November 11, 2018

What are the different types of logs generated in Azure which helps in Monitoring Azure resources?

By Aavisek Choudhury Azure Monitoring 0 Comments

There are lots of different types of logs generated in Azure, it’s very much confusing when you don’t know which logs to use for monitoring your resources and how to access them. Logs contain different kinds of data organized into records with different sets of properties for each type. Logs can contain numeric values like metrics but typically contain text data with detailed descriptions. They further differ from metrics in that they vary in their structure and are often not collected at regular intervals.

Types of logs generated in Azure

There are 20 different types of logs currently generated in Azure and there are different ways to access them. Please find the table to understand the different types of logs generated in Azure and their types, supported services and method of access.

As per Microsoft docs, please find the different sources of logs generated in Azure in this below table.

Data type / Source	Category	Supported Services	Methods of access
Azure Monitor platform-level metrics	Metrics	See list here	REST API: Azure Monitor Metric API Storage blob or event hub:Diagnostic Settings
Compute guest OS metrics (eg. perf counters)	Metrics	Windows and Linux Virtual Machines (v2), Cloud Services, Service Fabric	Storage table or blob:Windows or Linux Azure diagnostics Event hub: Windows Azure diagnostics
Custom or application metrics	Metrics	Any application instrumented with Application Insights	REST API: Application Insights REST API
Storage metrics	Metrics	Azure Storage	Storage table: Storage Analytics
Billing data	Metrics	All Azure services	REST API: Azure Resource Usage and RateCard APIs
Activity Log	Events	All Azure services	REST API: Azure Monitor Events API Storage blob or event hub:Log Profile
Azure Monitor Diagnostic Logs	Events	See list here	Storage blob or event hub:Diagnostic Settings
Compute guest OS logs (eg. IIS, ETW, syslogs)	Events	Windows and Linux Virtual Machines (v2), Cloud Services, Service Fabric	Storage table or blob:Windows or Linux Azure diagnostics Event hub: Windows Azure diagnostics
App Service logs	Events	App services	File, table, or blob storage:Web app diagnostics
Storage logs	Events	Azure Storage	Storage table: Storage Analytics
Security Center alerts	Events	Azure Security Center	REST API: Security Alerts
Active Directory reporting	Events	Azure Active Directory	REST API: Azure Active Directory graph API
Security Center resource status	Status	All supported resources	REST API: Security Statuses
Resource Health	Status	Supported services	REST API: Resource health REST API
Azure Monitor metric alerts	Notifications	See list here	Webhook: Azure metric alerts
Azure Monitor Activity Log alerts	Notifications	All Azure services	Webhook: Azure Activity Log alerts
Autoscale notifications	Notifications	See list here	Webhook: Autoscale notification webhook payload schema
Log Search Query alerts	Notifications	Log Analytics	Webhook: Webhook action for log alert rules
Application Insights metric alerts	Notifications	Application Insights	Webhook: Application Insights alerts
Application Insights web tests	Notifications	Application Insights	Webhook: Application Insights alerts

Table: Showing types of Azure Logs

Now let’s see one of the most important log which is the Activity Log.

What is Activity Log in Azure?

The Azure Activity Log is a subscription log that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as “Audit Logs” or “Operational Logs,” since the Administrative category reports control-plane events for your subscriptions. Using the Activity Log, you can determine the ‘what, who, and when’ for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. The Azure Activity Log is primarily for activities that occur in Azure Resource Manager. You can retrieve events from your Activity Log using the Azure portal, CLI, PowerShell cmdlets, and Azure Monitor REST API.

Here is a diagram from Microsoft which shows what you can do with Azure Activity Log.

From July 2018, activity alert experience can be triggered by Unified Alerting. A new unified alert experience that enables you to manage alerts from multiple subscriptions and introduces alert states and smart groups is currently available in public preview.

In my next post, I will write about the unified alert monitor in the Azure Portal with a detail use case. Azure monitoring is becoming so vast that you need enough time to become experts in the field of monitoring and alerting. I will publish all my findings in my blog which may help you to get some experience near future. In the new beta exam syllabus of AZ 300 also Microsoft has introduced a new chapter for analyzing resource utilization and consumption.

That’s all for today. You have a good day ahead.

Picture Credit: Pexels.com

Post Views: 11,984

0.00 avg. rating (0% score) - 0 votes