How to archive Microsoft activity logs efficiently ?

March 10, 2019

 

 

 

Introduction for this technology:

 

 

Through activity logs, you can determine:

  • the status of the operation

  • what operations were taken on the resources in your subscription

  • who started the operation

  • the values of other properties that might help you research the operation

  • when the operation occurred

 

The activity log contains all write operations (PUT, POST, DELETE) performed on your resources. It doesn't include read operations (GET). For a list of resource actions, see Azure Resource Manager Resource Provider operations. You can use the audit logs to find an error when troubleshooting or to monitor how a user in your organization modified a resource.

Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than 90 days in the past.

 

You can obtain information from the activity logs through the portal, PowerShell, Azure CLI, Insights REST API, or Insights .NET Library.

 

The Azure Activity Log is a subscription log which actually provides visibility into subscription-level events that have happened in Azure environment.

This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. You may want to Archive the Azure Activity Log if you want to retain your Activity Log longer than 90 days (with full control over the retention policy) for audit, static analysis, or backup. In this post, I’ll show you now to archive it with a couple of clicks.

 

In the portal, search for the Activity Log service. Now click on the Export button as shown below:

 

 

 

Select a Subscription mod, Region and place a check mark in the Export to an Azure Storage Account. Now use the slider to select a number of days (0 to 365) for which Activity Log events should be kept in your storage account. You can may also select 0 to save it indefinitely. Now click Save.

 

 

 

TRADEMARK LEGAL NOTICE
All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.

Please reload