What are the different types of logs generated in Azure which helps in Monitoring Azure resources?
There are lots of different types of logs generated in Azure, it’s very much confusing when you don’t know which logs to use for monitoring your resources and how to access them. Logs contain different kinds of data organized into records with different sets of properties for each type. Logs can contain numeric values like metrics but typically contain text data with detailed descriptions. They further differ from metrics in that they vary in their structure and are often not collected at regular intervals.
Types of logs generated in Azure
There are 20 different types of logs currently generated in Azure and there are different ways to access them. Please find the table to understand the different types of logs generated in Azure and their types, supported services and method of access.
As per Microsoft docs, please find the different sources of logs generated in Azure in this below table.
| Data type / Source | Category | Supported Services | Methods of access |
| Azure Monitor platform-level metrics | Metrics | See list here | REST API: Azure Monitor Metric APIStorage blob or event hub:Diagnostic Settings |
| Compute guest OS metrics (eg. perf counters) | Metrics | Windows and Linux Virtual Machines (v2), Cloud Services, Service Fabric | Storage table or blob:Windows or Linux Azure diagnosticsEvent hub: Windows Azure diagnostics |
| Custom or application metrics | Metrics | Any application instrumented with Application Insights | REST API: Application Insights REST API |
| Storage metrics | Metrics | Azure Storage | Storage table: Storage Analytics |
| Billing data | Metrics | All Azure services | REST API: Azure Resource Usage and RateCard APIs |
| Activity Log | Events | All Azure services | REST API: Azure Monitor Events APIStorage blob or event hub:Log Profile |
| Azure Monitor Diagnostic Logs | Events | See list here | Storage blob or event hub:Diagnostic Settings |
| Compute guest OS logs (eg. IIS, ETW, syslogs) | Events | Windows and Linux Virtual Machines (v2), Cloud Services, Service Fabric | Storage table or blob:Windows or Linux Azure diagnosticsEvent hub: Windows Azure diagnostics |
| App Service logs | Events | App services | File, table, or blob storage:Web app diagnostics |
| Storage logs | Events | Azure Storage | Storage table: Storage Analytics |
| Security Center alerts | Events | Azure Security Center | REST API: Security Alerts |
| Active Directory reporting | Events | Azure Active Directory | REST API: Azure Active Directory graph API |
| Security Center resource status | Status | All supported resources | REST API: Security Statuses |
| Resource Health | Status | Supported services | REST API: Resource health REST API |
| Azure Monitor metric alerts | Notifications | See list here | Webhook: Azure metric alerts |
| Azure Monitor Activity Log alerts | Notifications | All Azure services | Webhook: Azure Activity Log alerts |
| Autoscale notifications | Notifications | See list here | Webhook: Autoscale notification webhook payload schema |
| Log Search Query alerts | Notifications | Log Analytics | Webhook: Webhook action for log alert rules |
| Application Insights metric alerts | Notifications | Application Insights | Webhook: Application Insights alerts |
| Application Insights web tests | Notifications | Application Insights | Webhook: Application Insights alerts |
Table: Showing types of Azure Logs
Now let’s see one of the most important log which is the Activity Log.
What is Activity Log in Azure?
The Azure Activity Log is a subscription log that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as “Audit Logs” or “Operational Logs,” since the Administrative category reports control-plane events for your subscriptions. Using the Activity Log, you can determine the ‘what, who, and when’ for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. The Azure Activity Log is primarily for activities that occur in Azure Resource Manager. You can retrieve events from your Activity Log using the Azure portal, CLI, PowerShell cmdlets, and Azure Monitor REST API.
Here is a diagram from Microsoft which shows what you can do with Azure Activity Log.
From July 2018, activity alert experience can be triggered by Unified Alerting. A new unified alert experience that enables you to manage alerts from multiple subscriptions and introduces alert states and smart groups is currently available in public preview.
In my next post, I will write about the unified alert monitor in the Azure Portal with a detail use case. Azure monitoring is becoming so vast that you need enough time to become experts in the field of monitoring and alerting. I will publish all my findings in my blog which may help you to get some experience near future. In the new beta exam syllabus of AZ 300 also Microsoft has introduced a new chapter for analyzing resource utilization and consumption.
That’s all for today. You have a good day ahead.
