You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/tutorial-purview-audit-logs-diagnostics.md
+51-53Lines changed: 51 additions & 53 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,98 +15,96 @@ This guide lists step-by-step configuration on how to enable and capture Azure P
15
15
16
16
## Customer Intent
17
17
18
-
As an Azure Purview administrator or Azure Purview data-source admin, I want the ability to capture, view and monitor audit and diagnostics logs captured from [Azure Purview](https://azure.microsoft.com/services/purview/#get-started) service. Audit and diagnostics information consists of timestamped activity history of actions taken and changes made on the Purview account by every user. Captured activity history includes actions on [Azure Purview portal](https://ms.web.purview.azure.com) as well as outside the portal (such as calling [Purview REST APIs](/rest/api/purview/) that perform write operations). To enable audit logging on Purview, let's go through a step-by-step guide on how to configure and capture streaming audit events from Azure Purview via Azure Diagnostics Event Hubs service.
19
-
20
-
21
-
### Purview Audit History - Categorization of Events
22
-
23
-
- Some of the important categories of Azure Purview audit events that are currently available for capture and analysis are listed in the table.
24
-
- More types and categories of activity audit events are being added to Purview in the coming months.
As an Azure Purview administrator or Azure Purview data-source admin, I want the ability to capture, view and monitor audit and diagnostics logs captured from [Azure Purview](https://azure.microsoft.com/services/purview/#get-started) service. Audit and diagnostics information consists of timestamped activity history of actions taken and changes made on the Azure Purview account by every user. Captured activity history includes actions on [Azure Purview portal](https://ms.web.purview.azure.com) and outside the portal (such as calling [Azure Purview REST APIs](/rest/api/purview/) that perform write operations). To enable audit logging on Azure Purview, let's go through a step-by-step guide on how to configure and capture streaming audit events from Azure Purview via Azure Diagnostics Event Hubs service.
19
+
20
+
### Azure Purview Audit History - Categorization of Events
21
+
22
+
- Some of the important categories of Azure Purview audit events that are currently available for capture and analysis are listed in the table.
23
+
- More types and categories of activity audit events are being added to Azure Purview in the coming months.
- Create an [Azure Event Hubs Namespace and an Azure event hub using Azure ARM Template (GitHub)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.eventhub/eventhubs-create-namespace-and-enable-capture). While this automated Azure ARM Template will deploy and finish creating your Event Hubs with the required configuration; follow these guides for more detailed step by step explanations and manual setup: [Azure Event Hubs: Use Azure Resource Manager Template to enable event hub capture](../event-hubs/event-hubs-resource-manager-namespace-event-hub-enable-capture.md) and [Azure Event Hubs: Enable capturing of events streaming manually using Azure portal](../event-hubs/event-hubs-capture-enable-through-portal.md)
48
+
- Create an [Azure Event Hubs Namespace using Azure ARM Template (GitHub)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.eventhub/eventhubs-create-namespace-and-enable-capture). While this automated Azure ARM Template will deploy and finish creating your Event Hubs with the required configuration; follow these guides for more detailed step by step explanations and manual setup: [Azure Event Hubs: Use Azure Resource Manager Template to enable Event Hubs capture](../event-hubs/event-hubs-resource-manager-namespace-event-hub-enable-capture.md) and [Azure Event Hubs: Enable capturing of events streaming manually using Azure portal](../event-hubs/event-hubs-capture-enable-through-portal.md)
50
49
51
-
### Connect Purview Account to Diagnostics Event Hubs
50
+
### Connect Azure Purview Account to Diagnostics Event Hubs
52
51
53
-
- Now that Event Hubs is deployed and created, connect Azure Purview diagnostics audit logging to this event hub.
52
+
- Now that Event Hubs is deployed and created, connect Azure Purview diagnostics audit logging to this Event Hubs.
54
53
55
-
- Go To your Purview Account home page (where the overview information is displayed, not the Purview Studio home page.) and follow instructions as detailed below.
54
+
- Go To your Azure Purview Account home page (where the overview information is displayed, not the Azure Purview Studio home page.) and follow instructions as detailed below.
56
55
57
-
-Click "Monitoring" -> "Diagnostic Settings" in the left navigation menu.
56
+
-Select "Monitoring" -> "Diagnostic Settings" in the left navigation menu.
-Click "Add Diagnostic Settings" or "Edit Setting". Adding more than one row of diagnostic setting in the context of Purview isn't recommended. In other words, if you already have a diagnostic setting row added, don't click "Add Diagnostic"; click "Edit" instead.
60
+
-Select "Add Diagnostic Settings" or "Edit Setting". Adding more than one row of diagnostic setting in the context of Azure Purview isn't recommended. In other words, if you already have a diagnostic setting row added, don't select "Add Diagnostic"; select "Edit" instead.
62
61
63
62
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-f.png" alt-text="Add or Edit Diagnostic Settings screen." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-f.png":::
64
63
65
-
- Ensure to select checkbox "audit" and "allLogs" to enable collection of Purview audit logs. Optionally, select "allMetrics" if you wish to capture DataMap Capacity Units and Data Map size metrics of the Purview account as well.
64
+
- Ensure to select checkbox "audit" and "allLogs" to enable collection of Azure Purview audit logs. Optionally, select "allMetrics" if you wish to capture DataMap Capacity Units and Data Map size metrics of the Azure Purview account as well.
- Diagnostics Configuration on the Azure Purview account is complete.
70
69
71
-
-Now that Azure Purview diagnostics audit logging configuration is complete, configure the data capture and data retention settings for the Event Hub.
70
+
- Now that Azure Purview diagnostics audit logging configuration is complete, configure the data capture and data retention settings for the Event Hubs.
72
71
73
-
- Go to [Azure portal](https://portal.azure.com) home page and search the name of the Event Hubs Namespace you created in *Step-1*.
74
-
75
-
- Navigate to the Event Hubs Namespace. Select the event hub and click "Capture Data".
72
+
- Go to [Azure portal](https://portal.azure.com) home page and search the name of the Event Hubs Namespace you created in *Step-1*.
76
73
77
-
- Supply the name of the Event Hubs Namespace and the event hub where you would like the audit and diagnostics to be captured and streamed. Modify the "Time Window" and "Size Window" values for retention period of streaming events. Click Save.
74
+
- Navigate to the Event Hubs Namespace. Select the Event Hubs and select "Capture Data".
78
75
79
-
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-h.png" alt-text="Capture Settings on Event Hubs Namespace and event hub." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-h.png":::
76
+
- Supply the name of the Event Hubs Namespace and the Event Hubs where you would like the audit and diagnostics to be captured and streamed. Modify the "Time Window" and "Size Window" values for retention period of streaming events. Select Save.
80
77
81
-
- Optionally, go to "Properties" on the left navigation menu and change the "Message Retention" to any value between 1-7 days. Retention period value depends on the frequency of scheduled jobs/scripts you've created to continuously listen and capture the streaming events. If you schedule a capture once every week, take the slider to 7 days.
78
+
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-h.png" alt-text="Capture Settings on Event Hubs Namespace and Event Hubs." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-h.png":::
- Optionally, go to "Properties" on the left navigation menu and change the "Message Retention" to any value between 1-7 days. Retention period value depends on the frequency of scheduled jobs/scripts you've created to continuously listen and capture the streaming events. If you schedule a capture once every week, take the slider to seven days.
84
81
85
-
- At this stage, the Event Hubs configuration will be complete. Purview will start streaming all its audit history and diagnostics data to this event hub. You can now proceed to read, extract and perform further analytics and operations on the captured diagnostics and audit events.
- At this stage, the Event Hubs configuration will be complete. Azure Purview will start streaming all its audit history and diagnostics data to this Event Hubs. You can now proceed to read, extract and perform further analytics and operations on the captured diagnostics and audit events.
86
85
87
86
### Reading captured "audit" events
88
87
89
-
- Analyzing and making sense of the captured Audit and Diagnostics log data from Purview.
88
+
- Analyzing and making sense of the captured Audit and Diagnostics log data from Azure Purview.
90
89
91
-
- Navigate to "Process Data" on the Event Hubs page to see a preview of the captured Purview audit logs and diagnostics.
90
+
- Navigate to "Process Data" on the Event Hubs page to see a preview of the captured Azure Purview audit logs and diagnostics.
92
91
93
92
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-d.png" alt-text="Configure Event Hubs - Process Data." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-d.png":::
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-b.png" alt-text="Query and Process Purview Audit data on Event Hubs." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-b.png":::
100
+
- Select "Download Sample Data" to download and analyze the results carefully.
104
101
105
-
- Lastly, you can use automatic, periodically scheduled scripts to extract, read and perform further analytics and operations on the Event Hubs audit and diagnostics data. You can even build your own utilities and custom code to extract business value out of the captured audit events. What's more, you can even use these audit logs and transform them to Excel, any database, Dataverse or Synapse, for analytics and reporting using Power BI. While you are free to use any programming or scripting language of your choice to read the event hub, here's one ready-made [Python-based script](https://github.com/Azure/Azure-Purview-API-PowerShell/blob/main/purview_atlas_eventhub_sample.py). Python tutorial on how to [Capture Event Hubs data in Azure Storage and read it by using Python (azure-eventhub)](../event-hubs/event-hubs-capture-python.md)
102
+
:::image type="content" source="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-b.png" alt-text="Query and Process Azure Purview Audit data on Event Hubs." lightbox="./media/tutorial-purview-audit-logs-diagnostics/azure-purview-diagnostics-audit-eventhub-b.png":::
106
103
104
+
- Lastly, you can use automatic, periodically scheduled scripts to extract, read and perform further analytics and operations on the Event Hubs audit and diagnostics data. You can even build your own utilities and custom code to extract business value out of the captured audit events. What's more, you can even use these audit logs and transform them to Excel, any database, Dataverse or Synapse, for analytics and reporting using Power BI. While you're free to use any programming or scripting language of your choice to read the Event Hubs, here's one ready-made [Python-based script](https://github.com/Azure/Azure-Purview-API-PowerShell/blob/main/purview_atlas_eventhub_sample.py). Python tutorial on how to [Capture Event Hubs data in Azure Storage and read it by using Python (azure-eventhub)](../event-hubs/event-hubs-capture-python.md)
107
105
108
106
## Next steps
109
107
110
108
Kickstart your Azure Purview journey in less than 5 minutes. Enable Diagnostic Audit Logging from the beginning of your journey!
111
-
> [!div class="nextstepaction"]
112
-
> [Azure Purview: automated New Account Setup](https://aka.ms/PurviewKickstart)
109
+
> [!div class="nextstepaction"]
110
+
> [Azure Purview: automated New Account Setup](https://aka.ms/PurviewKickstart)
0 commit comments