I want to have a control in Azure regarding new and deleted items
I need a query to know "who" and "when" a resource is created or deleted in Azure
Is this possible? How can I do this query?
I need a query to know "who" and "when" a resource is created or
deleted in Azure
Is this possible? How can I do this query?
Whenever a resource is created or deleted, information about that operation is stored in Azure Activity Logs. You should be able to find the information by querying that.
Another alternative would be to make use of Azure Event Grid and subscribe to Subscription Events. You can subscribe to Microsoft.Resources.ResourceWriteSuccess (for creation/updation of resources) and Microsoft.Resources.ResourceDeleteSuccess (for resource deletion) events and take action on these events in near real time.
Within the Azure Portal, you can view these types of events from the past 90 days in the Activity Log blade.
For access to events occurring more than 90 days in the past, you need to pre-emptively set up log archival as detailed in the Export the Azure Activity Log article.
If you are planning to use the export Activity Log feature, please make sure you use the new diagnostic setting feature on Azure subscription to export Activity Logs. This feature offers multiple improvements over the old features such as Logprofiles or the Activity Log solution (Log Analytics).
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-collect
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings-template
Related
Is there a way to trigger a Logic App on a deletion of a record in an Azure SQL table?
I've checked the SQL Connector and there is only When an item is created and When an item is modified, which gives me the C and U in CRUD, but sadly there isn't an out-of-the-box trigger for the D.
I can think of some awful way of polling to get record deletions, but I'm hoping that there is a cleaner solution that some bright person has come up with, however I've had no joy with the Google searching.
I would look at the Azure Event Grid. Azure Event Grid allows you to easily build applications with event-based architectures. First, select the Azure resource you would like to subscribe to, and then give the event handler or WebHook endpoint to send the event to. Event Grid has built-in support for events coming from Azure services, like storage blobs and resource groups. Event Grid also has support for your own events, using custom topics.
I would suggest monitoring the resource group and triggering it off the deletion from the RG. There is a tutorial that shows this same concept with a VM but you should be able to modify it to meet your needs with an Azure SQL DB.
https://learn.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app
I added an on delete trigger which adds the id of the deleted record to a secondary table. I have the logic app look for modifications on the secondary table.
Usecase: Trigger Azure Function only for predefined Azure activity logs.
I tried to configure Azure Activity logs and Export to Event Hub, but it won't allow Filter set on it. As per Azure document, the filter settings do not have an impact on export settings.
My usecase is to trigger an Azure Function only for a specific set of activity logs (say VM, VNet, NSG Create/Delete/Modify). What other Azure services can I use to accomplish this?
One option, but with some constraints, is to create Alerts at Resource Group level or even for specific resources. Alerts provide some flexibility in filtering specific events for which you would want to trigger an Action, say an Azure Func in your case.
I was thinking Azure Logic Apps would do this as well. However, to my surprise I could not find an option to add Activity Log as a trigger. Probably, it would come in the future. As Azure is updated quite frequently, keep checking every now and then to see if you get any new options to do this.
I found a way to query the AzureActivity Log in Azure to get a result set of changes that were made to Service Bus Topics like add, rename, delete. The result of changes includes info like TimeGenerated, HttpRequest, ResourceId. But this result set of changes is only for structural changes.
I'd like to configure my Azure instance to log the actual messages that are added to the topic, not just structural changes to a topic definition. The result set should include the same fields of TimeGenerated, HttpRequest, ResourceId. I'm guessing that there's a way to configure Azure to do this but I'm not sure how this would be done. Can you advise how to do this?
I don't think you can query the Activity logs specific to message processing.
All the management operations like create, edit, delete are possible in Azure portal, so they are capturing those events and allow us to query them.
There is no support for any kind of message processing in Azure portal and it is possible only through APIs and Libraries. So, they cannot track something which happened outside the portal.
In Azure new portal how can we view the list of navigation history that we navigated before
I got the answer, In new Azure portal we have a service called "Recent" (see image below), add it to your favorite menu. It will show all the recently visited resources, just click and navigate to your recently visited resources.
Vijai, that's a good tip/place to view the navigation history on the Azure Portal.
If you wish, you may review your Activity Logs- Through this, you can determine:
what operations were taken on the resources in your subscription
who initiated the operation (although operations initiated by a backend service do not return a user as the caller)
when the operation occurred (in your case WebApps)
the status of the operation
the values of other properties that might help you research the operation
The activity log contains all write operations (PUT, POST, DELETE) performed on your resources. It does not include read operations (GET). You can use the audit logs to find an error when troubleshooting or to monitor how a user in your organization modified a resource.
Note: Activity logs are retained for 90 days. You can query for any range of dates, as long as the starting date is not more than 90 days in the past.
In my company we have one Azure subscription and there are two or three users which are added on the same subscription and have right to create any resource on Azure.
Now since three users are working on same subscription and they are independently creating resources, I want to keep track or see which user created what resource on the same subscription.
Please let me know is there any way to see this tracking/activity details corresponding to the user.
Currently all users have administrator role/permission.
You are looking for the Activity Log:
The Azure Activity Log is a log that provides insight into the
operations that were performed on resources in your subscription
The Activity Logs provides customers a Portal and REST API experience to see who performed what management operations (PUT/DELET/POST) through Azure Resource Manager (ARM) for the past 90 days.
For anything older than 90 days, you have the option to archive the data to storage account or stream the data to Event Hub if you would like to ingest this data into your own system.
The Activity Log data is also available through the Operations Management Suite.
http://www.deployazure.com/management/operations-management-suite/azure-activity-log-analytics-alerts-with-operations-management-suite/