New Blog Post | Moving Azure Activity Connector to an improved method

%3CLINGO-SUB%20id%3D%22lingo-sub-2483155%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Moving%20Azure%20Activity%20Connector%20to%20an%20improved%20method%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2483155%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1624563819279.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F291078i80E1F0748047B53E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1624563819279.png%22%20alt%3D%22JasonCohen1892_0-1624563819279.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmoving-azure-activity-connector-to-an-improved-method%2Fba-p%2F2479552%22%20target%3D%22_blank%22%3EMoving%20Azure%20Activity%20Connector%20to%20an%20improved%20method%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThe%20Azure%20Activity%20connector%20used%20a%20legacy%20method%20for%20collecting%20Activity%20log%20events%2C%20prior%20to%20its%20adoption%20of%20the%20diagnostic%20settings%20pipeline.%20If%20you're%20using%20this%20legacy%20method%2C%20you%20are%20strongly%20encouraged%20to%20upgrade%20to%20the%20new%20pipeline%2C%20which%20provides%20better%20functionality%20and%20consistency%20with%20resource%20logs.%20Diagnostic%20settings%20send%20the%20same%20data%20as%20the%20legacy%20method%20used%20to%20send%20the%20Activity%20log%20with%20some%20changes%20to%20the%20structure%20of%20the%26nbsp%3B%3CEM%3EAzureActivity%3C%2FEM%3E%26nbsp%3Btable.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20are%20some%20of%20the%20key%20improvements%20resulting%20from%20the%20move%20to%20the%20diagnostic%20settings%20pipeline%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EImproved%20ingestion%20latency%20(event%20ingestion%20within%202-3%20minutes%20of%20occurrence%20instead%20of%2015-20%20minutes).%3C%2FLI%3E%0A%3CLI%3EImproved%20reliability.%3C%2FLI%3E%0A%3CLI%3EImproved%20performance.%3C%2FLI%3E%0A%3CLI%3ESupport%20for%20all%20categories%20of%20events%20logged%20by%20the%20Activity%20log%20service%20(the%20legacy%20mechanism%20supports%20only%20a%20subset%20-%20for%20example%2C%20no%20support%20for%20Service%20Health%20events).%3C%2FLI%3E%0A%3CLI%3EManagement%20at%20scale%20with%20Azure%20policy.%3C%2FLI%3E%0A%3CLI%3ESupport%20for%20MG-level%20activity%20logs%20(coming%20in%20preview%20now).%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2483155%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

JasonCohen1892_0-1624563819279.png

Moving Azure Activity Connector to an improved method - Microsoft Tech Community

The Azure Activity connector used a legacy method for collecting Activity log events, prior to its adoption of the diagnostic settings pipeline. If you're using this legacy method, you are strongly encouraged to upgrade to the new pipeline, which provides better functionality and consistency with resource logs. Diagnostic settings send the same data as the legacy method used to send the Activity log with some changes to the structure of the AzureActivity table.

 

Here are some of the key improvements resulting from the move to the diagnostic settings pipeline:

  • Improved ingestion latency (event ingestion within 2-3 minutes of occurrence instead of 15-20 minutes).
  • Improved reliability.
  • Improved performance.
  • Support for all categories of events logged by the Activity log service (the legacy mechanism supports only a subset - for example, no support for Service Health events).
  • Management at scale with Azure policy.
  • Support for MG-level activity logs (coming in preview now).
0 Replies