Differences

This shows you the differences between two versions of the page.

--- azure:qnd:azure_monitoring_and_logging [2022/08/14 18:24] – mgupton
+++ azure:qnd:azure_monitoring_and_logging [2022/08/31 19:53] (current) – mgupton
@@ Line 1: / Line 1: @@
 ====== Azure Monitoring and Logging ======
+#logging #auditing
 Azure **Platform Logs** includes Resource Logs, Activity Logs, and AAD logs.
   * **Activity Logs** are subscription-level control plane logs, for example, creating a key vault resource
-  * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage.
+  * **Resource Logs** (previously known as **Diagnostic Logs**) are resource-level data access plane logs, for example, getting a key from a key vault. These are events related to resource usage, that is, operations performed within resources.
   * **Activity Logs** are automatically generated and available. There is a hard limit of 90 day retention, unless they logs are forward somewhere else.
+      * There is basic log search capabilities in the portal. For more advanced search capabilities with KQL the logs must be exported to a //Log Analytics Workspace//.
   * **Resource Logs** are automatically generated, but they must be explicitly configured to be sent somewhere, using **Diagnostic settings**, before they are available for access
   * Through **Diagnostic Settings** logs can be sent to one of the following: