PlagueHO · July 28, 2021 03:40
diff --git a/Get-AzLogAnalyticsWorkspaceSource.ps1 b/Get-AzLogAnalyticsWorkspaceSource.ps1
 #Requires -Modules @{ ModuleName = 'Az.Accounts'; ModuleVersion = '2.5.1' }
 #Requires -Modules @{ ModuleName = 'Az.Resources'; ModuleVersion = '4.2.0' }
 #Requires -Modules @{ ModuleName = 'Az.Compute'; ModuleVersion = '4.15.0' }
 #Requires -Modules @{ ModuleName = 'Az.OperationalInsights'; ModuleVersion = '2.3.0' }
 #Requires -Modules @{ ModuleName = 'Az.Aks'; ModuleVersion = '2.2.0' }

 <#
    .SYNOPSIS
        Returns an array Azure Log Analytics workspaces and the resources
        that send data to them.

    .DESCRIPTION
        This function loops through all the Azure subscriptions that the
        current Az session has access to and identifies all the Log
        Analytics workspace resources. For each workspace it then looks
        at the diagnostic settings or other resources (VMs etc) that are
        configured to send data to them.

        It will currently include:
        - Diagnostic Settings extension resources that are set to a Log Analytics workspace
        - AKS clusters that are enabled with Container Insights Addon
        - Virtual Machines with the Microsoft Monitoring Agent extension enabled

    .PARAMETER SubscriptionName
        The name of the subscription to limit the search to.
 #>
 [CmdletBinding()]
 param
 (
    [Parameter()]
    [System.String]
    $SubscriptionName
 )

 $subscriptions = Get-AzSubscription @PSBoundParameters
 $workspaceSources = @()

 foreach ($subscription in $subscriptions)
 {
    Write-Verbose -Message ('Selecting Azure Subscription {0}.' -f $subscription.Name)
    $null = $subscription | Select-AzSubscription

    # Add resources with Diagnostic Settings using Log Analytics Workspace
    $subscriptionResources = Get-AzResource

    foreach ($subscriptionResource in $subscriptionResources)
    {
        $diagnosticSettings = Get-AzDiagnosticSetting `
            -ResourceId $subscriptionResource.ResourceId `
            -WarningAction SilentlyContinue `
            -ErrorAction SilentlyContinue | Where-Object -FilterScript {
                $null -ne $_.Id -and $null -ne $_.WorkspaceId
            }

        foreach ($diagnosticSetting in $diagnosticSettings)
        {
            $workspaceId = $diagnosticSetting.WorkspaceId
            $workspaceSources += [PSCustomObject] @{
                Type = 'Microsoft.Insights/diagnosticSettings'
                Description = 'Resource Diagnostic Settings'
                ResourceId = $subscriptionResource.Id
                ResourceName = $subscriptionResource.Name
                SubscriptionName = $subscription.Name
                SubscriptionId = $subscription.Id
                DiagnosticSettingsName = $diagnosticSetting.Name
                WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
                WorkspaceId = $workspaceId
                Metrics = $diagnosticSetting.Metrics
                Logs = $diagnosticSetting.Logs
            }
        }
    }

    # Add AKS clusters using Log Analytics Workspace
    $aksClusterContainerInsights = Get-AzAksCluster

    foreach ($aksClusterContainerInsight in $aksClusterContainerInsights)
    {
        $workspaceId = $aksClusterContainerInsight.AddonProfiles.omsAgent.Config['logAnalyticsWorkspaceResourceID']
        $workspaceSources += [PSCustomObject] @{
            Type = 'Microsoft.ContainerService/ManagedClusters'
            Description = 'Container Insights'
            ResourceId = $aksClusterContainerInsight.Id
            ResourceName = $aksClusterContainerInsight.Name
            SubscriptionName = $subscription.Name
            SubscriptionId = $subscription.Id
            WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
            WorkspaceId = $workspaceId
        }
    }

    # Add Virtual Machines using Log Analytics Workspace
    $logAnalyticsWorkspaces = Get-AzOperationalInsightsWorkspace

    $virtualMachines = Get-AzVm

    foreach ($virtualMachine in $virtualMachines)
    {
        $vmMonitoringExtension = Get-AzVMExtension -ResourceGroupName $virtualMachine.ResourceGroupName -VMName $virtualMachine.Name -Name 'MicrosoftMonitoringAgent'
        if ($null -eq $vmMonitoringExtension)
        {
            Write-Warning -Message ('Guest OS in virtual machine {0} is not monitored by Log Analytics.' -f $virtualMachine.Name)
        }
        else
        {
            $extensionSettings = $vmMonitoringExtension.PublicSettings | ConvertFrom-Json
            $customerId = $extensionSettings.workspaceId
            $workspaceId = $logAnalyticsWorkspaces | Where-Object -FilterScript { $_.CustomerId -eq $customerId}
            $workspaceSources += [PSCustomObject] @{
                Type = 'Microsoft.EnterpriseCloud.Monitoring'
                Description = 'Virtual Machine MicrosoftMonitoringAgent'
                ResourceId = $virtualMachine.Id
                ResourceName = $virtualMachine.Name
                SubscriptionName = $subscription.Name
                SubscriptionId = $subscription.Id
                WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
                WorkspaceId = $workspaceId
            }
        }
    }
 }

 return $workspaceSources
	#Requires -Modules @{ ModuleName = 'Az.Accounts'; ModuleVersion = '2.5.1' }
	#Requires -Modules @{ ModuleName = 'Az.Resources'; ModuleVersion = '4.2.0' }
	#Requires -Modules @{ ModuleName = 'Az.Compute'; ModuleVersion = '4.15.0' }
	#Requires -Modules @{ ModuleName = 'Az.OperationalInsights'; ModuleVersion = '2.3.0' }
	#Requires -Modules @{ ModuleName = 'Az.Aks'; ModuleVersion = '2.2.0' }

	<#
	.SYNOPSIS
	Returns an array Azure Log Analytics workspaces and the resources
	that send data to them.

	.DESCRIPTION
	This function loops through all the Azure subscriptions that the
	current Az session has access to and identifies all the Log
	Analytics workspace resources. For each workspace it then looks
	at the diagnostic settings or other resources (VMs etc) that are
	configured to send data to them.

	It will currently include:
	- Diagnostic Settings extension resources that are set to a Log Analytics workspace
	- AKS clusters that are enabled with Container Insights Addon
	- Virtual Machines with the Microsoft Monitoring Agent extension enabled

	.PARAMETER SubscriptionName
	The name of the subscription to limit the search to.
	#>
	[CmdletBinding()]
	param
	(
	[Parameter()]
	[System.String]
	$SubscriptionName
	)

	$subscriptions = Get-AzSubscription @PSBoundParameters
	$workspaceSources = @()

	foreach ($subscription in $subscriptions)
	{
	Write-Verbose -Message ('Selecting Azure Subscription {0}.' -f $subscription.Name)
	$null = $subscription \| Select-AzSubscription

	# Add resources with Diagnostic Settings using Log Analytics Workspace
	$subscriptionResources = Get-AzResource

	foreach ($subscriptionResource in $subscriptionResources)
	{
	$diagnosticSettings = Get-AzDiagnosticSetting `
	-ResourceId $subscriptionResource.ResourceId `
	-WarningAction SilentlyContinue `
	-ErrorAction SilentlyContinue \| Where-Object -FilterScript {
	$null -ne $_.Id -and $null -ne $_.WorkspaceId
	}

	foreach ($diagnosticSetting in $diagnosticSettings)
	{
	$workspaceId = $diagnosticSetting.WorkspaceId
	$workspaceSources += [PSCustomObject] @{
	Type = 'Microsoft.Insights/diagnosticSettings'
	Description = 'Resource Diagnostic Settings'
	ResourceId = $subscriptionResource.Id
	ResourceName = $subscriptionResource.Name
	SubscriptionName = $subscription.Name
	SubscriptionId = $subscription.Id
	DiagnosticSettingsName = $diagnosticSetting.Name
	WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
	WorkspaceId = $workspaceId
	Metrics = $diagnosticSetting.Metrics
	Logs = $diagnosticSetting.Logs
	}
	}
	}

	# Add AKS clusters using Log Analytics Workspace
	$aksClusterContainerInsights = Get-AzAksCluster

	foreach ($aksClusterContainerInsight in $aksClusterContainerInsights)
	{
	$workspaceId = $aksClusterContainerInsight.AddonProfiles.omsAgent.Config['logAnalyticsWorkspaceResourceID']
	$workspaceSources += [PSCustomObject] @{
	Type = 'Microsoft.ContainerService/ManagedClusters'
	Description = 'Container Insights'
	ResourceId = $aksClusterContainerInsight.Id
	ResourceName = $aksClusterContainerInsight.Name
	SubscriptionName = $subscription.Name
	SubscriptionId = $subscription.Id
	WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
	WorkspaceId = $workspaceId
	}
	}

	# Add Virtual Machines using Log Analytics Workspace
	$logAnalyticsWorkspaces = Get-AzOperationalInsightsWorkspace

	$virtualMachines = Get-AzVm

	foreach ($virtualMachine in $virtualMachines)
	{
	$vmMonitoringExtension = Get-AzVMExtension -ResourceGroupName $virtualMachine.ResourceGroupName -VMName $virtualMachine.Name -Name 'MicrosoftMonitoringAgent'
	if ($null -eq $vmMonitoringExtension)
	{
	Write-Warning -Message ('Guest OS in virtual machine {0} is not monitored by Log Analytics.' -f $virtualMachine.Name)
	}
	else
	{
	$extensionSettings = $vmMonitoringExtension.PublicSettings \| ConvertFrom-Json
	$customerId = $extensionSettings.workspaceId
	$workspaceId = $logAnalyticsWorkspaces \| Where-Object -FilterScript { $_.CustomerId -eq $customerId}
	$workspaceSources += [PSCustomObject] @{
	Type = 'Microsoft.EnterpriseCloud.Monitoring'
	Description = 'Virtual Machine MicrosoftMonitoringAgent'
	ResourceId = $virtualMachine.Id
	ResourceName = $virtualMachine.Name
	SubscriptionName = $subscription.Name
	SubscriptionId = $subscription.Id
	WorkspaceName = ($workspaceId -Split '/')[($workspaceId -Split '/').Count -1]
	WorkspaceId = $workspaceId
	}
	}
	}
	}

	return $workspaceSources