本文介绍了针对特定NSG规则MACD的活动监视器警报的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个NSG,我需要监控入站或出站规则的任何更改。我已经尝试了预先安装的NSG更新/修改警报类型,但这似乎没有捕获NSG规则更新。从活动日志中,我可以看到我对单个NSG
规则的更改,并为该特定规则创建警报,但这无助于我立即监控所有规则或创建的任何新规则。
我在网上找到了一个ARM模板,可以提醒我任何NSG规则的变化,但我只想提醒一个特定的NSG。我为我创建的警报导出了JSON来监视一个特定的规则,并尝试将两个模板混合在一起制作一些
,它可以满足我的需要,但我没有太多运气。
以下是警告任何NSG规则更改的模板:
{
" $ schema":" https: //schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ;,
" contentVersion":" 1.0.0.0",
" parameters" :{
" activityLogAlertName":{
" type":" string",
" metadata":{
" description":" Unique name(在资源组内)用于活动日志警报。
}
},
" activityLogAlertEnabled" ;: {
" type":" bool",
" defaultValue":true,
"元数据":{
" description":"指示警报是否已启用。
}
},
" actionGroupResourceId" ;: {
" type":" string",
" metadata":{
" ; description":"Action Group的Resource Id。"
}
}
},
" resources" ;: [
{
" type":" Microsoft.Insights / activityLogAlerts",
"apiVersion":""2017-04-01",
" name":" [parameters('activityLogAlertName')]",
" location":"全球",
" properties":{
" enabled":" [parameters('activityLogAlertEnabled')]",
" scopes":[
" ; [订阅()的id] QUOT;
],
" condition" ;: {
" allOf":[
{
" field":" category",
" ; equals":" Administrative"
},
{
" field":" operationName",
" equals":" Microsoft.Network/networkSecurityGroups/securityRules/write"
},
{
" field":" resourceType",
" equals":" Microsoft.Network/networkSecurityGroups/securityRules"
}
]
},
" actions":{
" actionGroups":
[
{
" ; actionGroupId":" [parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
这里是警告一个特定NSG规则的模板:
{
" $ schema":" https: //schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ;,
" contentVersion":" 1.0.0.0",
" parameters" :{
" activityLogAlertName":{
" type":" string",
" metadata":{
" description":" Unique name(在资源组内)用于活动日志警报。
}
},
" activityLogAlertEnabled" ;: {
" type":" bool",
" defaultValue":true,
"元数据":{
" description":"指示警报是否已启用。
}
},
" actionGroupResourceId" ;: {
" type":" string",
" metadata":{
" ; description":"Action Group的Resource Id。"
}
}
},
" resources" ;: [
{
" type":" Microsoft.Insights / activityLogAlerts",
"apiVersion":""2017-04-01",
" name":" [parameters('activityLogAlertName')]",
" location":"全球",
" properties":{
" enabled":" [parameters('activityLogAlertEnabled')]",
" scopes":[
" ; [订阅()的id] QUOT;
],
" condition" ;: {
" allOf":[
{
" containsAny":null,
" equals" :"管理","
"字段":"category"和"category"。
},
{
" containsAny":null,
" equals":" / subscriptions /< removed> /resourceGroups/RG_Test/providers/Microsoft.Network / networkSecurityGroups / NSG_TEST / securityRules / NSG_TEST_RULE",
" field":" resourceId"
},
{
" containsAny":null,
" equals":" Microsoft.Network/networkSecurityGroups/securityRules/write",
" field":" operationName"
},
{
" containsAny":null,
" equals":" informational",
" field":" level"
},
{
" containsAny":null,
" equals":" Succeeded",
" field":" status"
}
]
},
" actions":{
" actionGroups":
[
{
" ; actionGroupId":" [parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
有人可以帮我组建一个ARM模板,它会提醒我某个特定NSG的入站或出站规则更改(新建,修改,删除)吗?
解决方案
这篇关于针对特定NSG规则MACD的活动监视器警报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!