Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Firewall - Policy to deploy diagnostic settings for Firewall to Log Analytics workspace - missing 'Azure Firewall Flow Trace Log' category #1117

Closed
chrholt opened this issue Nov 14, 2022 · 1 comment · Fixed by #1119
Closed

Azure Firewall - Policy to deploy diagnostic settings for Firewall to Log Analytics workspace - missing 'Azure Firewall Flow Trace Log' category #1117

chrholt opened this issue Nov 14, 2022 · 1 comment · Fixed by #1119
Assignees
@jtracey93
Labels
enhancement New feature or request policy Status: Fixed

Comments

@chrholt
Copy link
Contributor

chrholt commented Nov 14, 2022
edited
Loading

Versions

Module: ALZ v2.4.1
terraform-azurerm-caf-enterprise-scale/blob/main/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_firewall.json

Description

There is missing a category for Azure Firewall diagnostic settings policy. The missing category is Azure Firewall Flow Trace Log

This category needs to be added or replace all with category group allLogs. The Azure Firewall resources which this policy deploys diagnostics settings to will never be compliant due to a mismatch between existenceCondition and what the policy actually deploys.

Screenshots
azfw_policy_compliance_state
policy_definition
diagnostic_setting
@chrholt chrholt added the bug Something isn't working label Nov 14, 2022
@ghost ghost added the Needs: Triage 🔍 Needs triaging by the team label Nov 14, 2022
@jtracey93 jtracey93 mentioned this issue Nov 14, 2022
Merged
6 tasks
@jtracey93 jtracey93 linked a pull request Nov 14, 2022 that will close this issue
Add AZFWFlowTrace category for AzFW #1119
Merged
6 tasks
@jtracey93 jtracey93 self-assigned this Nov 15, 2022
@jtracey93 jtracey93 added enhancement New feature or request policy and removed bug Something isn't working Needs: Triage 🔍 Needs triaging by the team labels Nov 15, 2022
@jtracey93
Copy link
Collaborator

Working on adding this new category in PR #1119 hopefully will be merged here later today

@ghost ghost added the Status: Fixed label Nov 15, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Dec 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jtracey93 jtracey93

Labels
enhancement New feature or request policy Status: Fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add AZFWFlowTrace category for AzFW Azure/Enterprise-Scale
2 participants
@chrholt @jtracey93