Logs of Azure storage to the same storage account(itself)

Chand, Anupam SBOBNG-ITA/RX 461 Reputation points
2022-11-12T06:26:43.437+00:00

For our solution, we require to collect audit logs of our azure resources. We need to store the logs for a year and since storage is less costly than log analytics, we are sending all the logs to a storage account.
We also have a requirement to log all the access to the logs itself. So we want to send all the read requests of these logs into the same storage account. However, I cannot see that this is an option. It wouldn't make sense to send these logs into a different storage account.
So my question is, can we send the audit logs of a storage account into itself?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,986 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,897 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marwa Abouawad 281 Reputation points Microsoft Employee
    2022-11-17T22:27:30.507+00:00

    Hi @ ChandAnupamSBOBNGITARX-7207

    Welcome to Microsoft Q & A community Forum!

    You can't send logs to the same storage account that you are monitoring.

    This would lead to recursive logs in which a log entry describes the writing of another log entry. You must create an account or use another existing account to store log information.

    https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#destination-limitations

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    2 people found this answer helpful.
    0 comments No comments

  2. Manu Philip 17,271 Reputation points MVP
    2022-11-12T06:57:53.987+00:00

    Storage Analytics logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account. The $logs container is located in the blob namespace of the storage account, for example: http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, though its contents can be deleted. If you use your storage-browsing tool to navigate to the container directly, you will see all the blobs that contain your logging data.

    Following table shows the metadata attributes:
    259762-image.png

    ----------

    --please don't forget to upvote and Accept as answer if the reply is helpful--