Azure Upload Iis Logs to Storage Account

Logging is a crucial authoritative task equally information technology helps identify details of an result that occurred. Logs commonly shop the details such as the username, time, activeness of the user and metadata of the event. It is helpful for auditing and for forensic test in the event of a criminal offence.

Azure provides various monitoring tools that assistance identify resource usage and bottlenecks. Azure Storage provides a logging feature that gives data on the events that occurred on the storage business relationship.

Azure Log Analytics Workspace

Log analytics workspace is a service provided in Azure that enables us to collect logs from multiple services like an Azure Storage account and Azure Virtual Machines. The logs collected based on events tin can and then be queried using a custom language called KQL (Kusto Query Language). KQL likewise is known equally 'Log Analytics Query language' is similar SQL with the additional capability to render charts.

You tin add various types of events for loading into the Log Analytics workspace, and so combine it in the dashboard tiles.

Thus, Log Analytics Workspace provides a single place where you can store logs from different services, query them and build a dashboard from it.

Azure Storage Account

Azure Storage Account provides a storage platform on the cloud enabling u.s. to shop diverse kinds of data. Data tin exist stored as blobs, tables or queues. Lots of read/write/delete operations unremarkably occur on the storage, and you might need to keep rail of who is doing what.

To enable logging on an Azure Storage account, open the respective storage business relationship. Go to Monitoring (classic) – > Diagnostic Settings (archetype), select the version and check the operations you demand to log (read/write/delete).

Azure Storage provides 2 versions of logging and v2.0 is simply a superset of the v1.0. The log generated contains the following details -> resources ids, request blazon, the performance performed, performance condition and network information like header size, authentication. v2.0 contains more details with respect to Unique IDs (UUIDs) of all the entities tied to the event.

The logs generated tin exist seen in the Azure Storage explorer nether '$logs' in the corresponding storage business relationship. At the fourth dimension of publishing this blog, '$logs' is not visible in the preview version of Azure Storage Explorer in the Azure portal.

The log files are organized in a yr/month/twenty-four hour period folder structure and the file contents are ';' separated. The log files tin can exist downloaded and analyzed in your favorite tool or can be automatically imported into the Log Analytics workspace.

Loading log files into Log Analytics Workspace

At the time of publishing this blog, in that location is no direct fashion to connect '$logs' to the analytics workspace. Microsoft has provided a PowerShell script that tin can be run to fetch logs and post them in the workspace.

https://github.com/Azure/azure-docs-powershell-samples/blob/master/storage/mail-storage-logs-to-log-analytics/PostStorageLogs2LogAnalytics.ps1

Steps to load information:

1. Download the PowerShell program from the link provided above. Using 'Powershell ISE' to run the programme is recommended.
2. Insert your respective ids at the top of the plan. The details of getting the ids accept been provided in the comments on top of each variable.
3. '$LogType' is the name of the tabular array that will be created for the logs from this storage account. The tabular array will likewise suspend '_CL' during creation.

four. In one case you lot have inserted the required fields, run the program and it should import all the logs to the workspace. Y'all can automate this using the Azure DevOps.

Querying Log Analytics Workspace

Once the logs are imported, open the Log Analytics workspace, select 'Logs' in the left pane and you should see your logs under the Custom Logs bureaucracy. To query, you need to use the KQL (Kusto Query Language) which is like SQL.

Consider gen2_logs_CL is my custom log tabular array and I need to select Operation_Type. In SQL, nosotros would write it as below:

          SELECT Operation_Type FROM gen2_logs_CL        

In KQL:

          gen2_logs_CL | project Operation_Type        

In the beneath paradigm, we have grouped the Operation type and created a pie chart to see which operations are the most mutual in the storage account. The render command is specific to KQL and is used to produce a chart from the output of the query.

Dashboards in Log Analytics workspace allow the states to add the diverse queries nosotros create beyond different services to be added in a single place. This allows the states to get a quick wait at the logs of all the services.

After creating this, you tin can add together the pie chart to a new dashboard or an existing dashboard inside the Log Analytics Workspace which will automatically update every time the custom log tabular array is updated.

Thus, by using Azure Storage Analytics and Log analytics workspace, we can derive useful insights into the events that happen in the Azure Storage Account.

Reach out to us for implementation details or questions. Learn more about Visual BI'due south Microsoft Azure offerings here.

martinezscarlilluded.blogspot.com

Source: https://visualbi.com/blogs/microsoft/powerbi/utilizing-azure-log-analytics-workspace-azure-storage-account-logs/

Share this post