Choose the right Azure logging service for your monitoring needs

Azure has two logging services -- Activity Log and Diagnostic Log – and both have distinct features, like the ability to monitor platform-level events versus guest OSes.

For IT teams that manage cloud infrastructure, it's critical to monitor system performance and log files. Microsoft...

offers a handful of services on Azure to track both system and application performance, as well as review events that are written to logging services.

There are two specific Azure logging options: Activity Log, which provides insights into changes that have taken place at the platform level, and Diagnostic Log, which provides visibility into the guest OSes that power VMs.

Here's a closer look at each Azure logging service to understand the key differences and when to use one versus the other.

Azure Activity Log

Activity Log is an Azure logging service dedicated to events that take place on the cloud platform. Each Azure subscription has a log stream that contains all events that make changes to the cloud resources you run. For example, in Activity Log, you can review which Azure resources were changed, when those changes occurred and who or what performed the change. This provides an audit trail and enables administrators to see detailed information about any resource modifications.

In addition to tracking resource changes, Activity Log provides information about Azure service health, such as availability issues and outages. You can query this information in a variety of ways, including through the Azure portal or with command-line tools, like PowerShell and the Azure command line. For more sophisticated processing, stream log data to Azure Event Hubs and feed it into a custom analytics system, such as PowerBI. You can also export data from Activity Log to an Azure storage account for manual inspection and long-term retention. This is helpful when you need to store records of activity logs for compliance purposes.

It's possible to create alerts for Activity Log events. First, navigate to any resource group or individual resource in the Azure portal. Under the Monitoring section, you'll see an option for Alert Rules. Within Alert Rules, click Add activity log alert, as shown in Figure 1 below.

Azure Activity Log alerts
Figure 1. Add alerts for Activity Log events.

When you create an Activity Log alert, you can choose a specific event category, such as service health issues, administrative events or resource health. In the example in Figure 2 below, I've configured an alert for restarts of a particular VM. If anyone reboots that machine, an alert is sent via email based on the actions configured for the alert.

Azure Activity Log category alerts
Figure 2. Choose an event category for Activity Log alerts.

Rather than send alerts via email, you can configure actions to send alerts via SMS text messages. You can also invoke a webhook, which enables you to make a call to a third-party HTTP API.

Azure Diagnostic Logs

In addition to keeping an eye on platform-level events, you can retrieve log data from guest OSes in Azure. For example, as part of the Azure Monitoring service, you can enable guest-level monitoring of VMs. This installs a VM extension that runs as an agent inside the VM. You can then monitor guest-level performance metrics, such as CPU or memory utilization, as well as the logs on those VMs.

The diagnostics extension is available for both Windows- and Linux-based VMs.

Again, there are a number of ways to use this Azure logging service. Like you can with Activity Log, you can export data from Diagnostic Logs to an Azure storage account or stream it to Azure Event Hubs for custom processing.

Another option is to send Diagnostic Logs data to Operations Management Suite Log Analytics. This is a cloud-based service from Microsoft that enables teams to monitor both cloud and on-premises environments. It collects data generated by a variety of sources and provides analytics tools for those resources.

To enable diagnostic Azure logging for VMs, navigate to the Monitoring section, and click Diagnostic settings. You'll see an option like the one in Figure 3 below to enable guest-level monitoring.

Azure Activity Log guest-level monitoring
Figure 3. Enable guest-level monitoring.

Once installed, click on the Logs tab, and enable the log sources from which you want to retrieve data. You can also install the diagnostics extension from command-line tools as well.

Next Steps

Compare log management tools from Amazon Web Services, Azure and Google Cloud Platform

Check out Azure's higher-level services

Manage Azure with the latest cloud tools

Dig Deeper on Cloud application monitoring and performance