Configuring diagnostic settings on resources

You can also configure diagnostic settings on different Azure resources. There are two types of diagnostic logs available in Azure Monitor:

• Tenant logs: These logs consist of all the tenant-level services that exist outside of an Azure subscription. An example of this is the Azure Active Directory logs.
• Resource logs: These logs consist of all the data from the resources that are deployed inside an Azure subscription; for example, virtual machines, storage accounts, and network security groups.

The contents of these logs are different for every Azure resource. These logs differ from guest OS-level diagnostic logs. To collect OS-level logs, an agent needs to be installed on the virtual machine. The diagnostic logs don't require an agent to be installed; they can be accessed directly from the Azure portal.

The logs that can be accessed are stored inside a storage account and can be used for auditing or manual inspection purposes. You can specify the retention time in days by using the resource diagnostic settings. You can also stream the logs to event hubs to analyze them in PowerBI, or insert them into a third-party service. These logs can also be analyzed with Azure Monitor. Then, there will be no need to store them in a storage account first.