Monitoring log profile without all activities

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 89f84a1e-75f8-47c5-83b5-bee8e2de4168

Cloud Provider: Azure

Platform: Ansible

Severity: Medium

Category: Observability

Learn More

Description

Monitor log profiles must include the Write, Action, and Delete categories so Azure records operations, configuration changes, and deletions. These records support detection, auditing, and forensic investigations.

In Ansible tasks using azure.azcollection.azure_rm_monitorlogprofile (or azure_rm_monitorlogprofile), the categories property must be defined as a list and include the values Write, Action, and Delete (case-insensitive). Tasks missing the categories property or omitting any of these categories are flagged.

Secure configuration example:

- name: Create monitor log profile
  azure_rm_monitorlogprofile:
    name: myLogProfile
    categories:
      - Write
      - Action
      - Delete
    locations:
      - eastus
    retention_policy:
      enabled: false

Compliant Code Examples

- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
    - eastus
    - westus
    categories:
    - Write
    - Action
    - Delete
    retention_policy:
      enabled: false
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

Non-Compliant Code Examples

---
- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    categories:
      - Write
      - Action
    retention_policy:
      enabled: False
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

- name: Create a log profile2
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    retention_policy:
      enabled: False
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output