Closed neok-g closed 2 years ago
Any update on this one?
Hey @neok-g,
I will try and repro this today and then look at what fix is needed
Have deployed both AzFw Premium and Standard and have seen the following missing log categories causing this non-compliance
We will investigate and update the policy definition
I can confirm the first 3 log categories are set on my side as well. The policy uses existenceCondtion:
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
For my understanding if one of the log categories is disabled (false) then the overall Microsoft.Insights/diagnosticSettings/logs.enabled will be false and so the policy remains non-compliant? Is that how it works?
Correct, there are also a number of other categories to be added to the definition that I have fixed and will merge later today on PR #992
Describe the bug
I noticed that the following Enterprise Scale policy definition remains non-compliant after a remediation task has run:
Deploy Diagnostic Settings for Firewall to Log Analytics workspace
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
Diagnostic Setting should be created for Azure firewall and Azure firewall should be compliant
Screenshots 📷
If applicable, add screenshots to help explain your problem. Please feel free to blur/cover any sensitive information.
Correlation ID
A correlation ID really helps us investigate your issue further. Please provide one if possible. Details on how to find a correlation ID can be found here: Correlation ID and support
Additional context
Anything else we should know to help us troubleshoot this bug?