Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MLZ: Add diagnostic setting for Bastion #683

Closed
brooke-hamilton opened this issue Mar 3, 2022 · 2 comments · Fixed by #1086
Closed

MLZ: Add diagnostic setting for Bastion #683

brooke-hamilton opened this issue Mar 3, 2022 · 2 comments · Fixed by #1086
Assignees
@jayhaddad
Labels
bicep Related to Bicep code core New feature or request

Comments

@brooke-hamilton
Copy link
Contributor

Benefit/Result/Outcome

So that an IT Admin can view audit logs and metrics from the Log Analytics workspace and have the data archived in storage to improve SCCA compliance.

Description

Azure Bastion can have a diagnostic setting added similar to other diagnostic settings created by MLZ.

Acceptance Criteria

A diagnostic setting is deployed with Azure Bastion that has the following properties:

  • "BastionAuditLogs" are collected
  • "AllMetrics" are collected
  • "Send to Log Analytics Workspace" is selected and the MLZ operations tier workspace is specified.
  • "Archive to a storage account" is selected and the storage account for logs in the hub resource group is specified.

See Also

https://docs.microsoft.com/en-us/azure/bastion/diagnostic-logs
@brooke-hamilton brooke-hamilton added the core New feature or request label Mar 3, 2022
@lisamurphy-msft lisamurphy-msft self-assigned this Apr 8, 2022
@lisamurphy-msft
Copy link
Contributor

lisamurphy-msft commented Apr 13, 2022
edited
Loading

Wondering why this is not specifying adding the logs to a Log Analytics Workspace, which is deployed with MissionLZ. Having a more centralized location for audit logs is more ideal.
Also not seeing a clear path forward on using the Microsoft.Network/bastionHosts documentation on how to enable this programmatically through bicep

@lisamurphy-msft lisamurphy-msft removed their assignment Apr 18, 2022
@ruandersMSFT
Copy link

Configuration is completed by using Microsoft.Insights/diagnosticSettings as a scoped extension to the Bastion Resource.

@jamasten jamasten added the bicep Related to Bicep code label Jan 24, 2024
@jamasten jamasten changed the title Add diagnostic setting for Bastion MLZ: Add diagnostic setting for Bastion Feb 13, 2024
@jamasten jamasten added this to the March 2024 Sprint milestone Mar 11, 2024
@jamasten jamasten removed this from the March 2024 Sprint milestone Mar 29, 2024
@jayhaddad jayhaddad self-assigned this May 3, 2024
@jayhaddad jayhaddad linked a pull request Sep 9, 2024 that will close this issue
Configure diagnostic logs LAW,Bastion and update sentinel ui def #1086
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jayhaddad jayhaddad

Labels
bicep Related to Bicep code core New feature or request
Projects
No open projects
Mission Landing Zone 2022
Status: Current Backlog
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Configure diagnostic logs LAW,Bastion and update sentinel ui def Azure/missionlz
5 participants
@ruandersMSFT @jayhaddad @brooke-hamilton @jamasten @lisamurphy-msft