How to send Azure storaeg account activity logs to Azure Log analytics workspace

Question

I have a requirement to retain logs for few years for compliance purposes for all resources in a resource group (keyvault, storage account, azure automation, VMs, backup vault, etc).
I created a log analytics workspace and set the required retention on it.

I tried sending the Storage account logs to this log analytics workspace using the command below but got the error:-
Command:-
az monitor diagnostic-settings create --name Test-SA-Diagnostics --storage-account $Log_SA_ID --resource $ResourceID --resource-group $RESOURCE_GROUP_NAME --logs '[{"category": StorageWrite}]'
Error:-
Failed to parse JSON: [{"category": StorageWrite}]

Is the correct way of transferring logs to Log analytics workspace?
I even ran the command to list the categories for storage account. And change the "category" value in the command to those as well, but still got the invalid category or the above error.

What is the correct method for sending logs to log analytics workspace?
Or even to a storage account as I just need this for log retention to meet the compliance requirements.

Answer 1

Hi,
I believe the syntax for sending StorageWrite logs to Log Analytics workspace is the one below where $Log_SA_ID is the resource ID of the Log Analytics workspace, and $ResourceID is the resource ID of the storage account which you want to stream the logs to Log Analytics.

az monitor diagnostic-settings create --name Test-SA-Diagnostics --workspace $Log_SA_ID --resource $ResourceID --logs '[{"category": "StorageWrite","enabled": true}]'

Source

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.