Problem
The Diagnostic Settings blade in Azure Monitor provides a list of all your Azure platform resources with the status of the diagnostic setting, whether “enabled” or “disabled”. This is a great way to validate your diagnostic settings but creating diagnostic settings is a painful experience. For each resource, you have to open a configuration blade, create diagnostic setting name, choose logs and / or metrics, and save the configuration.
Solution
Follow the steps below to run my script to create a diagnostic setting for each supported Azure resource in your subscription. Every log and / or metric for the resource will be enabled. If a current diagnostic setting exists but isn’t fully enabled, it will be removed and replaced with a new diagnostic setting.
Prerequisite: Log Analytics Workspace (this is my preferred option for storing log and metric data)
- Download the Set-AzureResourceDiagnostics.ps1 script from my GitHub repo
- Open PowerShell
- Login to your Azure subscription
Connect-AzAccount -Subscription <Subscription ID> - Set your console location to the directory where you stored the script
Set-Location <Path to script folder>- Call the script
.\Set-AzureResourceDiagnostics.ps1 -WorkspaceResourceId <Resource ID for Log Analytics Workspace>Explanation
Earlier this year I was meeting with a customer that complained about the manual steps in creating diagnostic settings for Azure resources. This feedback peeked my interested and I decided to create a script to see if I could solve the problem. In the steps below, I will explain my code to easily create diagnostic settings for all the supported Azure resources. I have used this in my lab without any issues,
- Get Azure resources and loop through them
The first cmdlet will get all the Azure resources within your subscription. There is no way to determine which resources support diagnostic settings or those that do not. You will see later in the code how deal with resources that do not support diagnostic settings. Then there is a foreach loop to loop through all the Azure resources.
$Resources = Get-AzResource
foreach($Resource in $Resources)
{
...
}- Check current diagnostic settings
The first few lines inside the foreach loop check the status of the diagnostic settings and remove them if the logs and / or metrics are not fully enabled. The Get-AzDiagnosticSetting cmdlet is used to check the diagnostic setting status. Then there is a condition to see if all the settings are enabled. If any of the logs and / or metrics are not enabled, the Remove-AzDiagnosticSetting cmdlet is used to removed the diagnostic setting.
$Status = Get-AzDiagnosticSetting -ResourceId $Resource.Id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
if($Status.Logs.Enabled -contains $false -or $Status.Metrics.Enabled -contains $false)
{
Remove-AzDiagnosticSetting -ResourceId $Resource.Id -Verbose -WarningAction SilentlyContinue
}- Conditionally add a diagnostic setting
In the remaining code, the first line is a condition that checks to see if the diagnostic setting was never configured or if it was partially configured. If true, a diagnostic setting is created that enables all logs and / or metrics for a Log Analytics Workspace. Since not all resources support diagnostic settings, there are two catch blocks. The first catch block targets a “PSInvalidOperationException” exception. This exception is triggered when a resource does not support a diagnostic setting and will write a message to the console stating that. Any other errors will be caught in the second catch block, where the full error will be output to the console and the script will terminate.
if($Status -eq $null -or $Status.Logs.Enabled -contains $false -or $Status.Metrics.Enabled -contains $false)
{
try
{
Set-AzDiagnosticSetting -ResourceId $Resource.Id -Name ('diag-' + $Resource.Name) -Enabled $true -WorkspaceId $WorkspaceResourceId -ExportToResourceSpecific -Verbose -WarningAction SilentlyContinue -ErrorAction Stop
}
catch [System.Management.Automation.PSInvalidOperationException]
{
Write-Host "$($Resource.Name) does not support Diagnostic Settings"
}
catch
{
$_ | Select-Object *
}
}That’s it for the script. If you want to test this on one resource or a few of one resource type, then update the first cmdlet (Get-AzResource) to target a specific resource or resources. This code falls under the MIT license so use at your own risk. Please leave a comment if you found this script useful.
Jason Masten 
Doesn’t work. It just says all resources don’t support Diagnostic Settings
LikeLike
The script works as intended and I validated it just now in my own subscription. If the resource or resources do not support diagnostic settings, then you will see the “The resource type ‘blah’ does not support diagnostic settings.” error which I stated in my blog entry. I have a catch block specifically for that error. Please ensure you are validating the configuration changes in the Diagnostic Settings blade in Azure Monitor, not on the individual resources. It’s the not the same thing for some resources, like Azure Virtual Machines.
LikeLike
Is there a way to take this slightly further and set the event hub settings for example.
LikeLike