Export Azure Audit Logs to Azure Event Hubs – Step by Step Procedure to Establish Connection from Audit Logs to Event Hubs

Sathish Nadarajan
 
Solution Architect
July 9, 2020
 
Rate this article
 
Views
2641

In this article, let us see how to connect the Azure Audit Logs with the Azure Event Hubs. Basically, I want to trigger an Azure Function when entry happens on the Audit Logs.
But there is no straight forward Event Receivers attached with the Audit Logs. Hence, we need to Export the audit log entries to the Event Hubs. Let us see step by step procedure.
1. I am creating a New Resource Group for this demo.

2. Create a New Event Hub

3. Provide appropriate name and the resource groups etc.,

4. After the EventHub Namespace, we are going to create the Event Hub.

5. Once, it got created, we can see the list of events in the “Process Data” section.

6. In the process data, we can see the below screen.

7. Click on Explore and Give permission to Create a consumer group.

8. Now, we are ready with the Event Hub.

9. Now, let us go back to Audit Logs. Click on Azure Active Directory and Audit Logs.

10. We should be able to see the audit logs based up on the filtering criteria.

11. Click on “Export Data Settings”

12. Now, we are going to “Add Diagnostics settings”

13. With this, we established the connection between the Audit Logs and the Event Hubs.

14. We can see that in action. I am going to delete a user from my Active Directory, so that that will be captured in the Audit Logs. Once it is captured in the Audit Logs, it will insert a new Event in the Event Hub. Let us see that in action.

15. I deleted the user4 from the Active directory and let us go back to our Audit Logs to see that.

In the audit Log, I was able to see the action.
Now, let us confirm whether the event is created for this Audit Log. For that, let us go to the Event Hub and do a query.
Note, It may take few mins to reflect on the Event Hub. For me, it took around 5 – 10 mins.

16. Go to the Event Hub and Process data.

17. After executing the query, we will get out results.

We can download the JSON file and process with that data. Hope this helps. In the next article, let us see how to attach a Azure Function with this event. Basically attaching an Event Receiver for this Event.

Happy Coding
Sathish Nadarajan

Category : Azure

Author Info

Sathish Nadarajan
 
Solution Architect
 
Rate this article
 
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 15+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business ...read more
 

Leave a comment