Configure Logging for Azure Storage

This tutorial guides you through the process of enabling and configuring logging for your Azure Storage account. Logging provides valuable insights into operations performed on your storage resources, which is crucial for auditing, debugging, and performance analysis.

Note: Azure Storage logging is enabled at the storage account level. You can log requests made to Blob, File, Queue, and Table services.

Prerequisites

An Azure subscription.
A storage account in your Azure subscription.

Steps to Enable and Configure Logging

1. Navigate to Your Storage Account

Sign in to the Azure portal. In the search bar at the top, enter "Storage accounts" and select it from the list. Then, select the storage account you want to configure.

2. Access Diagnostic Settings

In the navigation pane of your storage account, under the "Monitoring" section, select Diagnostic settings.

3. Enable Logging

Click on the Add diagnostic setting button.

In the Diagnostic setting name field, enter a descriptive name for your setting (e.g., StorageAccountLogging).

Under the Logs section, select the categories of operations you want to log. Common categories include:

StorageRead: Logs read operations for Blob, File, Queue, and Table services.
StorageWrite: Logs write operations for Blob, File, Queue, and Table services.
StorageDelete: Logs delete operations for Blob, File, Queue, and Table services.

Tip: For comprehensive auditing, it's recommended to enable all three categories (Read, Write, Delete).

4. Choose Destination for Logs

Under the Destination details section, choose where you want to send your logs:

Send to Log Analytics workspace: Recommended for real-time analysis and complex queries. You'll need to select an existing or create a new Log Analytics workspace.
Archive to a storage account: Archives logs to another Azure Storage account for long-term retention and batch processing.
Stream to an event hub: Streams logs in real-time to Azure Event Hubs for integration with other services like Azure Stream Analytics.

For this tutorial, let's assume you are archiving to a storage account. Select Archive to a storage account and choose a target storage account.

5. Save the Diagnostic Setting

Click the Save button at the bottom of the page.

Viewing and Analyzing Logs

Using Log Analytics Workspace

If you chose to send logs to a Log Analytics workspace, you can query them using Kusto Query Language (KQL).

Navigate to your Log Analytics workspace, and then select Logs. You can use queries like:


StorageBlobLogs
| where TimeGenerated > ago(1h)
| where OperationName == "GetBlob"
| project TimeGenerated, AccountName, Uri, CallerIpAddress, StatusCode

Using Archived Storage Account

If you chose to archive logs to a storage account, navigate to that storage account. You'll find a container named insights-logs-storageread (or similar, based on your log category) containing log files organized by date and time.

Configuring Log Retention (Optional)

If you are archiving logs to a storage account, you can configure a lifecycle management policy to automatically delete older logs and manage costs.

In your target storage account, navigate to Lifecycle management.
Create a new rule, define the scope (e.g., all blobs), and set the retention period (e.g., 30 days).

Disabling Logging

To disable logging, simply navigate back to Diagnostic settings for your storage account, select the diagnostic setting you created, and click Delete.

Important: Disabling logging will stop the collection of operational data. Ensure you have retained necessary data before disabling.

By following these steps, you can effectively configure logging for your Azure Storage account, enhancing your ability to monitor, audit, and troubleshoot your storage operations.