![]() An example of a Security event is Suspicious double extension file executed.Ĭontains records of all effect action operations performed by Azure Policy. An example of an Autoscale event is Autoscale scale up action failed.Ĭontains recommendation events from Azure Advisor.Ĭontains the record of any alerts generated by Microsoft Defender for Cloud. An example of an Alert event is CPU % on myVM has been over 80 for the past 5 minutes.Ĭontains the record of any events related to the operation of the autoscale engine based on any autoscale settings you have defined in your subscription. Additionally, Resource Health events can be categorized as being Platform Initiated or User Initiated.Ĭontains the record of activations for Azure alerts. Resource Health events can represent one of four health statuses: Available, Unavailable, Degraded, and Unknown. An example of a Resource Health event is Virtual Machine health status changed to unavailable. These events are only created if you have a resource in the subscription that would be impacted by the event.Ĭontains the record of any resource health events that have occurred to your Azure resources. Service Health events come in Six varieties: Action Required, Assisted Recovery, Incident, Maintenance, Information, or Security. An example of a Service Health event SQL Azure in East US is experiencing downtime. Administrative events also include any changes to Azure role-based access control in a subscription.Ĭontains the record of any service health incidents that have occurred in Azure. If the operation type is Write, Delete, or Action, the records of both the start and success or fail of that operation are recorded in the Administrative category. Examples of Administrative events include create virtual machine and delete network security group.Įvery action taken by a user or application using Resource Manager is modeled as an operation on a particular resource type. CategoryĬontains the record of all create, update, delete, and action operations performed through Resource Manager. A mapping of the properties to the resource logs schema is provided in the last section of the article. The schema is different when you stream the Activity log to storage or Event Hubs. ![]() See the sections below for more detail on each category and its schema when you access the Activity log from the portal, PowerShell, CLI, and REST API. CategoriesĮach event in the Activity Log has a particular category that is described in the following table. Be sure to consider this fact when deciding what events to alert on. For example, items that are "critical" to a particular resource taken in isolation may not be as important as "errors" in a resource type that is central to your Azure application. As a result, the actual severity to you can vary depending on how your application is built. The developers of each resource provider choose the severity levels of their resource entries. Similar to a note that says: "For your information". Indicate that a resource is not in an ideal state and may degrade later into showing errors or critical events.Įvents that pass noncritical information to the administrator. May indicate that an application or system has failed or stopped responding.Įvents that indicate a problem, but do not require immediate attention.Įvents that provide forewarning of potential problems, although not an actual error. Severity level can have one of the following values: SeverityĮvents that demand the immediate attention of a system administrator. ![]()
0 Comments
Leave a Reply. |