Azure 平台日志概述Overview of Azure platform logs

平台日志提供 Azure 资源及其所依赖的 Azure 平台的详细诊断和审核信息。Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. 它们是自动生成的,虽然你需要配置某些平台日志,以便将其转发到一个或多个目标进行保留。They are automatically generated although you need to configure certain platform logs to be forwarded to one or more destinations to be retained. 本文概述了平台日志,其中包括它们提供什么信息,以及如何配置它们以方便收集和分析。This article provides an overview of platform logs including what information they provide and how you can configure them for collection and analysis.

平台日志的类型Types of platform logs

下表列出了在不同 Azure 层提供的特定的平台日志。The following table lists the specific platform logs that are available at different layers of Azure.

日志Log Layer 说明Description
资源日志Resource logs Azure 资源Azure Resources 深入了解在 Azure 资源(数据平面)内执行的操作,例如,从 Key Vault 获取机密,或向数据库发出请求。 Provide insight into operations that were performed within an Azure resource (the data plane), for example getting a secret from a Key Vault or making a request to a database. 资源日志的内容因 Azure 服务和资源类型而异。The content of resource logs varies by the Azure service and resource type.

资源日志以前称为诊断日志。 Resource logs were previously referred to as diagnostic logs.
活动日志Activity log Azure 订阅Azure Subscription 了解从外部(管理平台) 对订阅中的每个 Azure 资源执行的操作,以及对服务运行状况事件进行的更新。Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane) in addition to updates on Service Health events. 通过活动日志,可确定订阅中资源上进行的任何写入操作 (PUT, POST, DELETE) 的“什么操作、谁操作和操作时间”等信息。 Use the Activity Log, to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. 每个 Azure 订阅都有一个活动日志。There is a single Activity log for each Azure subscription.
Azure Active Directory 日志Azure Active Directory logs Azure 租户Azure Tenant 包含特定租户的 Azure Active Directory 中的登录活动和更改审核日志的历史记录。Contains the history of sign-in activity and audit trail of changes made in the Azure Active Directory for a particular tenant.

备注

Azure 活动日志主要适用于 Azure Resource Manager 中发生的活动。The Azure Activity Log is primarily for activities that occur in Azure Resource Manager. 它不跟踪使用经典/RDFE 模型的资源。It does not track resources using the Classic/RDFE model. 某些经典资源类型在 Azure Resource Manager 中具有代理资源提供程序(例如 Microsoft.ClassicCompute)。Some Classic resource types have a proxy resource provider in Azure Resource Manager (for example, Microsoft.ClassicCompute). 如果通过 Azure 资源管理器使用这些代理资源提供程序与经典资源类型进行交互,则操作会显示在活动日志中。If you interact with a Classic resource type through Azure Resource Manager using these proxy resource providers, the operations appear in the Activity Log. 如果在 Azure 资源管理器代理外部与经典资源类型进行交互,则操作只会记录在操作日志中。If you interact with a Classic resource type outside of the Azure Resource Manager proxies, your actions are only recorded in the Operation Log. 可以在门户的一个单独部分中浏览操作日志。The Operation Log can be browsed in a separate section of the portal.

平台日志概述

查看平台日志Viewing platform logs

可以通过不同的选项查看和分析不同的 Azure 平台日志。There are different options for viewing and analyzing the different Azure platform logs.

  • 查看 Azure 门户中的活动日志,并通过 PowerShell 和 CLI 访问事件。View the Activity log in the Azure portal and access events from PowerShell and CLI. 有关详细信息,请参阅查看活动日志See View the Activity log for details.
  • 在 Azure 门户中查看 Azure Active Directory 的安全和活动报表。View Azure Active Directory Security and Activity reports in the Azure portal. 请参阅什么是 Azure Active Directory 报告?See What are Azure Active Directory reports? 以获取详细信息。for details.
  • 资源日志由受支持的 Azure 资源自动生成,但这些资源不能查看,除非你将它们发送到目标Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you send them to a destination.

DestinationsDestinations

可以将平台日志发送到下表中的一个或多个目标,具体取决于监视要求。You can send platform logs to one or more of the destinations in the following table depending on your monitoring requirements. 通过创建诊断设置为平台日志配置目标。Configure destinations for platform logs by creating a Diagnostic setting.

目标Destination 说明Description
Log Analytics 工作区Log Analytics workspace 一起分析所有 Azure 资源的日志,并利用提供给 Azure Monitor 日志的所有功能,包括日志查询日志警报Analyze the logs of all your Azure resources together and take advantage of all the features available to Azure Monitor Logs including log queries and log alerts. 将日志查询的结果固定到 Azure 仪表板,或将其作为交互式报表的一部分包含在工作簿中。Pin the results of a log query to an Azure dashboard or include it in a workbook as part of an interactive report.
事件中心Event hub 向 Azure 外部发送平台日志数据,例如,向第三方 SIEM 或自定义遥测平台发送。Send platform log data outside of Azure, for example to a third-party SIEM or custom telemetry platform.
Azure 存储Azure storage 将日志存档供审核或备份。Archive the logs for audit or backup.

后续步骤Next steps