remove-azdiagnosticsetting powershell script
<#
.Synopsis
A script used to remove the Diagnostic Settings for a particular Azure Resource
.DESCRIPTION
A script used to remove the Diagnostic Settings for a particular Azure Resource,
As part of the removal process, the report will log the following information:
- Diagnostic Settings Name
- Azure Resource Name
- Removal Status
- Storage account Name
- Log Analytics Workspace
- Event Hub Namespace
.Notes
Created : 2020-11-30
Version : 1.0
Author : Charbel Nemnom
Twitter : @CharbelNemnom
Blog : https://charbelnemnom.com
Disclaimer: This script is provided "AS IS" with no warranties.
#>
#! Login with Connect-AzAccount if NOT using Cloud Shell
Connect-AzAccount
#! Enter Azure Resource Type
Do { $resourceType = Read-Host "`nEnter the Azure Resource Type as the following example: applicationgateways " } `
while (!$resourceType)
#! Get all Azure Subscriptions
$azSubs = Get-AzSubscription
#! Loop through all Azure Subscriptions
foreach ($azSub in $azSubs) {
Set-AzContext $azSub.id | Out-Null
#! Set array
$azlogs = @()
#! Get all Azure resources deployed in each Subscription for a particular Resource Type
$azResources = Get-AZResource | Where-Object {$_.ResourceType.split('/')[-1] -eq "$resourceType"}
#! Get all Azure resources which have Diagnostic settings enabled for a particular resource Type
foreach ($azResource in $azResources) {
$resourceId = $azResource.ResourceId
$azDiagSettings = Get-AzDiagnosticSetting -ResourceId $resourceId | Where-Object {$_.Id -ne $NULL}
foreach ($azDiag in $azDiagSettings) {
If ($azDiag.StorageAccountId) {
[string]$storage = $azDiag.StorageAccountId
[string]$storageAccount = $storage.Split('/')[-1]
}
If ($azDiag.WorkspaceId) {
[string]$workspace = $azDiag.WorkspaceId
[string]$logAnalytics = $workspace.Split('/')[-1]
}
If ($azDiag.EventHubAuthorizationRuleId) {
[string]$eHub = $azDiag.EventHubAuthorizationRuleId
[string]$eventHub = $eHub.Split('/')[-3]
}
#! Remove diagnostic settings for the particular resource
[string]$azDiagid = $azdiag.id -replace "(?=/providers/microsoft.insights).*"
$removeDiag = Remove-AzDiagnosticSetting -ResourceId $azDiagid -Name $azDiag.Name
if (!$removeDiag) {
$removeDiag = New-Object pscustomobject
$removeDiag | Add-Member -NotePropertyName StatusCode -NotePropertyValue "ErrorResponseException"
}
#! Create log
$azlogs += @($("Diagnostic setting name: " + $azDiag.Name), ("Azure Resource name: " + $azResource.Name), `
("Removal Status: " + $removeDiag.StatusCode), ("Storage Account Name: " + $storageAccount), `
("Log Analytics workspace: " + $logAnalytics), ("Event Hub Namespace: " + $eventHub) )
$azlogs += @(" ")
}
}
#! Save remove Diagnostic settings report for each Azure Subscription
$azSubName = $azSub.Name
$azlogs > .\$azSubName.txt
}