Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:qnd:azure_monitoring_and_logging [2022/08/11 19:56] – ↷ Page name changed from azure:qnd:azure_logging to azure:qnd:azure_monitoring_and_logging mgupton | azure:qnd:azure_monitoring_and_logging [2022/08/31 19:53] (current) – mgupton | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Azure Logging ====== | + | ====== Azure Monitoring and Logging ====== |
| + | #logging #auditing | ||
| + | |||
| + | Azure **Platform Logs** includes Resource Logs, Activity Logs, and AAD logs. | ||
| * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource | * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource | ||
| - | * **Diagnostic Logs** are resource-level data access plane logs, for example, getting a key from a key vault | + | * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage, that is, operations performed within resources. |
| + | * **Activity Logs** are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else. | ||
| + | * There is basic log search capabilities in the portal. For more advanced search capabilities with KQL the logs must be exported to a //Log Analytics Workspace// | ||
| + | * **Resource Logs** are automatically generated, but they must be explicitly configured to be sent somewhere, using **Diagnostic settings**, before they are available for access | ||
| + | * Through **Diagnostic Settings** logs can be sent to one of the following: | ||
| + | * Log Analytics Workspace | ||
| + | * Event Hub | ||
| + | * Azure Storage | ||
| + | * 3rd party partner integration | ||