Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:qnd:azure_monitoring_and_logging [2022/08/11 20:30] – mgupton | azure:qnd:azure_monitoring_and_logging [2022/08/31 19:53] (current) – mgupton | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Azure Monitoring and Logging ====== | ====== Azure Monitoring and Logging ====== | ||
| + | #logging #auditing | ||
| + | |||
| Azure **Platform Logs** includes Resource Logs, Activity Logs, and AAD logs. | Azure **Platform Logs** includes Resource Logs, Activity Logs, and AAD logs. | ||
| * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource | * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource | ||
| - | * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault | + | * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage, that is, operations performed within resources. |
| * **Activity Logs** are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else. | * **Activity Logs** are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else. | ||
| - | | + | * There is basic log search capabilities in the portal. For more advanced search capabilities with KQL the logs must be exported to a //Log Analytics Workspace// |
| + | | ||
| + | * Through **Diagnostic Settings** logs can be sent to one of the following: | ||
| + | * Log Analytics Workspace | ||
| + | * Event Hub | ||
| + | * Azure Storage | ||
| + | * 3rd party partner integration | ||