I want to be able to track GET events on Azure resources, namely events such as:
list management groups
list users
etc.
I was thinking of using the Activity Log, but I read (and saw) that it does not log GET events, only POST/PUT/DELETE.
I was also thinking of trying using diagnostic settings, but it seems to not log these events either.
Is there a way I can programatically retrieve such events?
Related
I have a Logic App running every minute that checks the time that data was last received in a table. If it has been enough time since the data was updated I want to receive an alert. I really like the Action Groups used by the Alerts in Azure. They are clean and have lots of options like email, SMS, and Phone. How can I trigger an Action Group from my Logic App?
I know I can recreate the email, SMS, and Phone connections in the Logic App, but then it's harder to maintain. I'm already using the same Action Group for other Alerts. It would be easier to maintain if I could reuse this Action Group.
There is ton online about triggering a Logic App from an Action Group. This is NOT what I'm trying to do. I want the reverse. I want to trigger an Action Group from a Logic App.
How can I trigger an Action Group from my Logic App?
Currently as per the documentation We can trigger a particular logic app using the action group but there is no way to trigger a particular action group using logic app.
It would be easier to maintain if I could reuse this Action Group.
Yes, you can use same action group in multiple alert mechanisms.
Would suggest you to raise a feature request using this azure support link.
You should be able to send data to a custom log in Log Analytics from your Logic App using Azure Log Analytics Data Collector.
Then you can use a Log Analytics query to evaluate resources logs every set frequency, and fire an alert based on the results. Rules can trigger one or more actions using Action Groups. - see Create, view, and manage log alerts using Azure Monitor.
In the MS documentation, at the resources of EventGrid Azure Blob Storage as event sources. There is nothing about table/queue/fileShare creations.
I saw also custom events in EventGrid, so i wondered if it is possible to use table/queue/fileShare creations as custom events. If yes, how?
Unfortunately, there is no direct way you can pass events like table/queue/fileshare creation to Event grid. Event grid supports mostly blob actions like what is listed HERE.
As a work around, you can look at is using alerts. Click on "Alerts" under the Monitoring tab on the left pane of your storage account. There are different types of actions available by which you can pass the administrative events to Azure functions, logic apps or webhooks. If you really need the events in Event grid, you can use logic apps/functions to pass those events/alerts to Event grid.
You may need to do some more filtering before doing this though to get exactly what you want. Else you may end up getting all the admin activities which I don't think you would need.
For example, what I setup below alerted me on creation and deletion of queues(among other things). I would also get alerts for List of storage keys and other admin activities.
How can code and configuration changes to Azure Functions be logged and audited? I'm trying to create ways to track and guard against malicious insiders making unauthorized changes to the functionality of Azure Functions. In AWS I can create a CloudTrail trail that logs all write events to Lambda functions and write them to an S3 bucket; the Events are also visible in the Event history section of the CloudTrail console. However, I can't seem to find a way to do something similar for Azure Functions, especially in Azure Stack. I've scoured the Activity Log and the Monitor to no avail. Any help or ideas would be greatly appreciated. Thanks!
Azure has a new feature called Change Analysis
https://aka.ms/changeanalysis
If you are logged in you probably can go directly here
https://portal.azure.com/?feature.customportal=false#blade/Microsoft_Azure_ChangeAnalysis/ChangeAnalysisBladeV2
This feature is also incorporated into the activity log and you can view the changes that were done. The only issue is it's only for 14 days. They are working on creating allowing export to Log Analytics so it could go back further.
You can create alerts on the activity log. The updates you are referring too should trigger an activity log
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-alerts
I want to have a control in Azure regarding new and deleted items
I need a query to know "who" and "when" a resource is created or deleted in Azure
Is this possible? How can I do this query?
I need a query to know "who" and "when" a resource is created or
deleted in Azure
Is this possible? How can I do this query?
Whenever a resource is created or deleted, information about that operation is stored in Azure Activity Logs. You should be able to find the information by querying that.
Another alternative would be to make use of Azure Event Grid and subscribe to Subscription Events. You can subscribe to Microsoft.Resources.ResourceWriteSuccess (for creation/updation of resources) and Microsoft.Resources.ResourceDeleteSuccess (for resource deletion) events and take action on these events in near real time.
Within the Azure Portal, you can view these types of events from the past 90 days in the Activity Log blade.
For access to events occurring more than 90 days in the past, you need to pre-emptively set up log archival as detailed in the Export the Azure Activity Log article.
If you are planning to use the export Activity Log feature, please make sure you use the new diagnostic setting feature on Azure subscription to export Activity Logs. This feature offers multiple improvements over the old features such as Logprofiles or the Activity Log solution (Log Analytics).
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-collect
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings-template
I found a way to query the AzureActivity Log in Azure to get a result set of changes that were made to Service Bus Topics like add, rename, delete. The result of changes includes info like TimeGenerated, HttpRequest, ResourceId. But this result set of changes is only for structural changes.
I'd like to configure my Azure instance to log the actual messages that are added to the topic, not just structural changes to a topic definition. The result set should include the same fields of TimeGenerated, HttpRequest, ResourceId. I'm guessing that there's a way to configure Azure to do this but I'm not sure how this would be done. Can you advise how to do this?
I don't think you can query the Activity logs specific to message processing.
All the management operations like create, edit, delete are possible in Azure portal, so they are capturing those events and allow us to query them.
There is no support for any kind of message processing in Azure portal and it is possible only through APIs and Libraries. So, they cannot track something which happened outside the portal.