Send Azure Logs with the Datadog Resource

Overview

Use this guide to set up and manage logging directly from your Azure subscriptions to Datadog through the Datadog resource in Azure. You can manage the collection of three kinds of Azure logs. Find instructions and additional details in the sections below:

Note: The Datadog resource in Azure is only available to Datadog organizations on the Datadog US3 site. If you are using any other Datadog site, see the Send Azure Logs to Datadog guide for configuration options.

Activity logs

Provide insight into the operations on your resources at the control plane. Updates on service health events are also included. Use the activity log to determine the what, who, and when for any write operations (PUT, POST, DELETE).

To send activity logs to Datadog, select Send subscription activity logs. If this option is left unchecked, none of the activity logs are sent to Datadog.

When log collection is enabled, the Datadog resource automatically modifies the logging configurations of App Services. Azure triggers a restart for App Services when their logging configurations change.

Azure resource logs

Provide insight into operations taken on Azure resources at the data plane. For example, getting a secret from a key vault or making a request to a database are data plane operations. The content of resource logs varies by the Azure service and resource type.

To send Azure resource logs to Datadog, select Send Azure resource logs for all defined resources. The types of Azure resource logs are listed in the Azure Monitor Resource Log categories. When this option is selected, all resource logs are sent to Datadog, including any new resources created in the subscription.

You can optionally filter the set of Azure resources sending logs to Datadog using Azure resource tags.

Tag rules for sending logs

  • Azure resources with include tags send logs to Datadog.
  • Azure resources with exclude tags don’t send logs to Datadog.
  • If there’s a conflict between inclusion and exclusion rules, exclusion takes priority.

For example, the screenshot below shows a tag rule where only those virtual machines, virtual machine scale sets, and app service plans tagged as Datadog = True send metrics and logs to Datadog.

Azure US3 create a Datadog resource logs

Azure Active Directory (Azure AD) logs

Azure AD logs contain the history of sign-in activity and an audit trail of changes made in Azure AD for a particular tenant. To send these logs to Datadog, first complete the process to create a Datadog resource. Once you have a Datadog resource in Azure, follow the setup steps in the Datadog in the Azure Portal guide.

The Datadog resource in Azure is only available for organizations on Datadog's US3 site. If you're using a different Datadog site, see the Send Azure Logs to Datadog guide for configuration options. If you're using the Datadog US3 site, change the site selector on the right of this page.

Further Reading

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data