Different types of logs generated in Azure



What are the different types of logs generated in Azure which helps in Monitoring Azure resources?

There are lots of different types of logs generated in Azure, it’s very much confusing when you don’t know which logs to use for monitoring your resources and how to access them. Logs contain different kinds of data organized into records with different sets of properties for each type. Logs can contain numeric values like metrics but typically contain text data with detailed descriptions. They further differ from metrics in that they vary in their structure and are often not collected at regular intervals.

Types of logs generated in Azure

There are 20 different types of logs currently generated in Azure and there are different ways to access them. Please find the table to understand the different types of logs generated in Azure and their types, supported services and method of access.

As per Microsoft docs, please find the different sources of logs generated in Azure in this below table.

Data type / SourceCategorySupported ServicesMethods of access
Azure Monitor platform-level metricsMetricsSee list hereREST API: Azure Monitor Metric APIStorage blob or event hub:Diagnostic Settings
Compute guest OS metrics (eg. perf counters)MetricsWindows and Linux Virtual Machines (v2), Cloud ServicesService FabricStorage table or blob:Windows or Linux Azure diagnosticsEvent hub: Windows Azure diagnostics
Custom or application metricsMetricsAny application instrumented with Application InsightsREST API: Application Insights REST API
Storage metricsMetricsAzure StorageStorage table: Storage Analytics
Billing dataMetricsAll Azure servicesREST API: Azure Resource Usage and RateCard APIs
Activity LogEventsAll Azure servicesREST API: Azure Monitor Events APIStorage blob or event hub:Log Profile
Azure Monitor Diagnostic LogsEventsSee list hereStorage blob or event hub:Diagnostic Settings
Compute guest OS logs (eg. IIS, ETW, syslogs)EventsWindows and Linux Virtual Machines (v2), Cloud ServicesService FabricStorage table or blob:Windows or Linux Azure diagnosticsEvent hub: Windows Azure diagnostics
App Service logsEventsApp servicesFile, table, or blob storage:Web app diagnostics
Storage logsEventsAzure StorageStorage table: Storage Analytics
Security Center alertsEventsAzure Security CenterREST API: Security Alerts
Active Directory reportingEventsAzure Active DirectoryREST API: Azure Active Directory graph API
Security Center resource statusStatusAll supported resourcesREST API: Security Statuses
Resource HealthStatusSupported servicesREST API: Resource health REST API
Azure Monitor metric alertsNotificationsSee list hereWebhook: Azure metric alerts
Azure Monitor Activity Log alertsNotificationsAll Azure servicesWebhook: Azure Activity Log alerts
Autoscale notificationsNotificationsSee list hereWebhook: Autoscale notification webhook payload schema
Log Search Query alertsNotificationsLog AnalyticsWebhook: Webhook action for log alert rules
Application Insights metric alertsNotificationsApplication InsightsWebhook: Application Insights alerts
Application Insights web testsNotificationsApplication InsightsWebhook: Application Insights alerts

Table: Showing types of Azure Logs

Now let’s see one of the most important log which is the Activity Log.

What is Activity Log in Azure?

The Azure Activity Log is a subscription log that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as “Audit Logs” or “Operational Logs,” since the Administrative category reports control-plane events for your subscriptions. Using the Activity Log, you can determine the ‘what, who, and when’ for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. The Azure Activity Log is primarily for activities that occur in Azure Resource Manager. You can retrieve events from your Activity Log using the Azure portal, CLI, PowerShell cmdlets, and Azure Monitor REST API.

Here is a diagram from Microsoft which shows what you can do with Azure Activity Log.


From July 2018, activity alert experience can be triggered by Unified Alerting. A new unified alert experience that enables you to manage alerts from multiple subscriptions and introduces alert states and smart groups is currently available in public preview.

In my next post, I will write about the unified alert monitor in the Azure Portal with a detail use case. Azure monitoring is becoming so vast that you need enough time to become experts in the field of monitoring and alerting. I will publish all my findings in my blog which may help you to get some experience near future. In the new beta exam syllabus of AZ 300 also Microsoft has introduced a new chapter for analyzing resource utilization and consumption.

That’s all for today. You have a good day ahead.