Forum Discussion
mbenic
Jan 06, 2020Copper Contributor
Is it possible to list Azure Storage Account account key access attempts?
While I can access the Activity log for our storage account and see my activity on the Azure web console, I'd like to be able to report on at least failed and ideally also successful attempts to conn...
hspinto
Microsoft
Jan 06, 2020Hello, mbenic!
You can monitor all (un)successful access to your Storage Account with Storage Analytics logging. See the official documentation and a very good series of blog posts (by azsec) about monitoring Azure Storage (1, 2, 3 & 4). Hope this helped!
- mbenicJan 07, 2020Copper Contributor
hspinto thanks. I see this is already enabled on my storage account, but the $logs container is empty. I noticed this the documentation you linked under a list of authentication requests that will be logged:
"Requests using a Shared Access Signature (SAS) or OAuth, including failed and successful requests"
Does this imply that requests using a connection string with an Account Key will not be logged?
- hspintoJan 07, 2020
Microsoft
mbenic, all requests, including Storage Account key-based ones, are logged in Storage Analytics. Storage Account-key requests are logged with "authenticated" as "authentication_type". If you don't see anything in the $logs container maybe your Storage Account is not being accessed or you have a short retention period or you haven't correctly configured logging, which should have all "Logging" checkboxes enabled.