Log Types: Azure

Owned by Svetlana Sheptiy
Last updated: May 15, 2024
2 min read

Overview

Azure cloud can generate logs known as Platform logs whenever an activity is performed on a given resource(s), requests are processed by the network, certain rules are satisfied, and many more.

These logs were gathered and collected by Azure and can be collected in various ways.

Azure Monitor is a service under Azure that collects and organizes logs and data from monitored Azure resources. Using the Log Analytics API, applications like Snare Central can query and collect these Azure logs.

 

About Azure logs

Azure Platform Logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on.

These logs were automatically generated by Azure, ready for collection and integration depending on the user’s and application’s intention.

Types of platform logs

  • Microsoft Entra log: Logs that contain the history of sign-in activity and an audit trail of changes made in Microsoft Entra ID for a particular tenant. Two types were under it: audit and sign-in logs.

  • Activity logs: Formerly known as operational logs and audit logs, they provide insight into the operations on each Azure resource and are used to determine what, who, and when for any write operations taken on the resources in your subscription.

  • Resource logs: Resource logs, previously referred to as diagnostic logs, provide an insight into operations that were performed within an Azure resource, known as the data plane, and some of the Azure resource(s) may have some special type of logs (e.g., Azure NSG - Flow logs).

 

Collection

Snare Central can be configured to collect the Azure Platform logs using the Log Analytics API, as described in this user guide: Azure Logs Collection page.

Currently, Snare Central supports the collection and parsing of the following Azure platform logs:

 

Notes

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview