Not seeing Storage Account Table Create and Delete actions in Activity Log

Tal Shladovsky 0 Reputation points
2024-06-03T13:29:46.01+00:00

Hi there,

I'm working on a project at my company involving the Table storage resource within a Storage Account.

User's image

I noticed that I'm not getting the Create/Update and Delete actions logs, of the Table storage I created, at the Activity Log (Monitor service), and I'm wondering what could be the reason?
(I only got a "List Storage Account Keys" action log)

User's image

According to Azure's Storage Permissions documentation here,
these are the relevant actions I expect to see in the Activity Logs:
Microsoft.Storage/storageAccounts/tableServices/tables/write Microsoft.Storage/storageAccounts/tableServices/tables/delete

For reference, However, when I created a Queue storage within the same Storage Account, I did see the"Write queue" action log.
What could be the reason one action is logged while the other is not?

User's image

Please note that my user is a Global Administrator within our subscription.

Did someone encounter such an issue?
Is there a configuration affecting this behavior?

Thanks in advance,
Tal

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,938 questions
Azure Table Storage
Azure Table Storage
An Azure service that stores structured NoSQL data in the cloud.
162 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. TP 82,066 Reputation points
    2024-06-03T14:37:47.0633333+00:00

    Hi Tal,

    You can view the CreateTable entries by enabling auditing on Table and sending to Log Analytics workspace. Once you have that configured you may query the Logs. In the portal, navigate to Monitoring - Diagnostic settings blade, similar to below:

    qna storage account enable table audit

    Once there, click on table on right, next Add diagnostic setting. Enter a name (e.g. AuditTable), select audit, select Send to Log Analytics workspace, choose workspace from the dropdown, and click Save.

    qna storage account enable table audit2

    At this point it will begin sending future activity to the workspace, so as a test create a new table.

    After adding diagnostic setting and creating new table, navigate to Monitoring -- Logs blade. On right, enter StorageTableLogs in the query window and click Run.

    qna storage account enable table audit3

    NOTE: After you enable the diagnostic setting for the table there will be a delay before the entries start to show up in your Log Analytics workspace. This delay can be minutes or longer. Once they start to show up, it is normal for the entries in the workspace to lag behind. For example, you may create a new table and the corresponding audit entries will not appear in the LA workspace until several minutes later.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP