-
Notifications
You must be signed in to change notification settings - Fork 964
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: regional setup for monitoring #1716
Comments
Thanks @steph409! Great feedback. Will discuss on our next leads call and let you know the outcome, as it looks like this will need some validation and updates to guidance. |
Hi @steph409. There isn't a pretty or easy way to implement this, however it is possible. |
Hi @Springstone, I don't think it is possible to have one management group, in which only the resources of one region are. Let's say we have a connectivity subscription, where we deploy a vWAN. vWAN typically has hubs, which are in different regions. As far as I am aware, it is not possible to create the vWAN in one subscription, but the Hubs in other subscriptions and associate them to the vWAN. Now if my users connect to Azure using vWAN P2S. Let's say I want to write those logs to regional workspaces - would this be possible with your solution? If yes how? |
vWAN HUBs are kept within the same RG/Sub as the vWAN. But you can have different diagnostic logs per vHUB - so you can send your Region A to Log Analytics A and Region B to Log Analytics B - See this article: |
Resource Selectors on assignments are a good fit here https://learn.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#resource-selectors |
Describe the solution you'd like
Many scenarios, e.g. regulatory or data compliance requirements, require a more finegranular approach to logging. For instance, logs from EU should be stored in europe, while logs from US should be stored in US. It would be great, if enterprise scale would support such scenarios. A big milestone was added lately, where the diagnostic logs initiative now has a parameter resourceLocationList to specify which logs should go to the log analytics workspace.
This concept should be extended to Azure Monitor (using datacollection rules) and azure activity logs.
Activity logs are often most critical, as they contain PII. Is it possible to configure activity logs to stream to a specific LAW depending on the region the resource is in? Would you then set the activity log setting on each resource rather than on subscription level? What are the downsides from this?
Best regards,
Stephanie
The text was updated successfully, but these errors were encountered: