I found out that two log categories are available: ContainerInstanceLog and ContainerEvent
I created a version of the policy in which the log settings are deployed, satisfying the audit policy