question

curious7 avatar image
0 Votes"
curious7 asked Monalla-MSFT commented

How to send Azure storaeg account activity logs to Azure Log analytics workspace

I have a requirement to retain logs for few years for compliance purposes for all resources in a resource group (keyvault, storage account, azure automation, VMs, backup vault, etc).
I created a log analytics workspace and set the required retention on it.

I tried sending the Storage account logs to this log analytics workspace using the command below but got the error:-
Command:-
az monitor diagnostic-settings create --name Test-SA-Diagnostics --storage-account $Log_SA_ID --resource $ResourceID --resource-group $RESOURCE_GROUP_NAME --logs '[{"category": StorageWrite}]'
Error:-
Failed to parse JSON: [{"category": StorageWrite}]

Is the correct way of transferring logs to Log analytics workspace?
I even ran the command to list the categories for storage account. And change the "category" value in the command to those as well, but still got the invalid category or the above error.

What is the correct method for sending logs to log analytics workspace?
Or even to a storage account as I just need this for log retention to meet the compliance requirements.

azure-monitorazure-storage-accounts
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@curious7 - Did the below answer help resolve your query?

If so, please feel free to "Accept as Answer" so it can be beneficial to the community.

0 Votes 0 ·

1 Answer

stan avatar image
0 Votes"
stan answered stan edited

Hi,
I believe the syntax for sending StorageWrite logs to Log Analytics workspace is the one below where $Log_SA_ID is the resource ID of the Log Analytics workspace, and $ResourceID is the resource ID of the storage account which you want to stream the logs to Log Analytics.

az monitor diagnostic-settings create --name Test-SA-Diagnostics --workspace $Log_SA_ID --resource $ResourceID --logs '[{"category": "StorageWrite","enabled": true}]'

Source

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.