====== Azure Monitoring and Logging ======
#logging #auditing

Azure **Platform Logs** includes Resource Logs, Activity Logs, and AAD logs.

  * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource
  * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage, that is, operations performed within resources.

  * **Activity Logs** are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else.
      * There is basic log search capabilities in the portal. For more advanced search capabilities with KQL the logs must be exported to a //Log Analytics Workspace//.
  * **Resource Logs** are automatically generated, but they must be explicitly configured to be sent somewhere, using **Diagnostic settings**, before they are available for access
  * Through **Diagnostic Settings** logs can be sent to one of the following:
      * Log Analytics Workspace
      * Event Hub
      * Azure Storage
      * 3rd party partner integration