Azure Monitor: Get All Diagnostic Settings

By:
On:
In: General
With: 0 Comments 


$Subs = Get-AzSubscription
# Set array
$DiagResults = @()
# Loop through all Azure Subscriptions
foreach ($Sub in $Subs) {
Set-AzContext $Sub.id | Out-Null
Write-Host "Processing Subscription:" $($Sub).name
# Get all Azure resources for current subscription
$Resources = Get-AZResource -ExpandProperties -ResourceType microsoft.insights/components
# Get all Azure resources which have Diagnostic settings enabled and configured
foreach ($res in $Resources) {
$resId = $res.ResourceId
If ( $res.Type -match "microsoft.insights/components" ) {
# Write-Host $res.Type
}else {
continue
}
#Write-Host $res.Properties.IngestionMode
#Write-Host $resId
$DiagSettings = Get-AzDiagnosticSetting -ResourceId $resId -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Where-Object { $_.Id -ne $null }
#Write-Host $DiagSettings
foreach ($diag in $DiagSettings) {
#Write-Host $diag
[string]$StorageAccountId = ""
[string]$storageAccountName = ""
[string]$EventHubName = ""
[string]$WorkspaceId = ""
[string]$WorkspaceName = ""
[string]$EventHubId = ""
If ($diag.StorageAccountId) {
[string]$StorageAccountId= $diag.StorageAccountId
[string]$storageAccountName = $StorageAccountId.Split('/')[-1]
}
If ($diag.EventHubAuthorizationRuleId) {
[string]$EventHubId = $diag.EventHubAuthorizationRuleId
[string]$EventHubName = $EventHubId.Split('/')[-3]
}
If ($diag.WorkspaceId) {
[string]$WorkspaceId = $diag.WorkspaceId
[string]$WorkspaceName = $WorkspaceId.Split('/')[-1]
}
# Store all results for resource in PS Object
$item = [PSCustomObject]@{
ResourceName = $res.name
ResourceGroup = $res.ResourceGroupName
IngestionMode=$res.Properties.IngestionMode
DiagnosticSettingsName = $diag.name
StorageAccountName = $StorageAccountName
EventHubName = $EventHubName
WorkspaceName = $WorkspaceName
# Extracting delatied porerties into string format.
Metrics = ($diag.Metrics | ConvertTo-Json -Compress | Out-String).Trim()
Logs = ($diag.Logs | ConvertTo-Json -Compress | Out-String).Trim()
Subscription = $Sub.Name
ResourceId = $resId
DiagnosticSettingsId = $diag.Id
StorageAccountId = $StorageAccountId
EventHubId = $EventHubId
WorkspaceId = $WorkspaceId
}
Write-Host $item
# Add PS Object to array
$DiagResults += $item
}
}

}

# Save Diagnostic settings to CSV as tabular data
$DiagResults | Export-Csv -Force -Path ".\AzureResourceDiagnosticSettings-$(get-date -f yyyy-MM-dd-HHmm).csv"
Write-Host 'The array $DiagResults can be used to further refine results within session.'
Write-Host 'eg. $DiagResults | Where-Object {$_.WorkspaceName -like "LAW-LOGS01"}'

Leave a Reply

Your email address will not be published. Required fields are marked *