Azure Audit Logs (formerly known as Operational Logs) include all the provisioning actions performed in the Azure Resource Manager in addition to other actions related to managing Azure resources (ex. Alerts, AutoScaling, deployments etc). Azure Audit Logs also log other service related events and notifications that impact one or more of the resources in your subscription(s). The Audit Logs blade in Azure Portal provides a window to the wealth of information contained in these logs.
Your feedback was clear. You want the ability to easily access, analyze and visualize your data better. We heard your feedback and are excited to announce the preview of a new feature that will empower you to make better business decisions – The Power BI Content Pack for Azure Audit Logs. We’d also like to share other ways to access and consume the data via your own scripts or programs.
What can you expect to find in Azure Audit Logs?
First, you need to access Azure Audit Logs. Find your step-by-step guide in our further documentation explaining how you can access Azure Audit Logs in Azure Portal. In a nutshell, Azure Audit Logs is the go-to place to view all control plane events/logs from all Azure resources. It includes system and user generated events. You can also access this through the Azure Insights SDK, PowerShell, REST API and CLI. The logs are preserved for 90 days in Azure’s Event Logs store.
So what kind of insights can one expect to gain from Azure Audit Logs? Here are some examples:
- Events by any particular resource over time
- Which users perform what actions, how frequently and on what resources
- Actions and events per subscription, resource group, region etc.
- Azure Service Health (outages and maintenance) events that potentially impacted your resources
- Alerts and AutoScale events by resource and time
- Failures, success of deployments and registrations
These data points usually require accessing the logs via data analysis and visualization tools. On top of that, what if you could easily auto-refresh the data and share it with your team using reports and dashboards? The Azure Insights and Power BI team collaborated to bring you exactly this – a free and easy-to-use extension in Power BI, the Content Pack for Azure Audit Logs.
A content pack is an extension in Power BI you can configure to retrieve data from data sources via APIs to build sharable reports and dashboards.
With the help of this Power BI content pack, you can gain insights into logs right from the get-go. You can customize out-of-box reports and charts to your liking and share them with your team. You can also configure data refresh time and frequency to meet your needs.
Check out our demo video that provides a detailed walkthrough of the same.
Now it's your turn to take this for a spin. Try out the new Azure Audit Logs Content Pack. If you have multiple subscriptions, you can repeat the steps using different subscription IDs and rename the dashboard/report based on the subscription info.
Power BI is free with your organizational account. If you are new to Power BI, checkout more resources the Power BI site, blog or YouTube channel.
Do more using Azure Insights REST APIs, PowerShell and SDK
If the Power BI content pack is sufficient but you’re still hungry for more, get your hands dirty with the following options.
Azure Insights REST API: Build your own data analysis tools using the Events REST API. In fact, the Power BI content pack utilizes this REST API. You can apply multiple filters on the query. Note, the API returns a limited set of logs for your query (in most cases less than 200 events at a time). You need to use the ‘nextLink’ element, the continuation token, to page through and retrieve more logs.
Azure Resource Manager PowerShell & CLI: Make use of the Get-AzureRmLog cmdlet in PowerShell or the azure group log show in CLI to access Audit Logs. Read this article to help you get started with these commands.
Azure Insights and Azure Resource Manager Libraries: The InsightsClient class from Azure Insights SDK and the ResourceManagementClient class from Azure Resource Manager SDK have methods and properties that make querying (and paging through) logs easy.
Check out this sample C# program that retrieves the audit logs and dumps them into a CSV file.
Now that you are armed with the quintessential tools to dive deeper and analyze the Azure Audit Logs, we hope you’re eager to transform this data into intelligent actions. Try the Power BI content pack and let us know how we can improve. Make use of the REST API, PowerShell or SDK to programmatically retrieve and archive logs. Let us know how we can make your journey on Azure more insightful.