Reputation: 786
How to monitor read write activities on Azure Blob Storage
Need to figure out how to log/retrieve information about who (which Azure AD user) has read/write on blobs in our azure blob storage.
I know you can turn on logging on the storage account level using this:
I can see in the logs the different api calls that have been performed on the blob but If I myself went via the azure portal to open some of the blobs, I could not see this activity recorded in the logs. Any ideas how to monitor this? I need it for auditing purposes.
Upvotes: 1
Views: 2237
Answers (1)
Reputation: 1099
When you enable Storage Analytics on Portal, you will have $logs folder on your Blob with storage logs.
When you are using Azure AD authentication you need to configure 2.0 logs and use UserPrincipalName column to identify the user and parse the column with JSON AuthorizationDetail.action to identify the action of the user on storage, i.e. Microsoft.Storage/storageAccounts/blobServices/containers/read for list the blobs in a container.
You will not capture OAuth/Azure AD authenticated requests with log format 1.0.
On Azure Storage Uservoice there is also the request for integration with LogAnalytics to simplify logs monitoring, the private preview should start this month.
Upvotes: 4
Related Questions
- Monitoring Azure Blob container file
- Monitor per-container size/transaction/bandwidth usage in Azure storage account
- How to view Blob Storage logs in Azure App Insights?
- how to watch a folder of Azure Storage Explorer BLOB
- Monitor if any new blob appeared in Azure Blob Storage
- What is the best way to monitor a container in Azure blob storage for changes?
- Monitor the amount of blobs entering into an Azure container
- Azure Blob Container Logging
- Azure Storage services logs
- azure blob storage logging / analytics gui tool?