![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 75%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Hello Ravi Bhagat,
If you're collecting access, DNS, and authentication logs from a Debian VM and require cost-effective long-term retention (1 year), consider the following options based on your use case:
Monitoring, Alerting, and Compliance Use Cases
Leverage Log Analytics Workspace:
Use the Azure Monitor Agent (AMA) in combination with Data Collection Rules (DCRs) to ingest only required log types (e.g., syslog, audited).
Configure Basic Logs for infrequently queried data and apply commitment tiers to reduce ingestion and retention costs.
Suitable for scenarios that require integration with Azure Monitor, alerts, workbooks, and regulatory compliance frameworks.
High-Volume Analytics and Custom Dashboards
Consider Azure Data Explorer (ADX):
Persist logs in Azure Blob Storage for low-cost long-term storage.
Ingest selectively into ADX to enable fast, scalable querying using Kusto Query Language (KQL).
Ideal for scenarios involving large log volumes, custom dashboards, correlation queries, and advanced analytics.
Offers cost control by decoupling storage from compute and supporting tiered ingestion strategies.
If you have any further queries, do let us know.