This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
are there any best way to do auditing on the action perform on Azure blob storage ? read/update/delete/list by which user ? which time? which application . ? using what authen method ?
thanks
@sakuraime ,
I hope I answered your question. Please 'Accept as answer' if the provided information is helpful to help others in the community looking for help on similar topics. Thanks.
@sakuraime ,
Yes, we can enable audit on blog storage. Go to Azure portal - storage account -> Monitoring -> diagnostic setting and enable logging V2.0. Please let me know if you have any questions. Thanks
thanks . and how it could be read ?
Can these log centralize on Azure Log analytics ??
Yes, @sakuraime . These metrics and logs can be centralized on Azure log analytics.
can you should be how to do that ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 45%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
This option is about to be deprecated, so we need to have up to date solution. Currently in the Diagnostic Settings on the Blob level there is no option to track activity per Azure user from Azure AD tenant.
Let us know how to enable it.
Thank you in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 11%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Send Diagnostic logging from your storage account to a log analytics workspace, you can follow this procedure using the new Diagnostic Settings (preview) method: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#creating-a-diagnostic-setting
This section goes into detail what queries you can use to read the results of this table using kusto queries: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#accessing-logs-in-a-log-analytics-workspace
For example to list the top 10 operations with the longest end-to-end latency over the last three days:
StorageBlobLogs
| where TimeGenerated > ago(3d)
| top 10 by DurationMs desc
| project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs
The full table reference can be found here: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/storagebloblogs