Set up the azure.monitor integration.
Configure the diagnostic setting to log the appropriate activities from the control/management plane.
A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.
ARM Template with AZ PowerShell cmdlets:
Create a file to hold the following JSON:
{ "$schema""https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion""
1.0.0.0", "parameters"{ "settingName"{ "type""String" }, "workspaceId"{ "type""String" } }, "resources"[ { "type""Microsoft.Insights/diagnosticSettings", "apiVersion""2017-05-01-preview", "name""[parameters(''settingName'')]", "dependsOn"[], "properties"{ "workspaceId""[parameters(''workspaceId'')]", "logs"[ { "category""Administrative", "enabled"true }, { "category""Alert", "enabled"true }, { "category""Autoscale", "enabled"false }, { "category""Policy", "enabled"true }, { "category""Recommendation", "enabled"false }, { "category""ResourceHealth", "enabled"false }, { "category""Security", "enabled"true }, { "category""ServiceHealth", "enabled"false } ] } } ] }
Reference the JSON. In the New-AzSubscriptionDeployment, call $OMSWorkspace:
Get-AzResource -ResourceType "Microsoft.OperationalInsights/workspaces" -Name <Workspace Name> New-AzSubscriptionDeployment -Name CreateDiagnosticSetting -location eastus -TemplateFile CreateDiagnosticSetting.jsonc -settingName "Send Activity log to workspace" -workspaceId $OMSWorkspace.ResourceId'
Version 7 6.3 - Enable Detailed Logging - Enable system logging to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.