Audit Logging Feature In Azure

In this article, you will learn Azure Audit Logging feature in Azure Preview Portal.
Azure Audit Logs is a data store for lots of useful information on the operations of your Azure resources. An important part of this information is the information related to all the operations that happen with Azure resources, called operational logs. Azure Resource Manager fully audits all the operations performed on resources. By default, the Azure Audit Logs are available for 90 days.
To complete this tutorial, you'll need the following,
  • An active Azure account. (If you don't have an account, you can create a free trial account in just a couple of minutes. For details, see Azure Free Trial.)
Viewing the Azure Audit Logs
To view the Azure Audit Logs in Preview Portal, follow these steps.
1. Login to Azure Portal.
2. In the left navigation, click on Browse and select Audit Logs, as shown in the below image.
If Audit Logs is not visible after clicking Browse, then you can search in filter, as highlighted in the above image.
The above action opens the default view of Audit Logs blade as shown in below image. The data available here is the result of default filter selected in filter dropdowns.
Creating Queries
1. We can change the filter values and save it as a query for later use. Change the filter values and click on save icon.
2. The above action opens a Save sliding window, enter the name of query and click on OK to save it.
We can create such queries as per our requirement and use them later on. If there are multiple subscriptions, then it’s easier to filter the data using queries.
Adding / removing columns
1. We can add or remove columns as per our requirement, as shown in the below image. Just click on the Columns button at the upper side. It opens the Choose columns blade where we select and deselect the columns. These are the columns (as seen in below image) provided at the time of writing this article. After selecting columns, click on Update button.
Exporting To CSV File
1. As shown in the above image, there is a link Click here to download all the items as csv. Click it. It will download the filtered records in a csv file, as shown in the below image.
In the above image, you are seeing the filtered records exported in csv file which contains the columns as Correlation Id. it's unique for a single operation. As seen in the first record, I deleted the resource group for all other resources. Deletion of that resource group has the same Correlation Id.
So, we saw some basic features of Azure Audit Logs. In my future articles, we will see the exporting of data to storage and event hub from Azure Audit Logs data source.