Azure 平台日志概述Overview of Azure platform logs

平台日志提供 Azure 资源及其所依赖的 Azure 平台的详细诊断和审核信息。Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. 它们是自动生成的,虽然你需要配置某些平台日志,以便将其转发到一个或多个目标进行保留。They are automatically generated although you need to configure certain platform logs to be forwarded to one or more destinations to be retained. 本文概述了平台日志,其中包括它们提供什么信息,以及如何配置它们以方便收集和分析。This article provides an overview of platform logs including what information they provide and how you can configure them for collection and analysis.

平台日志的类型Types of platform logs

下表列出了在不同 Azure 层提供的特定的平台日志。The following table lists the specific platform logs that are available at different layers of Azure.

日志Log Layer 说明Description
资源日志Resource logs Azure 资源Azure Resources 深入了解在 Azure 资源(数据平面)内执行的操作,例如,从 Key Vault 获取机密,或向数据库发出请求。 Provide insight into operations that were performed within an Azure resource (the data plane), for example getting a secret from a Key Vault or making a request to a database. 资源日志的内容因 Azure 服务和资源类型而异。The content of resource logs varies by the Azure service and resource type.

资源日志以前称为诊断日志。 Resource logs were previously referred to as diagnostic logs.
活动日志Activity log Azure 订阅Azure Subscription 了解从外部(管理平台) 对订阅中的每个 Azure 资源执行的操作,以及对服务运行状况事件进行的更新。Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane) in addition to updates on Service Health events. 通过活动日志,可确定订阅中资源上进行的任何写入操作 (PUT, POST, DELETE) 的“什么操作、谁操作和操作时间”等信息。 Use the Activity Log, to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. 还可以了解该操作和其他相关属性的状态。You can also understand the status of the operation and other relevant properties. 每个 Azure 订阅都有一个活动日志。There is a single Activity log for each Azure subscription.
Azure Active Directory 日志Azure Active Directory logs Azure 租户Azure Tenant 包含特定租户的 Azure Active Directory 中的登录活动和更改审核日志的历史记录。Contains the history of sign-in activity and audit trail of changes made in the Azure Active Directory for a particular tenant.

备注

Azure 活动日志主要适用于 Azure Resource Manager 中发生的活动。The Azure Activity Log is primarily for activities that occur in Azure Resource Manager. 它不跟踪使用经典/RDFE 模型的资源。It does not track resources using the Classic/RDFE model. 某些经典资源类型在 Azure Resource Manager 中具有代理资源提供程序(例如 Microsoft.ClassicCompute)。Some Classic resource types have a proxy resource provider in Azure Resource Manager (for example, Microsoft.ClassicCompute). 如果使用这些代理资源提供程序通过 Azure Resource Manager 与经典资源类型交互,相关操作出现在活动日志中。If you interact with a Classic resource type through Azure Resource Manager using these proxy resource providers, the operations appear in the Activity Log. 如果在 Azure 资源管理器代理外部与经典资源类型进行交互,则操作只会记录在操作日志中。If you interact with a Classic resource type outside of the Azure Resource Manager proxies, your actions are only recorded in the Operation Log. 可以在门户的一个单独部分中浏览操作日志。The Operation Log can be browsed in a separate section of the portal.

平台日志概述

查看平台日志Viewing platform logs

可以通过不同的选项查看和分析不同的 Azure 平台日志。There are different options for viewing and analyzing the different Azure platform logs.

  • 查看 Azure 门户中的活动日志,并通过 PowerShell 和 CLI 访问事件。View the Activity log in the Azure portal and access events from PowerShell and CLI. 有关详细信息,请参阅查看和检索 Azure 活动日志事件See View and retrieve Azure Activity log events for details.
  • 资源日志由受支持的 Azure 资源自动生成,但这些资源不能查看,除非你将它们发送到目标Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you send them to a destination.

DestinationsDestinations

可以将平台日志发送到下表中的一个或多个目标,具体取决于监视要求。You can send platform logs to one or more of the destinations in the following table depending on your monitoring requirements. 通过创建诊断设置为平台日志配置目标。Configure destinations for platform logs by creating a Diagnostic setting.

目标Destination 方案Scenario 参考References
Log Analytics 工作区Log Analytics workspace 借助其他监视数据对日志进行分析,并利用 Azure Monitor 功能(例如日志查询和警报)。Analyze the logs with other monitoring data and leverage Azure Monitor features such as log queries and alerts. 活动日志和资源日志Activity log and Resource logs
Azure 存储Azure storage 将日志存档供审核、静态分析或备份。Archive the logs for audit, static analysis, or backup. 活动日志和资源日志Activity log and Resource logs
事件中心Event hub 将日志流式传输到第三方日志记录和遥测系统。Stream the logs to third-party logging and telemetry systems. 活动日志和资源日志Activity log and Resource logs

后续步骤Next steps