Logs of Azure storage to the same storage account(itself)

Question

For our solution, we require to collect audit logs of our azure resources. We need to store the logs for a year and since storage is less costly than log analytics, we are sending all the logs to a storage account.
We also have a requirement to log all the access to the logs itself. So we want to send all the read requests of these logs into the same storage account. However, I cannot see that this is an option. It wouldn't make sense to send these logs into a different storage account.
So my question is, can we send the audit logs of a storage account into itself?

Answer 1

Hi @ ChandAnupamSBOBNGITARX-7207

Welcome to Microsoft Q & A community Forum!

You can't send logs to the same storage account that you are monitoring.

This would lead to recursive logs in which a log entry describes the writing of another log entry. You must create an account or use another existing account to store log information.

https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#destination-limitations

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Storage Analytics logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account. The $logs container is located in the blob namespace of the storage account, for example: http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, though its contents can be deleted. If you use your storage-browsing tool to navigate to the container directly, you will see all the blobs that contain your logging data.

Following table shows the metadata attributes:

----------

--please don't forget to upvote and Accept as answer if the reply is helpful--