Azure: Resource logs

Overview

Azure resource logs are platform logs that provide insight into operations that were performed within an Azure resource. The content of resource logs varies by the Azure service and resource type.

Resource logs aren't collected by default, user needs to create and configure the diagnostic setting to send the resource logs to the target Log Analytics workspace in order to query these logs via Log Analytics API.

This data is stored in tables as described in Structure of Azure Monitor Logs and the tables will depend on the type of collection the resource is.

Supported Resources

Currently, Snare Central supports collection of resource logs from the following Azure resources:

• Azure NSG (Network Security Group)

• Azure Application Gateway

• Azure Firewall

Notes

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs