Azure Monitor Log

Rahul Nair 86 Reputation points
2022-01-29T14:24:23.873+00:00

Hello, I do the Azure CSPM Integration for my company. I came across few checks for which I have to write the code.

  • Ensures the Log Profile is configured to export all activities from the control and management planes in all active locations
  • Ensures that Log Profiles have a long retention policy.

How do I check these in the azure portal? I read documents where it was told to go to the activity logs and click on export to event hubs. But I couldnt find the "export to event hubs" tab.

These are the documents for both..
https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/Monitor/activity-log-all-regions.html
https://avd.aquasec.com/cspm/azure/monitor/log-profile-retention-policy/

Please help me out

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,788 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Stanislav Zhelyazkov 20,781 Reputation points MVP
    2022-01-31T11:37:22.613+00:00

    Hi,
    As I have mentioned in another thread this probably refers to Activity logs. Activity logs are the audit logs for Azure management plane operations. You probably can use these policies:

    • Configure Azure Activity logs to stream to specified Log Analytics workspace
    • Azure Monitor should collect activity logs from all regions
    • Azure subscriptions should have a log profile for Activity Log
    • Activity log should be retained for at least one year

    There is no policy covering the export to event hubs but you can make such by modifying the storage account one. Instead of storage account target it will be event hubs target.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments