Top / Microsoft Azure / Azure Monitor / Log Profile

Azure Monitor Log Profile

This page shows how to write Terraform and Azure Resource Manager for Monitor Log Profile and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_monitor_log_profile (Terraform)

The Log Profile in Monitor can be configured in Terraform with the resource name azurerm_monitor_log_profile. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

azurerm_activity_log_profile.tf#L1
resource "azurerm_monitor_log_profile" "allowed" {
  categories = [
    "Action",
    "Delete",
    "Write"
  ]
azurerm_activity_log_retention.tf#L1
resource "azurerm_monitor_log_profile" "allowed" {
  retention_policy {
    enabled = true
    days    = 365
  }
}

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for azurerm_monitor_log_profile

There are 2 settings in azurerm_monitor_log_profile that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable the activity retention log

It is better to enable the activity retention log to ensure that all the information required for an effective investigation is still available.

risk-label

Ensure to configure log profile to capture all activities

It is better to configure a log profile to capture all activities to ensure that all relevant information possible is available for the investigation.

Review your Azure Monitor settings

You can check if the azurerm_monitor_log_profile setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Log Profile. A Log Profile configures how Activity Logs are exported. -> NOTE: It's only possible to configure one Log Profile per Subscription. If you are trying to create more than one Log Profile, an error with StatusCode=409 will occur.

>> from Terraform Registry

Microsoft.Insights/logProfiles (Azure Resource Manager)

The logProfiles in Microsoft.Insights can be configured in Azure Resource Manager with the resource name Microsoft.Insights/logProfiles. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

log_profile_retention_infra.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountId": {
log_profile_all_categories_infra.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountId": {
log_profile_global_locations_infra.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "resources": [
azuredeploy.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
policy.json#L11
                "type": "Microsoft.Insights/logProfiles",
                "name": "default",
                "existenceScope": "subscription",
                "existenceCondition": {
                    "allOf": [
                        {
azuredeploy.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "eventHubSubscription" : {
monitorLogProfileCategories-FAILED.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
monitorLogProfileRetentionDays-FAILED.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
monitorLogProfileCategories-PASSED.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
monitorLogProfileRetentionDays-PASSED.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},

The Other Related Azure Monitor Resources

Frequently asked questions

What is Azure Monitor Log Profile?

Azure Monitor Log Profile is a resource for Monitor of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Monitor Log Profile?

For Terraform, the snyk-labs/infrastructure-as-code-goof and snyk-labs/infrastructure-as-code-goof source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the fugue/regula, fugue/regula and fugue/regula source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents