I'm using free tier Azure account. I'm trying to configure activity logs streaming into Event Hubs as per instructions on page - https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-stream-activity-logs-event-hubs
I have created a new EventHub, Shared Access Policy called "ActivityLogsPolicy" with Manage, Send and Listen permissions.
I used this policy to configure "Export" from Activity logs however it keeps failing with error message "Create or update activity log profilesFailure"
Has anyone encountered this problem ?
I was able to get it to work as follows:
In order to make it work, you have to “Register” support for a provider called “microsoft.insights” the whole thing has look and feel of “Windows Registries” :pensive:
Search for Subscriptions in all services -> Select your subscription -> Resource Providers -> Search for “microsoft.insights” -> Enable it. Then it works
I ran into this same error after moving a subscription to a new enterprise agreement. I was not able to get it working so I needed to create a new subscription.
Related
I need a process / programming / tool to have an automatic process, everytime a new user was created in a group or a user was changed (surname, givenname etc) I need to transfer this user object informations (username, surname, givenname, e-mail) to an external system to update the user there.
I didn´t found any good solution, I watch out for Azure Automate, Azure Graph API, Subscription model but no good idea to handle this.
Does anybody have any idea to get a trigger or listener on an Azure Object (group) for any changes and send this changes to an external system?
The Microsoft Graph include a Group delta query, which you could run periodically to pick up changes to the group.
see: https://learn.microsoft.com/en-us/graph/delta-query-groups
A potential architecture could to be have an Azure Function execute the REST API query to monitor for group changes, place any changes found into an Azure Storage Queue, and have your external system monitor the Azure queue for new user messages and take action.
I want to have a control in Azure regarding new and deleted items
I need a query to know "who" and "when" a resource is created or deleted in Azure
Is this possible? How can I do this query?
I need a query to know "who" and "when" a resource is created or
deleted in Azure
Is this possible? How can I do this query?
Whenever a resource is created or deleted, information about that operation is stored in Azure Activity Logs. You should be able to find the information by querying that.
Another alternative would be to make use of Azure Event Grid and subscribe to Subscription Events. You can subscribe to Microsoft.Resources.ResourceWriteSuccess (for creation/updation of resources) and Microsoft.Resources.ResourceDeleteSuccess (for resource deletion) events and take action on these events in near real time.
Within the Azure Portal, you can view these types of events from the past 90 days in the Activity Log blade.
For access to events occurring more than 90 days in the past, you need to pre-emptively set up log archival as detailed in the Export the Azure Activity Log article.
If you are planning to use the export Activity Log feature, please make sure you use the new diagnostic setting feature on Azure subscription to export Activity Logs. This feature offers multiple improvements over the old features such as Logprofiles or the Activity Log solution (Log Analytics).
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-collect
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings-template
I found a way to query the AzureActivity Log in Azure to get a result set of changes that were made to Service Bus Topics like add, rename, delete. The result of changes includes info like TimeGenerated, HttpRequest, ResourceId. But this result set of changes is only for structural changes.
I'd like to configure my Azure instance to log the actual messages that are added to the topic, not just structural changes to a topic definition. The result set should include the same fields of TimeGenerated, HttpRequest, ResourceId. I'm guessing that there's a way to configure Azure to do this but I'm not sure how this would be done. Can you advise how to do this?
I don't think you can query the Activity logs specific to message processing.
All the management operations like create, edit, delete are possible in Azure portal, so they are capturing those events and allow us to query them.
There is no support for any kind of message processing in Azure portal and it is possible only through APIs and Libraries. So, they cannot track something which happened outside the portal.
Actually I am working on an event based notification which will call a webhook/send an email in case a new resource gets added to my subscription. I could not find any Azure native service which will send me alerts/notification in case a new resource gets added to my subscription, but using powershell we can keep on polling on the resource list and workaround it, but if there is any native Azure service or function which can help me out, please inform.
You can use the azure activity log alerts to create a web hook/sms/email notification. This allows you to create a direct avenue straight from the Azure tooling. You can also use a variety of other methods to monitor your azure subscription including Log Analytics (event based logging, alerting and analytics) and App Insights (application logging and alerting)
In my company we have one Azure subscription and there are two or three users which are added on the same subscription and have right to create any resource on Azure.
Now since three users are working on same subscription and they are independently creating resources, I want to keep track or see which user created what resource on the same subscription.
Please let me know is there any way to see this tracking/activity details corresponding to the user.
Currently all users have administrator role/permission.
You are looking for the Activity Log:
The Azure Activity Log is a log that provides insight into the
operations that were performed on resources in your subscription
The Activity Logs provides customers a Portal and REST API experience to see who performed what management operations (PUT/DELET/POST) through Azure Resource Manager (ARM) for the past 90 days.
For anything older than 90 days, you have the option to archive the data to storage account or stream the data to Event Hub if you would like to ingest this data into your own system.
The Activity Log data is also available through the Operations Management Suite.
http://www.deployazure.com/management/operations-management-suite/azure-activity-log-analytics-alerts-with-operations-management-suite/