Azure 平台日志概述Overview of Azure platform logs

平台日志提供 Azure 资源及其所依赖的 Azure 平台的详细诊断和审核信息。Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. 它们是自动生成的,虽然你需要配置某些平台日志,以便将其转发到一个或多个目标进行保留。They are automatically generated although you need to configure certain platform logs to be forwarded to one or more destinations to be retained. 本文概述了平台日志,其中包括它们提供什么信息,以及如何配置它们以方便收集和分析。This article provides an overview of platform logs including what information they provide and how you can configure them for collection and analysis.

平台日志的类型Types of platform logs

下表列出了在不同 Azure 层提供的特定的平台日志。The following table lists the specific platform logs that are available at different layers of Azure.

Layer 日志Logs 说明Description
Azure 资源Azure Resources 资源日志Resource logs 深入了解在 Azure 资源(数据平面)内执行的操作,例如,从 Key Vault 获取机密,或向数据库发出请求。 Provide insight into operations that were performed within an Azure resource (the data plane), for example getting a secret from a Key Vault or making a request to a database. 资源日志的内容因 Azure 服务和资源类型而异。The content of resource logs varies by the Azure service and resource type.
资源日志以前称为诊断日志。 Resource logs were previously referred to as diagnostic logs.
Azure 订阅Azure Subscription 活动日志Activity log 了解从外部(管理平台) 对订阅中的每个 Azure 资源执行的操作,以及对服务运行状况事件进行的更新。Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane) in addition to updates on Service Health events. 每个 Azure 订阅都有一个活动日志。There is a single Activity log for each Azure subscription.
Azure 租户Azure Tenant Azure Active Directory 日志Azure Active Directory logs 包含特定租户的 Azure Active Directory 中的登录活动和更改审核日志的历史记录。Contains the history of sign-in activity and audit trail of changes made in the Azure Active Directory for a particular tenant.


查看平台日志Viewing platform logs

可以在 Azure 门户中查看活动日志Azure Active Directory 日志You can view the Activity log and Azure Active Directory logs in the Azure portal. 必须将资源日志发送到目标才能查看它们。You must send resource logs to a destination to view them.


可以将平台日志发送到下表中的一个或多个目标,具体取决于监视要求。You can send platform logs to one or more of the destinations in the following table depending on your monitoring requirements.

目标Destination 方案Scenario 参考References
Log Analytics 工作区Log Analytics workspace 借助其他监视数据对日志进行分析,并利用 Azure Monitor 功能(例如日志查询和警报)。Analyze the logs with other monitoring data and leverage Azure Monitor features such as log queries and alerts. 资源日志Resource logs
活动日志Activity log
Azure 存储Azure storage 将日志存档供审核、静态分析或备份。Archive the logs for audit, static analysis, or backup. 资源日志Resource logs
活动日志Activity log
事件中心Event hub 将日志流式传输到第三方日志记录和遥测系统。Stream the logs to third-party logging and telemetry systems. 资源日志Resource logs
活动日志Activity log

诊断设置和日志配置文件Diagnostic settings and log profiles

通过创建诊断设置,配置资源日志和 Azure Active Directory 日志的目标。Configure destinations for Resource logs and Azure Active Directory logs by creating a Diagnostic setting. 创建活动日志的目标,方法是:创建日志配置文件将其连接到 Log Analytics 工作区Configure destinations for the Activity log by creating a log profile or by connecting it to a Log Analytics workspace.

诊断设置和日志配置文件定义以下属性:The diagnostic setting and log profile define the following:

  • 要将所选日志和指标发送到其中的一个或多个目标。One or more destinations to send selected logs and metrics.
  • 资源中的哪些日志类别和指标发送到了目标。Which log categories and metrics from the resource are sent to the destinations.
  • 如果将某个存储帐户选作目标,则每个日志类别应保留多长时间?If a storage account is selected as a destination, how long each log category should be retained.

后续步骤Next steps