Monitor log profile should be created¶
A log profile controls how an activity log is exported. By default, activity logs are retained only for 90 days. Log profiles should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.
Portal Remediation Steps¶
Note that log profiles are now a legacy method for sending the activity log to Azure storage or event hubs.
Navigate to Monitoring > Activity Log.
Click Diagnostic settings and select “Looking for the legacy experience? Click here to launch the ‘Export activity log’ blade.”
Select the Subscription from the drop-down.
Select the desired regions.
Select one or both of the following:
Export to a storage account. Select a storage account.
Export to an event hub. Select a service bus namespace.
Set the retention period in days.
0means logs are kept forever.
CLI Remediation Steps¶
To create a log profile, use the
az monitor log-profiles createcommand with the desired flags (see the Azure documentation for details):
az monitor log-profiles create --categories create --days --enabled true --location --locations --name [--service-bus-rule-id] [--storage-account-id] [--subscription] [--tags]