Azure Monitor - Application Tier Part 2

The area that we look at is the subscription. Now the data that is collected here is related to the health and operation of your Azure subscription. The Azure Activity log includes service health records along with records on any configuration changes made to the resources in your Azure subscription. The Activity log is available to all Azure resources and represents their external view.

So the Activity log is pretty similar to the Event Log that we have in a Windows Server. It captures what is going on in the Azure tenant. You can then query the information from within the Azure Monitor in the Activity log. This is where you will find information about who, what and where. This can be used for auditing purposes. We can also create alerts based on the log entries. We will be looking at this a little later in this module.

The Azure Monitor logs are used to collect the data and analyze the information. You create the Log Analytics workspace and this will expose all of the data that can be queried using KUSTO.

We can also export the information to another resource such as storage account, Event Hub or Log Analytics. The storage account will allow us to archive the information for further analysis and also for eDiscovery in the future. You can respond to events in real time by sending logs into the Event Hub.

Along with the activities we can also search on the health of the Azure environment. The Service Health records are stored in the Azure Activity log, so you can view them in the Azure portal or perform any other activities you can perform with the Activity log.

We discuss these topics and more in this next video.