Jan 25 2020 01:42 PM
Jan 25 2020 01:42 PM
We are exporting activity logs to a separate storage account based on the new method of selecting diagnostic settings (refer attached screenshot) however I don't see an option to setup retention. Does that mean activity logs will retain in storage account indefinitely?
Appreciate your response.
Jan 26 2020 09:57 AM
Having said that, despite not seeing any retention option when configuring Activity Log export to Azure Storage, you can implement your own policy in the Storage Account itself.
Hope that helps!
Jan 26 2020 10:13 AM
@hspinto - Thanks for your response. Yes I agree with storage lifecycle policy, however we do have option to set up retention while exporting NSG flow logs (through Network watcher) to these storage account v2 . This enabling us to see this retention policy rule automatically created under storage lifecyle policy. So not sure why we don't have such option while enabling retention at activity log level which would have created retention policy rule automatically??
Second Question: I am enabling immutable storage policy by setting up lock time based retention policy for 365 days and then parallely I am enabling storage lifecycle policy having to delete blob after 365 days. Which one will take precedence or how does it work? Any ideas?
Jan 26 2020 10:48 AMSolution
@Jagadt, the storage retention configuration options between Activity Log and NSG Flow Logs are not consistent, as you stated. A recent document confirms that Activity Logs are retained forever in Storage Accounts. However, there might be some good reason for that. For example, NSG Flow Logs also had recently, during some weeks, no retention options available, until it became available again with storage lifecycle integration. So I believe that sooner or later the same will happen to Activity Log.
Regarding the second question, immutable time-based locked policies will take precedence over lifecycle management policies.
Jan 26 2020 10:57 AM
@hspinto - Thanks for the clarification. Based on the consideration referred in the article, it says the below but can we apply lifetime policy to delete the blob based on the retention duration, for example delete blob after 365 days?