Azure 资源日志的通用架构和特定于服务的架构Common and service-specific schema for Azure Resource Logs


资源日志以前称为诊断日志。Resource logs were previously known as diagnostic logs. 此名称在 2019 年 10 月发生了更改,因为 Azure Monitor 收集的日志类型已转变,不仅仅包括 Azure 资源。The name was changed in October 2019 as the types of logs gathered by Azure Monitor shifted to include more than just the Azure resource. 此外,你可以收集的资源日志类别列表过去曾在本文中列出。Also, the list of resource log categories you could collect used to be listed in this article. 它们已移到资源日志类别They were moved to Resource log categories.

Azure Monitor 资源日志是 Azure 服务发出的日志,用于描述这些服务或资源的操作。Azure Monitor resource logs are logs emitted by Azure services that describe the operation of those services or resources. 通过 Azure Monitor 提供的所有资源日志共享公共顶级架构,且每个服务都能灵活地为其事件发出唯一属性。All resource logs available through Azure Monitor share a common top-level schema, with flexibility for each service to emit unique properties for their own events.

资源类型(为 resourceId 属性时可用)和 category 的组合唯一标识架构。A combination of the resource type (available in the resourceId property) and the category uniquely identify a schema. 本文介绍了资源日志的顶级架构以及每个服务的架构链接。This article describes the top-level schema for resource logs and links to the schemata for each service.

顶级通用架构Top-level common schema

名称Name 必需/可选Required/Optional 说明Description
timetime 必须Required 事件时间戳 (UTC)。The timestamp (UTC) of the event.
ResourceIdresourceId 必须Required 发出事件的资源的资源 ID。The resource ID of the resource that emitted the event. 对于租户服务,其形式为 /tenants/tenant-id/providers/provider-name。For tenant services, this is of the form /tenants/tenant-id/providers/provider-name.
tenantIdtenantId 对于租户日志而言是必需的Required for tenant logs 此事件关联到的 Active Directory 租户的租户 ID。The tenant ID of the Active Directory tenant that this event is tied to. 此属性仅用于租户级日志,它不会出现在资源级日志中。This property is only used for tenant-level logs, it does not appear in resource-level logs.
operationNameoperationName 必须Required 此事件表示的操作的名称。The name of the operation represented by this event. 如果事件表示 Azure RBAC 操作,则这是 Azure RBAC 操作名称(例如,Microsoft.Storage/storageAccounts/blobServices/blobs/Read)。If the event represents an Azure RBAC operation, this is the Azure RBAC operation name (for example, Microsoft.Storage/storageAccounts/blobServices/blobs/Read). 通常以资源管理器操作的形式建模,即使它们不是实际记录的资源管理器操作 (Microsoft.<providerName>/<resourceType>/<subtype>/<Write/Read/Delete/Action>)Typically modeled in the form of a Resource Manager operation, even if they are not actual documented Resource Manager operations (Microsoft.<providerName>/<resourceType>/<subtype>/<Write/Read/Delete/Action>)
operationVersionoperationVersion 可选Optional 如果 operationName 是使用 API(例如执行的,则为与该操作关联的 api-version。The api-version associated with the operation, if the operationName was performed using an API (for example, 如果没有与此操作相对应的 API,则该版本表示该操作的版本,以防与操作相关联的属性在将来发生更改。If there is no API that corresponds to this operation, the version represents the version of that operation in case the properties associated with the operation change in the future.
categorycategory 必须Required 事件的日志类别。The log category of the event. 类别是可以在特定资源上启用或禁用日志的粒度。Category is the granularity at which you can enable or disable logs on a particular resource. 在事件的属性 blob 内显示的属性在特定日志类别和资源类型中相同。The properties that appear within the properties blob of an event are the same within a particular log category and resource type. 典型的日志类别是“Audit”、“Operational”、“Execution”和“Request”。Typical log categories are "Audit" "Operational" "Execution" and "Request."
resultTyperesultType 可选Optional 事件的状态。The status of the event. 典型值包括“Started”、“In Progress”、“Succeeded”、“Failed”、“Active”和“Resolved”。Typical values include Started, In Progress, Succeeded, Failed, Active, and Resolved.
resultSignatureresultSignature 可选Optional 事件的子状态。The sub status of the event. 如果该操作对应于 REST API 调用,则此字段为相应 REST 调用的 HTTP 状态代码。If this operation corresponds to a REST API call, this field is the HTTP status code of the corresponding REST call.
resultDescriptionresultDescription 可选Optional 此操作的静态文本说明,例如“获取存储文件”。The static text description of this operation, for example "Get storage file."
durationMsdurationMs 可选Optional 操作持续时间,以毫秒为单位。The duration of the operation in milliseconds.
callerIpAddresscallerIpAddress 可选Optional 调用方 IP 地址,前提是该操作对应于来自某个具有公开可用 IP 地址的实体的 API 调用。The caller IP address, if the operation corresponds to an API call that would come from an entity with a publicly available IP address.
correlationIdcorrelationId 可选Optional 用于将一组相关事件组合在一起的 GUID。A GUID used to group together a set of related events. 通常,如果两个事件的 operationName 相同但状态不同(例如,状态分别为“Started”和“Succeeded”),则它们共享相同的相关 ID。Typically, if two events have the same operationName but two different statuses (for example "Started" and "Succeeded"), they share the same correlation ID. 这也可以代表事件之间的其他关系。This may also represent other relationships between events.
identityidentity 可选Optional 描述执行操作的用户或应用程序的标识的 JSON Blob。A JSON blob that describes the identity of the user or application that performed the operation. 通常,此字段包括 Active Directory 中的授权和声明/JWT 令牌。Typically this field includes the authorization and claims / JWT token from active directory.
LevelLevel 可选Optional 事件的严重级别。The severity level of the event. 必须是信息性、警告、错误或严重。Must be one of Informational, Warning, Error, or Critical.
locationlocation 可选Optional 发出事件的资源区域,例如“中国北部”或“中国北部 2”The region of the resource emitting the event, for example "China North" or "China North2"
propertiesproperties 可选Optional 与此特定类别的事件相关的任何扩展属性。Any extended properties related to this particular category of events. 所有自定义/唯一属性都必须放入此架构的“B 部分”。All custom/unique properties must be put inside this "Part B" of the schema.

特定于服务的架构Service-specific schemas

资源日志的架构因资源和日志类别而异。The schema for resource logs varies depending on the resource and log category. 此列表显示可提供资源日志的服务,并链接到该服务和特定于类别的架构(如果可用)。This list shows services that make available resource logs and links to the service and category-specific schema where available. 随着新服务的添加,此列表会不断变化。因此,如果你在下面看不到所需的内容,请使用搜索引擎来发现其他文档。This list is changing all the time as new services are added, so if you don't see what you need below, use a search engine to discover additional documentation. 请随时在 GitHub 上提交与本文相关的问题,以便我们进行更新。Feel free to open a GitHub issue on this article so we can update it.

服务Service 架构和文档Schema & Docs
Azure Active DirectoryAzure Active Directory 概述审核日志架构登录架构Overview, Audit log schema and Sign-ins schema
Analysis ServicesAnalysis Services Azure Analysis Services - 设置诊断日志记录Azure Analysis Services - Setup diagnostic logging
API 管理API Management API 管理资源日志API Management Resource Logs
应用服务App Service 应用服务日志App Service Logs
应用程序网关Application Gateways 应用程序网关的日志记录Logging for Application Gateway
Azure 自动化Azure Automation 适用于 Azure 自动化的 Log AnalyticsLog analytics for Azure Automation
Azure BatchAzure Batch Azure Batch 日志记录Azure Batch logging
认知服务Cognitive Services Azure 认知服务的日志记录Logging for Azure Cognitive Services
容器注册表Container Registry Azure 容器注册表的日志记录Logging for Azure Container Registry
CosmosDBCosmosDB Azure Cosmos DB 日志记录Azure Cosmos DB Logging
Data FactoryData Factory 使用 Azure Monitor 监视数据工厂Monitor Data Factories using Azure Monitor
Azure 数据资源管理器Azure Data Explorer Azure 数据资源管理器日志Azure Data Explorer logs
Azure Database for MySQLAzure Database for MySQL Azure Database for MySQL 诊断日志Azure Database for MySQL diagnostic logs
Azure Database for PostgreSQLAzure Database for PostgreSQL Azure Database for PostgreSQL 日志Azure Database for PostgreSQL logs
Azure DatabricksAzure Databricks Azure Databricks 中的诊断日志记录Diagnostic logging in Azure Databricks
事件中心Event Hubs Azure 事件中心日志Azure Event Hubs logs
Express RouteExpress Route 架构不可用。Schema not available.
Azure 防火墙Azure Firewall 架构不可用。Schema not available.
IoT 中心IoT Hub IoT 中心操作IoT Hub Operations
密钥保管库Key Vault Azure 密钥保管库日志记录Azure Key Vault Logging
Kubernetes 服务Kubernetes Service Azure Kubernetes 日志记录Azure Kubernetes Logging
负载均衡器Load Balancer Azure 负载均衡器的 Log AnalyticsLog analytics for Azure Load Balancer
逻辑应用Logic Apps 逻辑应用 B2B 自定义跟踪架构Logic Apps B2B custom tracking schema
网络安全组Network Security Groups 网络安全组 (NSG) 的 Log AnalyticsLog analytics for network security groups (NSGs)
Power BI 专用Power BI Dedicated Azure 中 Power BI Embedded 的日志记录Logging for Power BI Embedded in Azure
恢复服务Recovery Services Azure 备份的数据模型Data Model for Azure Backup
搜索Search 允许并使用搜索流量分析Enabling and using Search Traffic Analytics
服务总线Service Bus Azure 服务总线日志Azure Service Bus logs
SQL 数据库SQL Database Azure SQL 数据库日志记录Azure SQL Database logging
流分析Stream Analytics 作业日志Job logs
虚拟网络Virtual Networks 架构不可用。Schema not available.
虚拟网络网关Virtual Network Gateways 架构不可用。Schema not available.

后续步骤Next Steps