@Cataster Thank you for reaching out.
If you need to ingest event logs into Azure Data Lake, you will need to build an ingestion pipeline that will extract and load data.
However, if the requirement is to hold this data for auditing purposes, Azure Monitor offers a cheaper and scalable option.
You can persist the event and activity logs (you can choose the retention period) not just for Virtual machines but for many other Azure services that you may provision in future.
Please refer to this document to understand more.
Monitor virtual machines with Azure Monitor
Log Analytics is a feature within Azure Monitor that lets you query the metrics and logs just like you would from Azure DataLake and lets you build reports and dashboards.
Read more here
Overview of Log Analytics in Azure Monitor
Please let us know if you have any further questions.
----------
If an answer is helpful, please click on or upvote which might help other community members reading this thread.