diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep b/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep index 52bcc16478..773b666883 100644 --- a/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep +++ b/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep @@ -126,16 +126,15 @@ param nicConfigurations array @description('Optional. The name of the PIP diagnostic setting, if deployed.') param pipDiagnosticSettingsName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DDoSProtectionNotifications' 'DDoSMitigationFlowLogs' 'DDoSMitigationReports' ]) param pipdiagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 5bc473fce7..3c81ad7175 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -82,7 +82,7 @@ Modules in the repository are structured based on their main resource provider ( Resources like `Microsoft.Sql/servers` may have dedicated templates for child resources such as `Microsoft.Sql/servers/databases`. In these cases, we recommend to create a subfolder named after the child resource, so that the path to the child resource folder is consistent with its resource type. In the given example, we would have a `databases` subfolder in the `servers` parent folder. -``` +```txt Microsoft.Sql └─ servers [module] └─ databases [child-module/resource] @@ -250,7 +250,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ ### Diagnostic Settings -The diagnostic settings may differ slightly, from resource to resource. Most notably, the `` as well as `` may be different and have to be added by you. However, it may also happen that a given resource type simply doesn't support any metrics and/or logs. In this case, you can then remove the parameter and property from the module you develop. +The diagnostic settings may differ slightly, from resource to resource. Most notably, the `` as well as `` may be different and have to be added by you. Also possible, and default setting is to use the category `allLogs`. If using `allLogs`, the other `` are not needed. However, it may also happen that a given resource type simply doesn't support any metrics and/or logs. In this case, you can then remove the parameter and property from the module you develop.
Details @@ -273,12 +273,13 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' ]) param diagnosticLogCategoriesToEnable array = [ - + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -479,7 +480,7 @@ While exceptions might be needed, the following guidance should be followed as m - When deploying more than one resource of the same referenced module is needed, we leverage loops using integer index and items in an array as per [Bicep loop syntax](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/loops#loop-syntax). In this case, we also use `-${index}` as a suffix of the deployment name to avoid race condition: - ``` + ```bicep module symbolic_name 'path/to/referenced/module/deploy.bicep' = [for (, ) in : { name: '-${index}' ... @@ -488,32 +489,32 @@ While exceptions might be needed, the following guidance should be followed as m > **Example**: for the `roleAssignment` deployment in the Key Vault `secrets` template > - > ``` + > ```bicep > module secret_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { > name: '${deployment().name}-Rbac-${index}' > ``` - For referenced resources of the top-level resource inside the top-level template use the following naming structure: - ``` + ```bicep '${uniqueString(deployment().name, location)}--' ``` > **Example**: for the `tableServices` deployment inside the `storageAccount` template > - > ``` + > ```bicep > name: '${uniqueString(deployment().name, location)}-Storage-TableServices' > ``` - In the referenced resource template use the following naming structure: - ``` + ```bicep '${deployment().name}-[-${index}]' ``` > **Example**: for the `tables` deployment in the `tableServices` template > - > ``` + > ```bicep > name: '${deployment().name}-Table-${index}' > ``` @@ -559,16 +560,16 @@ Module test files follow these general guidelines: In addition, they follow these file-type-specific guidelines: - - Each scenario should be setup in its own sub-folder (e.g. `.test/linux`) - - Sub-folder names should ideally relate to the content they deploy. For example, a sub-folder `min` should be chosen for a scenario in which only the minimum set of parameters are used to deploy the module. - - Each folder should contain at least a file `deploy.test.bicep` and optionally an additional `dependencies.bicep` file. The `deploy.test.bicep` file should deploy any immediate dependencies (e.g. a resource group, if required) and invoke the module's main template while providing all parameters for a given test scenario. The `dependencies.bicep` should optionally be used if any additional dependencies must be deployed into a nested scope (e.g. into a deployed resource group). - - Parameters - - Each file should define a parameter `serviceShort`. This parameter should be unique to this file (i.e, no two test files should share the same) as it is injected into all resource deployments, making them unique too and account for corresponding requirements. As a reference you can create a identifier by combining a substring of the resource type and test scenario (e.g., in case of a Linux Virtual Machine Deployment: `vmlin`) - - If the module deploys a resource group level resource, the template should further have a `resourceGroupName` parameter and subsequent resource deployment. As a reference for the default name you can use `ms..-${serviceShort}-test-rg`. - - Each file should also provide a `location` parameter that may default to the deployments default location - - It is recommended to define all major resource names in the `deploy.test.bicep` file as it makes later maintenance easier. To implement this, make sure to pass all resource names to any referenced module. - - References to dependencies should be implemented using resource references in combination with outputs. In other words: You should not hardcode any references into the module template's deployment. Instead use references such as `resourceGroupResources.outputs.managedIdentityPrincipalId` - - If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need. +- Each scenario should be setup in its own sub-folder (e.g. `.test/linux`) +- Sub-folder names should ideally relate to the content they deploy. For example, a sub-folder `min` should be chosen for a scenario in which only the minimum set of parameters are used to deploy the module. +- Each folder should contain at least a file `deploy.test.bicep` and optionally an additional `dependencies.bicep` file. The `deploy.test.bicep` file should deploy any immediate dependencies (e.g. a resource group, if required) and invoke the module's main template while providing all parameters for a given test scenario. The `dependencies.bicep` should optionally be used if any additional dependencies must be deployed into a nested scope (e.g. into a deployed resource group). +- Parameters + - Each file should define a parameter `serviceShort`. This parameter should be unique to this file (i.e, no two test files should share the same) as it is injected into all resource deployments, making them unique too and account for corresponding requirements. As a reference you can create a identifier by combining a substring of the resource type and test scenario (e.g., in case of a Linux Virtual Machine Deployment: `vmlin`) + - If the module deploys a resource group level resource, the template should further have a `resourceGroupName` parameter and subsequent resource deployment. As a reference for the default name you can use `ms..-${serviceShort}-test-rg`. + - Each file should also provide a `location` parameter that may default to the deployments default location +- It is recommended to define all major resource names in the `deploy.test.bicep` file as it makes later maintenance easier. To implement this, make sure to pass all resource names to any referenced module. +- References to dependencies should be implemented using resource references in combination with outputs. In other words: You should not hardcode any references into the module template's deployment. Instead use references such as `resourceGroupResources.outputs.managedIdentityPrincipalId` +- If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need.
Example (for a resource group level resource) diff --git a/modules/Microsoft.AAD/DomainServices/deploy.bicep b/modules/Microsoft.AAD/DomainServices/deploy.bicep index a09a09dd23..656dd9a39c 100644 --- a/modules/Microsoft.AAD/DomainServices/deploy.bicep +++ b/modules/Microsoft.AAD/DomainServices/deploy.bicep @@ -145,8 +145,9 @@ param lock string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'SystemSecurity' 'AccountManagement' 'LogonLogoff' @@ -157,20 +158,12 @@ param roleAssignments array = [] 'DirectoryServiceAccess' 'AccountLogon' ]) -param logsToEnable array = [ - 'SystemSecurity' - 'AccountManagement' - 'LogonLogoff' - 'ObjectAccess' - 'PolicyChange' - 'PrivilegeUse' - 'DetailTracking' - 'DirectoryServiceAccess' - 'AccountLogon' +param diagnosticLogCategoriesToEnable array = [ + 'allLogs' ] -var diagnosticsLogs = [for log in logsToEnable: { - category: log +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { + category: category enabled: true retentionPolicy: { enabled: true @@ -178,6 +171,17 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' properties: { diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md index 45ec67d0c4..dd917ee5ea 100644 --- a/modules/Microsoft.AAD/DomainServices/readme.md +++ b/modules/Microsoft.AAD/DomainServices/readme.md @@ -42,6 +42,7 @@ This template deploys Azure Active Directory Domain Services (AADDS). | `additionalRecipients` | array | `[]` | | The email recipient value to receive alerts. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | @@ -54,7 +55,6 @@ This template deploys Azure Active Directory Domain Services (AADDS). | `ldaps` | string | `'Enabled'` | `[Disabled, Enabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. | | `location` | string | `[resourceGroup().location]` | | The location to deploy the Azure ADDS Services. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsToEnable` | array | `[AccountLogon, AccountManagement, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | `[AccountLogon, AccountManagement, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. | | `name` | string | `[parameters('domainName')]` | | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | | `notifyDcAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the DC Admins. | | `notifyGlobalAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the Global Admins. | diff --git a/modules/Microsoft.AnalysisServices/servers/deploy.bicep b/modules/Microsoft.AnalysisServices/servers/deploy.bicep index 393d19e13d..de573c44f8 100644 --- a/modules/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/modules/Microsoft.AnalysisServices/servers/deploy.bicep @@ -56,14 +56,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Engine' 'Service' ]) param diagnosticLogCategoriesToEnable array = [ - 'Engine' - 'Service' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -77,7 +77,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -86,6 +86,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.AnalysisServices/servers/readme.md b/modules/Microsoft.AnalysisServices/servers/readme.md index 425e5fe6f2..423f6ffba2 100644 --- a/modules/Microsoft.AnalysisServices/servers/readme.md +++ b/modules/Microsoft.AnalysisServices/servers/readme.md @@ -33,7 +33,7 @@ This module deploys an Analysis Services Server. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Engine, Service]` | `[Engine, Service]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Engine, Service]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.ApiManagement/service/deploy.bicep b/modules/Microsoft.ApiManagement/service/deploy.bicep index a881d2b025..28dcde6652 100644 --- a/modules/Microsoft.ApiManagement/service/deploy.bicep +++ b/modules/Microsoft.ApiManagement/service/deploy.bicep @@ -109,12 +109,13 @@ param diagnosticWorkspaceId string = '' @description('Optional. A list of availability zones denoting where the resource needs to come from.') param zones array = [] -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'GatewayLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'GatewayLogs' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -155,7 +156,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' var enableReferencedModulesTelemetry = false -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -164,6 +165,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.ApiManagement/service/readme.md b/modules/Microsoft.ApiManagement/service/readme.md index b2bb3ece95..ae4a06715a 100644 --- a/modules/Microsoft.ApiManagement/service/readme.md +++ b/modules/Microsoft.ApiManagement/service/readme.md @@ -58,7 +58,7 @@ This module deploys an API management service. | `customProperties` | object | `{object}` | | Custom properties of the API Management service. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[GatewayLogs]` | `[GatewayLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, GatewayLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 950013a1e2..e24d77bf11 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -80,14 +80,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'HttpRequest' 'Audit' ]) param diagnosticLogCategoriesToEnable array = [ - 'HttpRequest' - 'Audit' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -106,7 +106,7 @@ param privateEndpoints array = [] var enableReferencedModulesTelemetry = false -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -115,6 +115,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index 92ae12c1d4..93bd19f20f 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -37,7 +37,7 @@ This module deploys an App Configuration Store. | `createMode` | string | `'Default'` | `[Default, Recover]` | Indicates whether the configuration store need to be recovered. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Audit, HttpRequest]` | `[Audit, HttpRequest]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Audit, HttpRequest]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Automation/automationAccounts/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/deploy.bicep index e0ecd96a58..46ec445afe 100644 --- a/modules/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/deploy.bicep @@ -101,16 +101,15 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'JobLogs' 'JobStreams' 'DscNodeStatus' ]) param diagnosticLogCategoriesToEnable array = [ - 'JobLogs' - 'JobStreams' - 'DscNodeStatus' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -126,7 +125,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' var enableReferencedModulesTelemetry = false -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -135,6 +134,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md index 92e81ecc1c..7566fa2269 100644 --- a/modules/Microsoft.Automation/automationAccounts/readme.md +++ b/modules/Microsoft.Automation/automationAccounts/readme.md @@ -52,7 +52,7 @@ This module deploys an Azure Automation Account. | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DscNodeStatus, JobLogs, JobStreams]` | `[DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Batch/batchAccounts/deploy.bicep b/modules/Microsoft.Batch/batchAccounts/deploy.bicep index 1fe112450b..e99958cee2 100644 --- a/modules/Microsoft.Batch/batchAccounts/deploy.bicep +++ b/modules/Microsoft.Batch/batchAccounts/deploy.bicep @@ -102,12 +102,13 @@ param cMKKeyVersion string = '' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ServiceLog' ]) param diagnosticLogCategoriesToEnable array = [ - 'ServiceLog' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -121,7 +122,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -130,6 +131,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index aed3605a35..6bb48c7fb9 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -44,7 +44,7 @@ | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ServiceLog]` | `[ServiceLog]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ServiceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 7b36ea430d..3827d2fdc7 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -117,12 +117,13 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ConnectedClientList' ]) param diagnosticLogCategoriesToEnable array = [ - 'ConnectedClientList' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -136,7 +137,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -145,6 +146,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 76b3530aa9..341a37d366 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -36,7 +36,7 @@ This module deploys a Redis Cache service. | `capacity` | int | `1` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[ConnectedClientList]` | `[ConnectedClientList]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ConnectedClientList]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep index d73c99145d..1084f74334 100644 --- a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -146,14 +146,14 @@ param userOwnedStorage array = [] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Audit' 'RequestResponse' ]) param diagnosticLogCategoriesToEnable array = [ - 'Audit' - 'RequestResponse' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -167,7 +167,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -176,6 +176,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md index 5989c79ec3..cf0b0cfe54 100644 --- a/modules/Microsoft.CognitiveServices/accounts/readme.md +++ b/modules/Microsoft.CognitiveServices/accounts/readme.md @@ -50,7 +50,7 @@ This module deploys different kinds of cognitive services resources | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, latest is used. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Audit, RequestResponse]` | `[Audit, RequestResponse]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Audit, RequestResponse]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Compute/virtualMachines/deploy.bicep b/modules/Microsoft.Compute/virtualMachines/deploy.bicep index 90e86fb3fc..444797bcd8 100644 --- a/modules/Microsoft.Compute/virtualMachines/deploy.bicep +++ b/modules/Microsoft.Compute/virtualMachines/deploy.bicep @@ -119,16 +119,15 @@ param nicConfigurations array @description('Optional. The name of the PIP diagnostic setting, if deployed.') param pipDiagnosticSettingsName string = '${name}-diagnosticSettings' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DDoSProtectionNotifications' 'DDoSMitigationFlowLogs' 'DDoSMitigationReports' ]) param pipdiagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md index 8be20528ab..60fe90117c 100644 --- a/modules/Microsoft.Compute/virtualMachines/readme.md +++ b/modules/Microsoft.Compute/virtualMachines/readme.md @@ -86,7 +86,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` | | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | | `nicdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `nicDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the NIC diagnostic setting, if deployed. | -| `pipdiagnosticLogCategoriesToEnable` | array | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. | +| `pipdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `pipdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `pipDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the PIP diagnostic setting, if deployed. | | `plan` | object | `{object}` | | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index be56754643..26ff7e3941 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -132,14 +132,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ContainerRegistryRepositoryEvents' 'ContainerRegistryLoginEvents' ]) param diagnosticLogCategoriesToEnable array = [ - 'ContainerRegistryRepositoryEvents' - 'ContainerRegistryLoginEvents' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -185,7 +185,7 @@ param cMKKeyVersion string = '' @description('Conditional. User assigned identity to use when fetching the customer managed key. Note, CMK requires the \'acrSku\' to be \'Premium\'. Required if \'cMKKeyName\' is not empty.') param cMKUserAssignedIdentityResourceId string = '' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -194,6 +194,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 8b6bebaecb..9d1a8b8a63 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -51,7 +51,7 @@ Azure Container Registry is a managed, private Docker registry service based on | `dataEndpointEnabled` | bool | `False` | | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | `[ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep index b2492bbb40..04b4a0532f 100644 --- a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -295,8 +295,9 @@ param tags object = {} @description('Optional. The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided.') param diskEncryptionSetID string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'kube-apiserver' 'kube-audit' 'kube-controller-manager' @@ -306,13 +307,7 @@ param diskEncryptionSetID string = '' 'guard' ]) param diagnosticLogCategoriesToEnable array = [ - 'kube-apiserver' - 'kube-audit' - 'kube-controller-manager' - 'kube-scheduler' - 'cluster-autoscaler' - 'kube-audit-admin' - 'guard' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -326,7 +321,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -335,6 +330,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md index e8bba8c7d4..478c736504 100644 --- a/modules/Microsoft.ContainerService/managedClusters/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/readme.md @@ -84,7 +84,7 @@ This module deploys Azure Kubernetes Cluster (AKS). | `azurePolicyVersion` | string | `'v2'` | | Specifies the azure policy version to use. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | `[cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/deploy.bicep b/modules/Microsoft.DBforPostgreSQL/flexibleServers/deploy.bicep index 7c278d48b6..e2fda60ad5 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/deploy.bicep +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/deploy.bicep @@ -142,12 +142,13 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'PostgreSQLLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'PostgreSQLLogs' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -161,7 +162,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -170,6 +171,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md index e39cd78951..9ddda49113 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md @@ -46,7 +46,7 @@ This module deploys DBforPostgreSQL FlexibleServers. | `delegatedSubnetResourceId` | string | `''` | | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[PostgreSQLLogs]` | `[PostgreSQLLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, PostgreSQLLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index b5a66b0af8..9cee7a6ecc 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -88,8 +88,9 @@ param cMKKeyVersion string = '' @description('Conditional. User assigned identity to use when fetching the customer managed key. Required if \'cMKKeyName\' is not empty.') param cMKUserAssignedIdentityResourceId string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ActivityRuns' 'PipelineRuns' 'TriggerRuns' @@ -101,15 +102,7 @@ param cMKUserAssignedIdentityResourceId string = '' 'SSISIntegrationRuntimeLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'ActivityRuns' - 'PipelineRuns' - 'TriggerRuns' - 'SSISPackageEventMessages' - 'SSISPackageExecutableStatistics' - 'SSISPackageEventMessageContext' - 'SSISPackageExecutionComponentPhases' - 'SSISPackageExecutionDataStatistics' - 'SSISIntegrationRuntimeLogs' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -123,7 +116,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -132,6 +125,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index e2a740ac09..d28c94379f 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -45,7 +45,7 @@ | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ActivityRuns, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | `[ActivityRuns, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Databricks/workspaces/deploy.bicep b/modules/Microsoft.Databricks/workspaces/deploy.bicep index 6185136128..b02ab7fefe 100644 --- a/modules/Microsoft.Databricks/workspaces/deploy.bicep +++ b/modules/Microsoft.Databricks/workspaces/deploy.bicep @@ -52,8 +52,9 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'dbfs' 'clusters' 'accounts' @@ -66,22 +67,13 @@ param enableDefaultTelemetry bool = true 'instancePools' ]) param diagnosticLogCategoriesToEnable array = [ - 'dbfs' - 'clusters' - 'accounts' - 'jobs' - 'notebook' - 'ssh' - 'workspace' - 'secrets' - 'sqlPermissions' - 'instancePools' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -90,6 +82,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var managedResourceGroupName = '${name}-rg' var managedResourceGroupIdVar = '${subscription().id}/resourceGroups/${managedResourceGroupName}' diff --git a/modules/Microsoft.Databricks/workspaces/readme.md b/modules/Microsoft.Databricks/workspaces/readme.md index 480d9845ff..9e33368efe 100644 --- a/modules/Microsoft.Databricks/workspaces/readme.md +++ b/modules/Microsoft.Databricks/workspaces/readme.md @@ -31,7 +31,7 @@ | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[accounts, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | `[accounts, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 2f1d5e587f..e109d6fde7 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -55,16 +55,15 @@ param tags object = {} @sys.description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@sys.description('Optional. The name of logs that will be streamed.') +@sys.description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Checkpoint' 'Error' 'Management' ]) param diagnosticLogCategoriesToEnable array = [ - 'Checkpoint' - 'Error' - 'Management' + 'allLogs' ] @sys.description('Optional. List of applications to be created in the Application Group.') @@ -73,7 +72,7 @@ param applications array = [] @sys.description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -82,6 +81,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var enableReferencedModulesTelemetry = false resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md index e8d38af24f..4541711805 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md @@ -38,7 +38,7 @@ This module deploys an Azure virtual desktop application group. | `description` | string | `''` | | The description of the Application Group to be created. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Checkpoint, Error, Management]` | `[Checkpoint, Error, Management]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Checkpoint, Error, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index 2126907d0f..6172cf9867 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -97,8 +97,9 @@ param startVMOnConnect bool = false @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalIds\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Checkpoint' 'Error' 'Management' @@ -107,18 +108,13 @@ param roleAssignments array = [] 'AgentHealthStatus' ]) param diagnosticLogCategoriesToEnable array = [ - 'Checkpoint' - 'Error' - 'Management' - 'Connection' - 'HostRegistration' - 'AgentHealthStatus' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -127,6 +123,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var tokenExpirationTime = dateTimeAdd(baseTime, tokenValidityLength) resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md index 88daf2da69..e39711a77c 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md +++ b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md @@ -34,7 +34,7 @@ This module deploys an Azure virtual desktop host pool. | `customRdpProperty` | string | `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` | | Host Pool RDP properties. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AgentHealthStatus, Checkpoint, Connection, Error, HostRegistration, Management]` | `[AgentHealthStatus, Checkpoint, Connection, Error, HostRegistration, Management]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep index 950e2527ff..04c4fef803 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep @@ -94,16 +94,17 @@ param roleAssignments array = [] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Autoscale' ]) -param logsToEnable array = [ - 'Autoscale' +param diagnosticLogCategoriesToEnable array = [ + 'allLogs' ] -var diagnosticsLogs = [for log in logsToEnable: { - category: log +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { + category: category enabled: true retentionPolicy: { enabled: true @@ -111,6 +112,17 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md index 4605084567..4f046329ce 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md @@ -32,6 +32,7 @@ This module deploys an AVD Scaling Plan. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Autoscale]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | @@ -41,7 +42,6 @@ This module deploys an AVD Scaling Plan. | `hostPoolReferences` | array | `[]` | | An array of references to hostpools. | | `hostPoolType` | string | `'Pooled'` | `[Pooled]` | The type of hostpool where this scaling plan should be applied. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `logsToEnable` | array | `[Autoscale]` | `[Autoscale]` | The name of logs that will be streamed. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `scalingplanDescription` | string | `[parameters('name')]` | | Description of the scaling plan. | | `schedules` | array | `[System.Management.Automation.OrderedHashtable]` | | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. | diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index c843a258e2..4aa94210f1 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -47,24 +47,22 @@ param enableDefaultTelemetry bool = true @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalIds\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Checkpoint' 'Error' 'Management' 'Feed' ]) param diagnosticLogCategoriesToEnable array = [ - 'Checkpoint' - 'Error' - 'Management' - 'Feed' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -73,6 +71,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md index 8f36cfc841..649924807c 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md +++ b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md @@ -34,7 +34,7 @@ This module deploys an Azure virtual desktop workspace. | `appGroupResourceIds` | array | `[]` | | Resource IDs for the existing Application groups this workspace will group together. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Checkpoint, Error, Feed, Management]` | `[Checkpoint, Error, Feed, Management]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Checkpoint, Error, Feed, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index ce602d875d..60e8b3abfa 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -94,8 +94,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DataPlaneRequests' 'MongoRequests' 'QueryRuntimeStatistics' @@ -107,15 +108,7 @@ param diagnosticEventHubName string = '' 'TableApiRequests' ]) param diagnosticLogCategoriesToEnable array = [ - 'DataPlaneRequests' - 'MongoRequests' - 'QueryRuntimeStatistics' - 'PartitionKeyStatistics' - 'PartitionKeyRUConsumption' - 'ControlPlaneRequests' - 'CassandraRequests' - 'GremlinRequests' - 'TableApiRequests' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -172,7 +165,7 @@ param backupRetentionIntervalInHours int = 8 @description('Optional. Enum to indicate type of backup residency. Only applies to periodic backup type.') param backupStorageRedundancy string = 'Local' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -181,6 +174,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md index 07187d33e5..1348fad70b 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md +++ b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md @@ -49,7 +49,7 @@ This module deploys a DocumentDB database account and its child resources. | `defaultConsistencyLevel` | string | `'Session'` | `[BoundedStaleness, ConsistentPrefix, Eventual, Session, Strong]` | The default consistency level of the Cosmos DB account. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` | `[CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Requests]` | `[Requests]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.EventGrid/systemTopics/deploy.bicep b/modules/Microsoft.EventGrid/systemTopics/deploy.bicep index 58e2437080..f77974ba65 100644 --- a/modules/Microsoft.EventGrid/systemTopics/deploy.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/deploy.bicep @@ -57,12 +57,13 @@ var identity = identityType != 'None' ? { userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null } : null -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DeliveryFailures' ]) param diagnosticLogCategoriesToEnable array = [ - 'DeliveryFailures' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -76,7 +77,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -85,6 +86,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.EventGrid/systemTopics/readme.md b/modules/Microsoft.EventGrid/systemTopics/readme.md index 06aae35eb6..5be134a402 100644 --- a/modules/Microsoft.EventGrid/systemTopics/readme.md +++ b/modules/Microsoft.EventGrid/systemTopics/readme.md @@ -35,7 +35,7 @@ This module deploys an Event Grid System Topic. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DeliveryFailures]` | `[DeliveryFailures]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DeliveryFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.EventGrid/topics/deploy.bicep b/modules/Microsoft.EventGrid/topics/deploy.bicep index 154d13eced..c479bda0f3 100644 --- a/modules/Microsoft.EventGrid/topics/deploy.bicep +++ b/modules/Microsoft.EventGrid/topics/deploy.bicep @@ -52,14 +52,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DeliveryFailures' 'PublishFailures' ]) param diagnosticLogCategoriesToEnable array = [ - 'DeliveryFailures' - 'PublishFailures' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -75,7 +75,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' var enableReferencedModulesTelemetry = false -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -84,6 +84,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.EventGrid/topics/readme.md b/modules/Microsoft.EventGrid/topics/readme.md index 53e13f73b4..6f527140d9 100644 --- a/modules/Microsoft.EventGrid/topics/readme.md +++ b/modules/Microsoft.EventGrid/topics/readme.md @@ -35,7 +35,7 @@ This module deploys an event grid topic. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DeliveryFailures, PublishFailures]` | `[DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.EventHub/namespaces/deploy.bicep b/modules/Microsoft.EventHub/namespaces/deploy.bicep index b20067d609..c7df8eeadd 100644 --- a/modules/Microsoft.EventHub/namespaces/deploy.bicep +++ b/modules/Microsoft.EventHub/namespaces/deploy.bicep @@ -92,8 +92,9 @@ param eventHubs array = [] @description('Optional. The disaster recovery config for this namespace.') param disasterRecoveryConfig object = {} -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ArchiveLogs' 'OperationalLogs' 'AutoScaleLogs' @@ -105,15 +106,7 @@ param disasterRecoveryConfig object = {} 'ApplicationMetricsLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'ArchiveLogs' - 'OperationalLogs' - 'AutoScaleLogs' - 'KafkaCoordinatorLogs' - 'KafkaUserErrorLogs' - 'EventHubVNetConnectionEvent' - 'CustomerManagedKeyUserLogs' - 'RuntimeAuditLogs' - 'ApplicationMetricsLogs' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -129,7 +122,7 @@ var maximumThroughputUnitsVar = !isAutoInflateEnabled ? 0 : maximumThroughputUni @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -138,6 +131,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.EventHub/namespaces/readme.md b/modules/Microsoft.EventHub/namespaces/readme.md index ec16cf38fb..8fddb8c47e 100644 --- a/modules/Microsoft.EventHub/namespaces/readme.md +++ b/modules/Microsoft.EventHub/namespaces/readme.md @@ -42,7 +42,7 @@ This module deploys an event hub namespace. | `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Event Hub namespace. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` | `[ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep b/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep index 298cc90804..0a524edeae 100644 --- a/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ b/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep @@ -22,8 +22,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Administrative' 'Security' 'ServiceHealth' @@ -34,14 +35,7 @@ param diagnosticEventHubName string = '' 'ResourceHealth' ]) param diagnosticLogCategoriesToEnable array = [ - 'Administrative' - 'Security' - 'ServiceHealth' - 'Alert' - 'Recommendation' - 'Policy' - 'Autoscale' - 'ResourceHealth' + 'allLogs' ] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') @@ -50,7 +44,7 @@ param enableDefaultTelemetry bool = true @sys.description('Optional. Location deployment metadata.') param location string = deployment().location -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -59,6 +53,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' location: location diff --git a/modules/Microsoft.Insights/diagnosticSettings/readme.md b/modules/Microsoft.Insights/diagnosticSettings/readme.md index b63c38c4e8..c1bd2f81ac 100644 --- a/modules/Microsoft.Insights/diagnosticSettings/readme.md +++ b/modules/Microsoft.Insights/diagnosticSettings/readme.md @@ -24,7 +24,7 @@ This module deploys a subscription wide export of the activity log. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Administrative, Alert, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` | `[Administrative, Alert, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[Administrative, Alert, allLogs, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | diff --git a/modules/Microsoft.KeyVault/vaults/deploy.bicep b/modules/Microsoft.KeyVault/vaults/deploy.bicep index ffc6d4d515..52a17835ac 100644 --- a/modules/Microsoft.KeyVault/vaults/deploy.bicep +++ b/modules/Microsoft.KeyVault/vaults/deploy.bicep @@ -97,14 +97,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AuditEvent' 'AzurePolicyEvaluationDetails' ]) param diagnosticLogCategoriesToEnable array = [ - 'AuditEvent' - 'AzurePolicyEvaluationDetails' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -121,7 +121,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' // =========== // // Variables // // =========== // -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -130,6 +130,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md index 6fd4fdb82c..55e816e838 100644 --- a/modules/Microsoft.KeyVault/vaults/readme.md +++ b/modules/Microsoft.KeyVault/vaults/readme.md @@ -40,7 +40,7 @@ This module deploys a key vault and its child resources. | `createMode` | string | `'default'` | | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditEvent, AzurePolicyEvaluationDetails]` | `[AuditEvent, AzurePolicyEvaluationDetails]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AuditEvent, AzurePolicyEvaluationDetails]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Logic/workflows/deploy.bicep b/modules/Microsoft.Logic/workflows/deploy.bicep index 3d71a78500..37b4a6b47f 100644 --- a/modules/Microsoft.Logic/workflows/deploy.bicep +++ b/modules/Microsoft.Logic/workflows/deploy.bicep @@ -97,12 +97,13 @@ param workflowStaticResults object = {} @description('Optional. The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer.') param workflowTriggers object = {} -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'WorkflowRuntime' ]) param diagnosticLogCategoriesToEnable array = [ - 'WorkflowRuntime' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -116,7 +117,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -125,6 +126,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Logic/workflows/readme.md b/modules/Microsoft.Logic/workflows/readme.md index 14985e8635..738c07cfc1 100644 --- a/modules/Microsoft.Logic/workflows/readme.md +++ b/modules/Microsoft.Logic/workflows/readme.md @@ -37,7 +37,7 @@ This module deploys a Logic App resource. | `definitionParameters` | object | `{object}` | | Parameters for the definition template. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[WorkflowRuntime]` | `[WorkflowRuntime]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, WorkflowRuntime]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep index 9481de7a34..b9ac4e5b23 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -82,8 +82,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@sys.description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AmlComputeClusterEvent' 'AmlComputeClusterNodeEvent' 'AmlComputeJobEvent' @@ -91,11 +92,7 @@ param diagnosticEventHubName string = '' 'AmlRunStatusChangedEvent' ]) param diagnosticLogCategoriesToEnable array = [ - 'AmlComputeClusterEvent' - 'AmlComputeClusterNodeEvent' - 'AmlComputeJobEvent' - 'AmlComputeCpuGpuUtilization' - 'AmlRunStatusChangedEvent' + 'allLogs' ] @sys.description('Optional. The name of metrics that will be streamed.') @@ -159,7 +156,7 @@ var identity = identityType != 'None' ? { userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : any(null) } : any(null) -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -168,6 +165,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep index 92b5e3bf4b..ca99038755 100644 --- a/modules/Microsoft.Network/applicationGateways/deploy.bicep +++ b/modules/Microsoft.Network/applicationGateways/deploy.bicep @@ -186,16 +186,15 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ApplicationGatewayAccessLog' 'ApplicationGatewayPerformanceLog' 'ApplicationGatewayFirewallLog' ]) param diagnosticLogCategoriesToEnable array = [ - 'ApplicationGatewayAccessLog' - 'ApplicationGatewayPerformanceLog' - 'ApplicationGatewayFirewallLog' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -216,7 +215,7 @@ var identity = identityType != 'None' ? { @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -225,6 +224,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 7b66c3deac..9be92e8bbc 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -40,7 +40,7 @@ This module deploys Network ApplicationGateways. | `customErrorConfigurations` | array | `[]` | | Custom error configurations of the application gateway resource. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/azureFirewalls/deploy.bicep b/modules/Microsoft.Network/azureFirewalls/deploy.bicep index 97a056e6b1..073403c3e8 100644 --- a/modules/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/modules/Microsoft.Network/azureFirewalls/deploy.bicep @@ -94,16 +94,15 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of firewall logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AzureFirewallApplicationRule' 'AzureFirewallNetworkRule' 'AzureFirewallDnsProxy' ]) param diagnosticLogCategoriesToEnable array = [ - 'AzureFirewallApplicationRule' - 'AzureFirewallNetworkRule' - 'AzureFirewallDnsProxy' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -158,7 +157,7 @@ var ipConfigurations = concat([ // ---------------------------------------------------------------------------- -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -167,6 +166,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index d7e381994e..c049210a69 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -41,7 +41,7 @@ This module deploys a firewall. | `azureSkuTier` | string | `'Standard'` | `[Premium, Standard]` | Tier of an Azure Firewall. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` | `[AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` | The name of firewall logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/bastionHosts/deploy.bicep b/modules/Microsoft.Network/bastionHosts/deploy.bicep index dcddf0c0d8..77d17f6df3 100644 --- a/modules/Microsoft.Network/bastionHosts/deploy.bicep +++ b/modules/Microsoft.Network/bastionHosts/deploy.bicep @@ -72,18 +72,19 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. Optional. The name of bastion logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'BastionAuditLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'BastionAuditLogs' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -92,6 +93,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var enableTunneling = skuType == 'Standard' ? true : null var scaleUnitsVar = skuType == 'Basic' ? 2 : scaleUnits diff --git a/modules/Microsoft.Network/bastionHosts/readme.md b/modules/Microsoft.Network/bastionHosts/readme.md index dd9cbcfa9a..22bced603c 100644 --- a/modules/Microsoft.Network/bastionHosts/readme.md +++ b/modules/Microsoft.Network/bastionHosts/readme.md @@ -36,7 +36,7 @@ This module deploys a bastion host. | `azureBastionSubnetPublicIpId` | string | `''` | | The public ip resource ID to associate to the azureBastionSubnet. If empty, then the public ip that is created as part of this module will be applied to the azureBastionSubnet. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[BastionAuditLogs]` | `[BastionAuditLogs]` | Optional. The name of bastion logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, BastionAuditLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep index 0d5022f98b..ae07b38fbc 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -87,12 +87,13 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'PeeringRouteLog' ]) param diagnosticLogCategoriesToEnable array = [ - 'PeeringRouteLog' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -106,7 +107,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -115,6 +116,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/expressRouteCircuits/readme.md b/modules/Microsoft.Network/expressRouteCircuits/readme.md index 8f049cdb3f..ec4e84e039 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/readme.md +++ b/modules/Microsoft.Network/expressRouteCircuits/readme.md @@ -36,7 +36,7 @@ This template deploys an express route circuit. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[PeeringRouteLog]` | `[PeeringRouteLog]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, PeeringRouteLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/frontDoors/deploy.bicep b/modules/Microsoft.Network/frontDoors/deploy.bicep index 3c0bf10541..169cb4266e 100644 --- a/modules/Microsoft.Network/frontDoors/deploy.bicep +++ b/modules/Microsoft.Network/frontDoors/deploy.bicep @@ -68,14 +68,14 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'FrontdoorAccessLog' 'FrontdoorWebApplicationFirewallLog' ]) -param logsToEnable array = [ - 'FrontdoorAccessLog' - 'FrontdoorWebApplicationFirewallLog' +param diagnosticLogCategoriesToEnable array = [ + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -86,8 +86,8 @@ param metricsToEnable array = [ 'AllMetrics' ] -var diagnosticsLogs = [for log in logsToEnable: { - category: log +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { + category: category enabled: true retentionPolicy: { enabled: true @@ -95,6 +95,17 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in metricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/frontDoors/readme.md b/modules/Microsoft.Network/frontDoors/readme.md index 83a66268b4..2e8860a57f 100644 --- a/modules/Microsoft.Network/frontDoors/readme.md +++ b/modules/Microsoft.Network/frontDoors/readme.md @@ -48,7 +48,7 @@ This module deploys Front Doors. | `friendlyName` | string | `''` | | Friendly name of the frontdoor resource. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsToEnable` | array | `[FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | `[FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | The name of logs that will be streamed. | +| `logsToEnable` | array | `[FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | `[allLogs, FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sendRecvTimeoutSeconds` | int | `240` | | Certificate name check time of the frontdoor resource. | diff --git a/modules/Microsoft.Network/natGateways/deploy.bicep b/modules/Microsoft.Network/natGateways/deploy.bicep index a6333175e8..be6dc56550 100644 --- a/modules/Microsoft.Network/natGateways/deploy.bicep +++ b/modules/Microsoft.Network/natGateways/deploy.bicep @@ -62,16 +62,15 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DDoSProtectionNotifications' 'DDoSMitigationFlowLogs' 'DDoSMitigationReports' ]) param diagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -85,7 +84,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -94,6 +93,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/natGateways/readme.md b/modules/Microsoft.Network/natGateways/readme.md index d492ae2627..299e61ae10 100644 --- a/modules/Microsoft.Network/natGateways/readme.md +++ b/modules/Microsoft.Network/natGateways/readme.md @@ -34,7 +34,7 @@ This module deploys a NAT gateway. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep index b3927c16e7..4694d2a76a 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -41,14 +41,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'NetworkSecurityGroupEvent' 'NetworkSecurityGroupRuleCounter' ]) param diagnosticLogCategoriesToEnable array = [ - 'NetworkSecurityGroupEvent' - 'NetworkSecurityGroupRuleCounter' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') @@ -56,7 +56,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' var enableReferencedModulesTelemetry = false -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -65,6 +65,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { diff --git a/modules/Microsoft.Network/networkSecurityGroups/readme.md b/modules/Microsoft.Network/networkSecurityGroups/readme.md index 3539c255ac..06084c8fc5 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/readme.md +++ b/modules/Microsoft.Network/networkSecurityGroups/readme.md @@ -34,7 +34,7 @@ This template deploys a network security group (NSG) with optional security rule | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep index 977d7e5d94..8631a5d361 100644 --- a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -72,16 +72,15 @@ param enableDefaultTelemetry bool = true @description('Optional. Tags of the resource.') param tags object = {} -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DDoSProtectionNotifications' 'DDoSMitigationFlowLogs' 'DDoSMitigationReports' ]) param diagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -95,7 +94,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -104,6 +103,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/publicIPAddresses/readme.md b/modules/Microsoft.Network/publicIPAddresses/readme.md index c73c05164e..1a6a27082c 100644 --- a/modules/Microsoft.Network/publicIPAddresses/readme.md +++ b/modules/Microsoft.Network/publicIPAddresses/readme.md @@ -31,7 +31,7 @@ | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index eac5946065..11cee56d36 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -80,12 +80,13 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ProbeHealthStatusEvents' ]) param diagnosticLogCategoriesToEnable array = [ - 'ProbeHealthStatusEvents' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -99,7 +100,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -108,6 +109,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md index e9daa1d47c..c62a3ba5a7 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -34,7 +34,7 @@ This module deploys a traffic manager profile. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ProbeHealthStatusEvents]` | `[ProbeHealthStatusEvents]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ProbeHealthStatusEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep index 320949d7fa..e73e05df89 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -106,20 +106,20 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'DDoSProtectionNotifications' 'DDoSMitigationFlowLogs' 'DDoSMitigationReports' ]) param publicIpdiagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' + 'allLogs' ] -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'GatewayDiagnosticLog' 'TunnelDiagnosticLog' 'RouteDiagnosticLog' @@ -127,11 +127,7 @@ param publicIpdiagnosticLogCategoriesToEnable array = [ 'P2SDiagnosticLog' ]) param virtualNetworkGatewaydiagnosticLogCategoriesToEnable array = [ - 'GatewayDiagnosticLog' - 'TunnelDiagnosticLog' - 'RouteDiagnosticLog' - 'IKEDiagnosticLog' - 'P2SDiagnosticLog' + 'allLogs' ] @description('Optional. Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided.') @@ -155,7 +151,7 @@ param publicIpDiagnosticSettingsName string = 'diagnosticSettings' // ================// // Diagnostic Variables -var virtualNetworkGatewayDiagnosticsLogs = [for category in virtualNetworkGatewaydiagnosticLogCategoriesToEnable: { +var virtualNetworkGatewayDiagnosticsLogsSpecified = [for category in filter(virtualNetworkGatewaydiagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -164,7 +160,18 @@ var virtualNetworkGatewayDiagnosticsLogs = [for category in virtualNetworkGatewa } }] -var publicIpDiagnosticsLogs = [for category in publicIpdiagnosticLogCategoriesToEnable: { +var virtualNetworkGatewayDiagnosticsLogs = contains(virtualNetworkGatewaydiagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : virtualNetworkGatewayDiagnosticsLogsSpecified + +var publicIpDiagnosticsLogsSpecified = [for category in filter(publicIpdiagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -173,6 +180,17 @@ var publicIpDiagnosticsLogs = [for category in publicIpdiagnosticLogCategoriesTo } }] +var publicIpDiagnosticsLogs = contains(publicIpdiagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : publicIpDiagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 925bc69532..76862cc50d 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -52,13 +52,13 @@ This module deploys a virtual network gateway. | `gatewayPipName` | string | `[format('{0}-pip1', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIpdiagnosticLogCategoriesToEnable` | array | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | `[DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. | +| `publicIpdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `publicIpDiagnosticSettingsName` | string | `'diagnosticSettings'` | | The name of the diagnostic setting, if deployed. | | `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | | `publicIpZones` | array | `[]` | | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | -| `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` | array | `[GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` | `[GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` | The name of logs that will be streamed. | +| `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `virtualNetworkGatewayDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `vpnClientAadConfiguration` | object | `{object}` | | Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. | | `vpnClientAddressPoolPrefix` | string | `''` | | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | diff --git a/modules/Microsoft.Network/virtualNetworks/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/deploy.bicep index ad6bb6463c..5158818f7c 100644 --- a/modules/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/modules/Microsoft.Network/virtualNetworks/deploy.bicep @@ -53,12 +53,14 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' + 'VMProtectionAlerts' ]) param diagnosticLogCategoriesToEnable array = [ - 'VMProtectionAlerts' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -72,7 +74,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -81,6 +83,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null @@ -265,3 +278,6 @@ output subnetResourceIds array = [for subnet in subnets: az.resourceId('Microsof @description('The location the resource was deployed into.') output location string = virtualNetwork.location + +@description('The Diagnostic Settings of the virtual network.') +output diagnosticsLogs array = diagnosticsLogs diff --git a/modules/Microsoft.Network/virtualNetworks/readme.md b/modules/Microsoft.Network/virtualNetworks/readme.md index 247da6fedd..25b1a91205 100644 --- a/modules/Microsoft.Network/virtualNetworks/readme.md +++ b/modules/Microsoft.Network/virtualNetworks/readme.md @@ -38,7 +38,7 @@ This template deploys a virtual network (vNet). | `ddosProtectionPlanId` | string | `''` | | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[VMProtectionAlerts]` | `[VMProtectionAlerts]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, VMProtectionAlerts]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | @@ -342,6 +342,7 @@ The network security group and route table resources must reside in the same res | Output Name | Type | Description | | :-- | :-- | :-- | +| `diagnosticsLogs` | array | The Diagnostic Settings of the virtual network. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the virtual network. | | `resourceGroupName` | string | The resource group the virtual network was deployed into. | diff --git a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep index abf017d8fe..c0c2659a4e 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -94,12 +94,13 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'Audit' ]) param diagnosticLogCategoriesToEnable array = [ - 'Audit' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -113,7 +114,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -122,6 +123,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.OperationalInsights/workspaces/readme.md b/modules/Microsoft.OperationalInsights/workspaces/readme.md index ef597dba46..27c5b8251d 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/readme.md +++ b/modules/Microsoft.OperationalInsights/workspaces/readme.md @@ -48,7 +48,7 @@ This template deploys a log analytics workspace. | `dataSources` | _[dataSources](dataSources/readme.md)_ array | `[]` | | LAW data sources to configure. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Audit]` | `[Audit]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Audit]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep index 7ed185432c..82963daa91 100644 --- a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -68,8 +68,9 @@ param userAssignedIdentities object = {} @description('Optional. Tags of the Recovery Service Vault resource.') param tags object = {} -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AzureBackupReport' 'CoreAzureBackup' 'AddonAzureBackupJobs' @@ -86,20 +87,7 @@ param tags object = {} 'AzureSiteRecoveryProtectedDiskDataChurn' ]) param diagnosticLogCategoriesToEnable array = [ - 'AzureBackupReport' - 'CoreAzureBackup' - 'AddonAzureBackupJobs' - 'AddonAzureBackupAlerts' - 'AddonAzureBackupPolicy' - 'AddonAzureBackupStorage' - 'AddonAzureBackupProtectedInstance' - 'AzureSiteRecoveryJobs' - 'AzureSiteRecoveryEvents' - 'AzureSiteRecoveryReplicatedItems' - 'AzureSiteRecoveryReplicationStats' - 'AzureSiteRecoveryRecoveryPoints' - 'AzureSiteRecoveryReplicationDataUploadRate' - 'AzureSiteRecoveryProtectedDiskDataChurn' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -122,7 +110,7 @@ param monitoringSettings object = {} @description('Optional. Security Settings of the vault.') param securitySettings object = {} -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -131,6 +119,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md index a30696ba79..b170aa1c43 100644 --- a/modules/Microsoft.RecoveryServices/vaults/readme.md +++ b/modules/Microsoft.RecoveryServices/vaults/readme.md @@ -48,7 +48,7 @@ This module deploys a recovery service vault. | `backupStorageConfig` | _[backupStorageConfig](backupStorageConfig/readme.md)_ object | `{object}` | | The storage configuration for the Azure Recovery Service Vault. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` | `[AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, allLogs, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Health]` | `[Health]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep index 18d9602528..8a17a4f686 100644 --- a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -101,12 +101,13 @@ param cMKUserAssignedIdentityResourceId string = '' @description('Optional. Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters.') param requireInfrastructureEncryption bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'OperationalLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'OperationalLogs' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -120,7 +121,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -129,6 +130,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.ServiceBus/namespaces/readme.md b/modules/Microsoft.ServiceBus/namespaces/readme.md index 9fa4821b21..068e870c80 100644 --- a/modules/Microsoft.ServiceBus/namespaces/readme.md +++ b/modules/Microsoft.ServiceBus/namespaces/readme.md @@ -53,7 +53,7 @@ This module deploys a service bus namespace resource. | `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[OperationalLogs]` | `[OperationalLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, OperationalLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep index c6f1d76d8c..e7392c82d4 100644 --- a/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep +++ b/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep @@ -81,24 +81,22 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'SQLInsights' 'QueryStoreRuntimeStatistics' 'QueryStoreWaitStatistics' 'Errors' ]) param diagnosticLogCategoriesToEnable array = [ - 'SQLInsights' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -107,6 +105,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var enableReferencedModulesTelemetry = false resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { diff --git a/modules/Microsoft.Sql/managedInstances/databases/readme.md b/modules/Microsoft.Sql/managedInstances/databases/readme.md index 6d91d8a9a4..1448a2c7dd 100644 --- a/modules/Microsoft.Sql/managedInstances/databases/readme.md +++ b/modules/Microsoft.Sql/managedInstances/databases/readme.md @@ -54,7 +54,7 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `createMode` | string | `'Default'` | `[Default, PointInTimeRestore, Recovery, RestoreExternalBackup, RestoreLongTermRetentionBackup]` | Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights]` | `[Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.Sql/managedInstances/deploy.bicep b/modules/Microsoft.Sql/managedInstances/deploy.bicep index c4135c9b62..1d156554bb 100644 --- a/modules/Microsoft.Sql/managedInstances/deploy.bicep +++ b/modules/Microsoft.Sql/managedInstances/deploy.bicep @@ -161,14 +161,14 @@ param minimalTlsVersion string = '1.2' ]) param requestedBackupStorageRedundancy string = 'Geo' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'ResourceUsageStats' 'SQLSecurityAuditEvents' ]) param diagnosticLogCategoriesToEnable array = [ - 'ResourceUsageStats' - 'SQLSecurityAuditEvents' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -182,7 +182,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -191,6 +191,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md index 79d66e1630..a8b02fed4f 100644 --- a/modules/Microsoft.Sql/managedInstances/readme.md +++ b/modules/Microsoft.Sql/managedInstances/readme.md @@ -65,7 +65,7 @@ SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://docs.m | `databases` | _[databases](databases/readme.md)_ array | `[]` | | Databases to create in this server. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ResourceUsageStats, SQLSecurityAuditEvents]` | `[ResourceUsageStats, SQLSecurityAuditEvents]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, ResourceUsageStats, SQLSecurityAuditEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Sql/servers/databases/deploy.bicep b/modules/Microsoft.Sql/servers/databases/deploy.bicep index 65760dcc3f..438e12f5a6 100644 --- a/modules/Microsoft.Sql/servers/databases/deploy.bicep +++ b/modules/Microsoft.Sql/servers/databases/deploy.bicep @@ -79,8 +79,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'SQLInsights' 'AutomaticTuning' 'QueryStoreRuntimeStatistics' @@ -94,17 +95,7 @@ param diagnosticEventHubName string = '' 'SQLSecurityAuditEvents' ]) param diagnosticLogCategoriesToEnable array = [ - 'SQLInsights' - 'AutomaticTuning' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' - 'DatabaseWaitStatistics' - 'Timeouts' - 'Blocks' - 'Deadlocks' - 'DevOpsOperationsAudit' - 'SQLSecurityAuditEvents' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -122,7 +113,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -131,6 +122,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Sql/servers/databases/readme.md b/modules/Microsoft.Sql/servers/databases/readme.md index a6e237b042..13ac5e7f91 100644 --- a/modules/Microsoft.Sql/servers/databases/readme.md +++ b/modules/Microsoft.Sql/servers/databases/readme.md @@ -38,7 +38,7 @@ This module deploys an Azure SQL Server Database. | `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | The collation of the database. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AutomaticTuning, Blocks, DatabaseWaitStatistics, Deadlocks, DevOpsOperationsAudit, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights, SQLSecurityAuditEvents, Timeouts]` | `[AutomaticTuning, Blocks, DatabaseWaitStatistics, Deadlocks, DevOpsOperationsAudit, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights, SQLSecurityAuditEvents, Timeouts]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AutomaticTuning, Blocks, DatabaseWaitStatistics, Deadlocks, DevOpsOperationsAudit, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights, SQLSecurityAuditEvents, Timeouts]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index b79a3339bd..f17fc6ee4a 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -37,16 +37,15 @@ param diagnosticEventHubName string = '' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'StorageRead' 'StorageWrite' 'StorageDelete' ]) param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -60,7 +59,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -69,6 +68,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md index 709db301c6..a651291d1d 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -37,7 +37,7 @@ This module can be used to deploy a blob service into a storage account. | `deleteRetentionPolicyDays` | int | `7` | | Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageDelete, StorageRead, StorageWrite]` | `[StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index 053c907e46..3a768dc1d7 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -37,16 +37,15 @@ param shares array = [] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'StorageRead' 'StorageWrite' 'StorageDelete' ]) param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -60,7 +59,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -69,6 +68,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md index 42604c587a..37b4e3e0d6 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -32,7 +32,7 @@ This module can be used to deploy a file share service into a storage account. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageDelete, StorageRead, StorageWrite]` | `[StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index d23a4e56f5..4f89119a3b 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -28,16 +28,15 @@ param diagnosticEventHubName string = '' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'StorageRead' 'StorageWrite' 'StorageDelete' ]) param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -51,7 +50,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -60,6 +59,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md index 9db0891b9a..aeebdac0d5 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -32,7 +32,7 @@ This module can be used to deploy a file share service into a storage account. | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageDelete, StorageRead, StorageWrite]` | `[StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index bb0290cbc5..1d149a8fc8 100644 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -28,16 +28,15 @@ param diagnosticEventHubName string = '' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'StorageRead' 'StorageWrite' 'StorageDelete' ]) param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' + 'allLogs' ] @description('Optional. The name of metrics that will be streamed.') @@ -51,7 +50,7 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -60,6 +59,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md b/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md index 661d698c36..2ab4056d1e 100644 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -31,7 +31,7 @@ This module deploys a storage account table service | :-- | :-- | :-- | :-- | :-- | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageDelete, StorageRead, StorageWrite]` | `[StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | diff --git a/modules/Microsoft.Synapse/workspaces/deploy.bicep b/modules/Microsoft.Synapse/workspaces/deploy.bicep index 7deb290a22..8aa4753b0d 100644 --- a/modules/Microsoft.Synapse/workspaces/deploy.bicep +++ b/modules/Microsoft.Synapse/workspaces/deploy.bicep @@ -112,8 +112,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'SynapseRbacOperations' 'GatewayApiRequests' 'BuiltinSqlReqsEnded' @@ -122,12 +123,7 @@ param diagnosticEventHubName string = '' 'IntegrationTriggerRuns' ]) param diagnosticLogCategoriesToEnable array = [ - 'SynapseRbacOperations' - 'GatewayApiRequests' - 'BuiltinSqlReqsEnded' - 'IntegrationPipelineRuns' - 'IntegrationActivityRuns' - 'IntegrationTriggerRuns' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') @@ -145,7 +141,7 @@ var identity = { userAssignedIdentities: !empty(userAssignedIdentitiesUnion) ? userAssignedIdentitiesUnion : null } -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -154,6 +150,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var enableReferencedModulesTelemetry = false resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { diff --git a/modules/Microsoft.Synapse/workspaces/readme.md b/modules/Microsoft.Synapse/workspaces/readme.md index 78b76ec7da..f0cbf2ec7b 100644 --- a/modules/Microsoft.Synapse/workspaces/readme.md +++ b/modules/Microsoft.Synapse/workspaces/readme.md @@ -52,7 +52,7 @@ This module deploys a Synapse Workspace. | `defaultDataLakeStorageCreateManagedPrivateEndpoint` | bool | `False` | | Create managed private endpoint to the default storage account or not. If Yes is selected, a managed private endpoint connection request is sent to the workspace's primary Data Lake Storage Gen2 account for Spark pools to access data. This must be approved by an owner of the storage account. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[BuiltinSqlReqsEnded, GatewayApiRequests, IntegrationActivityRuns, IntegrationPipelineRuns, IntegrationTriggerRuns, SynapseRbacOperations]` | `[BuiltinSqlReqsEnded, GatewayApiRequests, IntegrationActivityRuns, IntegrationPipelineRuns, IntegrationTriggerRuns, SynapseRbacOperations]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, BuiltinSqlReqsEnded, GatewayApiRequests, IntegrationActivityRuns, IntegrationPipelineRuns, IntegrationTriggerRuns, SynapseRbacOperations]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep index 5a27da3b21..eb8c681914 100644 --- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -95,18 +95,19 @@ param enableDefaultTelemetry bool = true @description('Optional. The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0.') param dedicatedHostCount int = -1 -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AppServiceEnvironmentPlatformLogs' ]) param diagnosticLogCategoriesToEnable array = [ - 'AppServiceEnvironmentPlatformLogs' + 'allLogs' ] @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -115,6 +116,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md index 362ef2eba1..954e1560b3 100644 --- a/modules/Microsoft.Web/hostingEnvironments/readme.md +++ b/modules/Microsoft.Web/hostingEnvironments/readme.md @@ -36,7 +36,7 @@ This module deploys an app service environment. | `dedicatedHostCount` | int | `-1` | | The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AppServiceEnvironmentPlatformLogs]` | `[AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | diff --git a/modules/Microsoft.Web/sites/deploy.bicep b/modules/Microsoft.Web/sites/deploy.bicep index d3eb91c50b..486a2fb8d9 100644 --- a/modules/Microsoft.Web/sites/deploy.bicep +++ b/modules/Microsoft.Web/sites/deploy.bicep @@ -107,8 +107,9 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The name of logs that will be streamed.') +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') @allowed([ + 'allLogs' 'AppServiceHTTPLogs' 'AppServiceConsoleLogs' 'AppServiceAppLogs' @@ -142,7 +143,7 @@ param diagnosticSettingsName string = '${name}-diagnosticSettings' // =========== // // Variables // // =========== // -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { category: category enabled: true retentionPolicy: { @@ -151,6 +152,17 @@ var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { } }] +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { category: metric timeGrain: null diff --git a/modules/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md index fa55456e0d..3bf3591346 100644 --- a/modules/Microsoft.Web/sites/readme.md +++ b/modules/Microsoft.Web/sites/readme.md @@ -43,7 +43,7 @@ This module deploys a web or function app. | `clientAffinityEnabled` | bool | `True` | | If client affinity is enabled. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` | `[AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` | The name of logs that will be streamed. | +| `diagnosticLogCategoriesToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` | `[allLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | | `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | | `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. |