Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A script that will enable diagnostics on network security groups. This will add the logs to a specific storage account.
Param
(
[string]$StorageAccountName,
[string]$StorageAccountResourceGroup
)
try
{
$ErrorActionPreference = "Stop"
$Error.Clear()
$StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $StorageAccountResourceGroup -Name $StorageAccountName
$NetworkSecurityGroups = Get-AzureRmNetworkSecurityGroup
foreach ($NetworkSecurityGroup in $NetworkSecurityGroups)
{
$DiagnosticSettings = Get-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id
if ($DiagnosticSettings.StorageAccountId -eq $null)
{
if($NetworkSecurityGroup.ResourceGroupName.Contains($StorageAccountResourceGroup))
{
Set-AzureRmDiagnosticSetting -ResourceId $NetworkSecurityGroup.Id -StorageAccountId $StorageAccount.Id -Enabled $true -Categories 'NetworkSecurityGroupEvent','NetworkSecurityGroupRuleCounter'
}
}
}
}
catch
{
Write-Output $Error
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.