Skip to main content
Sumo Logic

Azure Audit

The Azure Audit App allows you to collect data from the Azure Activity Log (formerly known as Azure Audit logs) and monitor the health of your Azure environment. The App provides preconfigured Dashboards that allow you to monitor Active Directory activity, resource usage, service health, and user activity.  Logs can be collected in two ways - from Event Hub, and from Azure Insight API using Sumo Powershell scripts.

This guide walks you through the tasks you'll perform to collect Azure Audit logs from Event Hub:

  1. Create an Event Hub.
  2. Export activity logs to the Event Hub. 
  3. Create a Function App.
  4. Define the required environment variables. 
  5. Deploy the function.
  6. Then, install the Sumo Logic App for Azure Audit.

Log Types

The Azure Audit App uses the following logs: