@sakuraime ,
Yes, we can enable audit on blog storage. Go to Azure portal - storage account -> Monitoring -> diagnostic setting and enable logging V2.0. Please let me know if you have any questions. Thanks
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
are there any best way to do auditing on the action perform on Azure blob storage ? read/update/delete/list by which user ? which time? which application . ? using what authen method ?
thanks
@sakuraime ,
Yes, we can enable audit on blog storage. Go to Azure portal - storage account -> Monitoring -> diagnostic setting and enable logging V2.0. Please let me know if you have any questions. Thanks
Send Diagnostic logging from your storage account to a log analytics workspace, you can follow this procedure using the new Diagnostic Settings (preview) method: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#creating-a-diagnostic-setting
This section goes into detail what queries you can use to read the results of this table using kusto queries: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#accessing-logs-in-a-log-analytics-workspace
For example to list the top 10 operations with the longest end-to-end latency over the last three days:
StorageBlobLogs
| where TimeGenerated > ago(3d)
| top 10 by DurationMs desc
| project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs
The full table reference can be found here: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/storagebloblogs