This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
are there any best way to do auditing on the action perform on Azure blob storage ? read/update/delete/list by which user ? which time? which application . ? using what authen method ?
thanks
@sakuraime ,
I hope I answered your question. Please 'Accept as answer' if the provided information is helpful to help others in the community looking for help on similar topics. Thanks.
@sakuraime ,
Yes, we can enable audit on blog storage. Go to Azure portal - storage account -> Monitoring -> diagnostic setting and enable logging V2.0. Please let me know if you have any questions. Thanks
thanks . and how it could be read ?
Can these log centralize on Azure Log analytics ??
Yes, @sakuraime . These metrics and logs can be centralized on Azure log analytics.
Send Diagnostic logging from your storage account to a log analytics workspace, you can follow this procedure using the new Diagnostic Settings (preview) method: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#creating-a-diagnostic-setting
This section goes into detail what queries you can use to read the results of this table using kusto queries: https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#accessing-logs-in-a-log-analytics-workspace
For example to list the top 10 operations with the longest end-to-end latency over the last three days:
StorageBlobLogs
| where TimeGenerated > ago(3d)
| top 10 by DurationMs desc
| project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs
The full table reference can be found here: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/storagebloblogs