Enable Diagnostic Logging in the DICOM service
In this article, you'll learn how to enable diagnostic logging in DICOM service and be able to review some sample queries for these logs. Access to diagnostic logs is essential for any healthcare service where compliance with regulatory requirements is a must. The feature in DICOM service enables diagnostic logs is the Diagnostic settings in the Azure portal.
Enable audit logs
To enable diagnostic logging DICOM service, select your DICOM service in the Azure portal.
Select the Activity log blade, and then select Diagnostic settings.
Select + Add diagnostic setting.
Enter the Diagnostic settings name.
Select the Category and Destination details for accessing the diagnostic logs.
Send to Log Analytics workspace in the Azure Monitor. You’ll need to create your Logs Analytics workspace before you can select this option. For more information about the platform logs, see Overview of Azure platform logs.
Archive to a storage account for auditing or manual inspection. The storage account you want to use needs to be already created.
Stream to an event hub for ingestion by a third-party service or custom analytic solution. You’ll need to create an event hub namespace and event hub policy before you can configure this step.
Send to partner solution that you're working with as partner organization in Azure. For information about potential partner integrations, see Azure partner solutions documentation
For information about supported metrics, see Supported metrics with Azure Monitor.
It might take up to 15 minutes for the first Logs to show in Log Analytics. Also, if the DICOM service is moved from one resource group or subscription to another, update the settings once the move is complete.
For information on how to work with diagnostic logs, see Azure Resource Log documentation
Audit log details
The DICOM service returns the following fields in the audit log:
|category||String||Log Category (We currently have 'AuditLogs')|
|operationName||String||Describes the type of operation (for example, Retrieve, Store, Query, etc.)|
|time||DateTime||Date and time of the event.|
|resourceId||String||Azure path to the resource.|
|identity||Dynamic||A generic property bag containing identity information (currently doesn't apply to DICOM).|
|callerIpAddress||String||The caller's IP address.|
|Location||String||The location of the server that processed the request.|
|uri||String||The request URI.|
|resultType||String||The available values currently are Started, Succeeded, or Failed.|
|resultSignature||Int||The HTTP Status Code (for example, 200)|
|properties||String||Describes the properties including resource type, resource name, subscription ID, audit action, etc.|
|type||String||Type of log (it's always MicrosoftHealthcareApisAuditLog in this case).|
|Level||String||Log level (Informational, Error).|
|operationVersion||String||Currently empty. Will be utilized to show api version.|
Below are a few basic Application Insights queries you can use to explore your log data.
Run the following query to see the 100 most recent logs:
MicrosoftHealthcareApisAuditLogs | limit 100
Run the following query to group operations by DICOM Resource Type:
MicrosoftHealthcareApisAuditLogs | summarize count() by DICOMResourceType
Run the following query to get all the failed results
MicrosoftHealthcareApisAuditLogs | where ResultType == "Failed"
Having access to diagnostic logs is essential for monitoring a service and providing compliance reports. The DICOM service allows you to do these actions through diagnostic logs.
In this article, you learned how to enable audit logs for the DICOM service. For information about the Azure activity log, see