Compliance, audit and tracking is one of the major requirement and feature on Azure services.
With that in mind a new audit capability is being currently in preview for Azure Blog Storage: Change Feed.
With Change Feed support for Azure Blog Storage you will get a continuous read-only logging on all actions executed on a blog storage, from creation to deletion, organized in hourly blocks.
This log is append to your storage account, which means you can also manage the retention and RBAC based on your own needs and requirements.
This will be particularly handy for bulk handing of large volume of blob changes; some of the interesting scenario for this feature are:
- Bulk processing a group of newly uploaded files for virus scanning, resizing, or backups
- Storing, auditing, and analyzing changes to your objects over any period of time for data management or compliance
- Combining data uploaded by various IoT sensors into a single collection for data transformation and insights
- Additional data movement by synchronizing with a cache, search engine, or data warehouse
NOTE this is only available in westcentralus and westus2 regions during the preview
As this feature is currently in preview, you will have first to register your subscription(s) using the below PowerShell or Azure Cli commands (don’t forget to switch your current subscription if you have multiple subscriptions using the Set-AzContext –SubscriptionId or az account set –subscription command):
PowerShell command
Register-AzProviderFeature -FeatureName Changefeed -ProviderNamespace Microsoft.Storage
Register-AzResourceProvider -ProviderNamespace Microsoft.Storage
Azure Cli command
az feature register –namespace Microsoft.Storage –name Changefeed
az provider register –namespace ‘Microsoft.Storage’
Once registered, the Change Feed is enabled, a new container – named $blobchangefeed – in your Storage account is created.
NOTE this container is currently not visible using either Azure portal or Azure Storage Explorer.
You need to use the ListContainers API; you can check this documentation https://docs.microsoft.com/en-au/azure/storage/blobs/storage-blob-change-feed-how-to
You can share your feedbacks with the team by sending an email to AzureStorageFeedback@microsoft.com
but how do you read these logs?