Azure blob storage auditing

sakuraime 2,321 Reputation points
2022-01-19T15:00:12.56+00:00

are there any best way to do auditing on the action perform on Azure blob storage ? read/update/delete/list by which user ? which time? which application . ? using what authen method ?

thanks

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,484 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Ravi Kanth Koppala 3,231 Reputation points Microsoft Employee
    2022-01-19T17:18:47.557+00:00

    @sakuraime ,
    Yes, we can enable audit on blog storage. Go to Azure portal - storage account -> Monitoring -> diagnostic setting and enable logging V2.0. Please let me know if you have any questions. Thanks

    166475-storage-audit-feature.png


  2. Ruud van den Hooff 81 Reputation points Microsoft Employee
    2022-01-26T10:44:20.487+00:00

    Send Diagnostic logging from your storage account to a log analytics workspace, you can follow this procedure using the new Diagnostic Settings (preview) method: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#creating-a-diagnostic-setting

    This section goes into detail what queries you can use to read the results of this table using kusto queries: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#accessing-logs-in-a-log-analytics-workspace

    For example to list the top 10 operations with the longest end-to-end latency over the last three days:

    StorageBlobLogs  
    | where TimeGenerated > ago(3d)  
    | top 10 by DurationMs desc  
    | project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs  
    

    The full table reference can be found here: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/storagebloblogs

    0 comments No comments