azure:qnd:azure_monitoring_and_logging

Azure Monitoring and Logging

#logging #auditing

Azure Platform Logs includes Resource Logs, Activity Logs, and AAD logs.

  • Activity Logs are subscription-level control plane logs, for example, creating a key vault resource
  • Resource Logs (previously known as Diagnostic Logs) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage, that is, operations performed within resources.
  • Activity Logs are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else.
    • There is basic log search capabilities in the portal. For more advanced search capabilities with KQL the logs must be exported to a Log Analytics Workspace.
  • Resource Logs are automatically generated, but they must be explicitly configured to be sent somewhere, using Diagnostic settings, before they are available for access
  • Through Diagnostic Settings logs can be sent to one of the following:
    • Log Analytics Workspace
    • Event Hub
    • Azure Storage
    • 3rd party partner integration
  • azure/qnd/azure_monitoring_and_logging.txt
  • Last modified: 2022/08/31 19:53
  • by mgupton