Description:
Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.
Rationale:
A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.
Impact:
By enabling Diagnostic settings, it can be used to send metrics for certain Azure services into Azure Monitor Logs for analysis with other monitoring data using log queries with certain limitations.
Default Value:
By default, the diagnostic setting is not set.
Audit:
From Azure Console
- Search for Monitor
- Click on Activity Log
Go to Diagnostics settings
Ensure that a Diagnostic status is enabled on all appropriate resources.
Remediation:
From Azure Console
Search for Monitor
Click on Activity Log
- Go to Diagnostics Settings
- Select Add Diagnostic Settings
Enter a Diagnostic setting name
Select the appropriate log, metric, and destination. (This may be Log Analytics/Storage account or Event Hub)
Click save
Repeat these steps for all resources as needed.
Backout Plan:
Search for Monitor
Click on Activity Log
Select Diagnostic Settings
Click on Edit setting of defined Diagnostic setting
Click delete