The active log retention is lower than 365 days

azure_active_log_retention

Severity

info

Vendor

Azure

Resource

IAM

Description

The active log retention is lower than 365 days. It is recommended to keep log retention active for more than 365 days.

To enable this you must configure the retention_policy with enabled=true and days a value greater than 365.

Learn more about this topic at Azure active log retention

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a log profile
      azure_rm_monitorlogprofile:
        name: myProfile
        location: eastus
        locations:
          - eastus
          - westus
        categories:
          - Write
          - Action
        retention_policy:
          enabled: False
          days: 1
        storage_account:
          resource_group: myResourceGroup
          name: myStorageAccount
      register: output

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a log profile
      azure_rm_monitorlogprofile:
        name: myProfile
        location: eastus
        locations:
          - eastus
          - westus
        categories:
          - Write
          - Action
        retention_policy:
          enabled: True
          days: 370
        storage_account:
          resource_group: myResourceGroup
          name: myStorageAccount
      register: output