Azurecloud~5 mins

Diagnostic settings for resources in Azure - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Diagnostic settings help you collect logs and metrics from your cloud resources. This lets you see what is happening inside your resources and fix problems quickly.

When you want to track how your virtual machines are performing over time.

When you need to collect logs from your storage accounts to check for access or errors.

When you want to send resource logs to a central place like a storage account or Log Analytics.

When you want to monitor your app services for errors and usage patterns.

When you want to keep a record of resource activity for security audits.

Config File - diagnostic-settings.json

diagnostic-settings.json

{
  "type": "Microsoft.Insights/diagnosticSettings",
  "apiVersion": "2021-05-01-preview",
  "name": "myResourceDiagnosticSetting",
  "properties": {
    "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Storage/storageAccounts/examplestorage",
    "workspaceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.OperationalInsights/workspaces/example-workspace",
    "logs": [
      {
        "category": "Administrative",
        "enabled": true,
        "retentionPolicy": {
          "enabled": false,
          "days": 0
        }
      },
      {
        "category": "Security",
        "enabled": true,
        "retentionPolicy": {
          "enabled": false,
          "days": 0
        }
      }
    ],
    "metrics": [
      {
        "category": "AllMetrics",
        "enabled": true,
        "retentionPolicy": {
          "enabled": false,
          "days": 0
        }
      }
    ]
  }
}

This JSON defines a diagnostic setting named myResourceDiagnosticSetting.

storageAccountId: Where logs are stored as files.

workspaceId: Where logs and metrics are sent for analysis.

logs: Lists which log categories to collect and if retention is enabled.

metrics: Lists which metrics to collect and retention policy.

Commands

This command creates a diagnostic setting for the virtual machine named example-vm. It sends logs to the storage account and workspace specified. It enables Administrative and Security logs and all metrics.

Terminal

az monitor diagnostic-settings create --resource /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm --name myResourceDiagnosticSetting --storage-account examplestorage --workspace example-workspace --logs '[{"category":"Administrative","enabled":true},{"category":"Security","enabled":true}]' --metrics '[{"category":"AllMetrics","enabled":true}]'

Expected OutputExpected

{ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm/providers/microsoft.insights/diagnosticSettings/myResourceDiagnosticSetting", "name": "myResourceDiagnosticSetting", "type": "Microsoft.Insights/diagnosticSettings" }

→

--resource - Specifies the full ID of the resource to monitor

→

--name - Names the diagnostic setting

→

--logs - Defines which log categories to collect

This command lists all diagnostic settings configured for the example-vm virtual machine. It helps verify the settings were applied.

Terminal

az monitor diagnostic-settings list --resource /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm

Expected OutputExpected

[ { "name": "myResourceDiagnosticSetting", "logs": [ { "category": "Administrative", "enabled": true }, { "category": "Security", "enabled": true } ], "metrics": [ { "category": "AllMetrics", "enabled": true } ] } ]

→

--resource - Specifies the resource to check

Key Concept

If you remember nothing else from this pattern, remember: diagnostic settings connect your resource to storage or analytics so you can see its logs and metrics.

Common Mistakes

Not specifying the full resource ID with --resource flag

The command fails because it does not know which resource to apply the diagnostic setting to.

Always provide the full resource ID path for the --resource flag.

Forgetting to enable specific log categories in the --logs flag

No logs are collected if categories are not enabled, so you get no data.

Specify the log categories you want to collect and set enabled to true.

Summary

Create diagnostic settings using az monitor diagnostic-settings create with resource ID, storage account, and log categories.

Verify diagnostic settings with az monitor diagnostic-settings list to ensure logs and metrics are enabled.

Diagnostic settings help collect logs and metrics from Azure resources for monitoring and troubleshooting.