Ensure that a Log Profile exists
Enable log profile for exporting activity logs.
Risk Level: Low
Cloud Entity: Log Profile
CloudGuard Rule ID: D9.AZU.LOG.07
Covered by Spectral: No
Category: Global
GSL LOGIC
List<LogProfile> should have items
REMEDIATION
From Portal
- Go to Activity log
- Click on Export
- Configure the Diagnostic settings
- Click on Save
From TF
Set the 'name', 'category', 'location' arguments under 'azurerm_monitor_log_profile' as below:
resource "azurerm_monitor_log_profile" "example" {
..
name = "default"
categories = "Delete/Action/Write"
locations = "LIST_OF_REGIONS"
..
}
From Command Line
Run
az monitor log-profiles create --categories CATEGORY --days NUMBEROFDAYS --enabled true --location LOCATION --locations LIST_OF_REGIONS --name MYLOGPROFILE --storage-account-id STORAGEACCOUNTID
References
- https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#work-with-legacy-settings
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile#name
- https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=cli
- https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-create
Log Profile
The Azure activity log captures control/management activities performed on a subscription. By default, the Azure Portal retains activity logs only for 90 days. The Log Profile defines the type of events that are stored or streamed and the outputs���storage account and/or event hub. The Log Profile, if configured properly, can ensure that all activity logs are retained for longer dur
Compliance Frameworks
- Azure CloudGuard Best Practices
- Azure ITSG-33
Updated over 1 year ago