question

venkatnathan-1872 avatar image
0 Votes"
venkatnathan-1872 asked Sumarigo-MSFT commented

Azuare storage account - Rename the directory

Hi,

I need small clarification. I am using azure storage account V2 (general purpose v2). Yesterday, someone renamed the main directory in the blob container. we are not sure who did this. Is there any way to find out who renamed the particular folder ? Please help me.

Thanks,
Venkat

azure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sumarigo-MSFT avatar image
0 Votes"
Sumarigo-MSFT answered Sumarigo-MSFT commented

@venkatnathan-1872 Welcome to Microsoft Q&A Forum, Thank you for posting query here!

I assume it's ADLS Gen 2 Storage account, we have folder rename option only in adls gen 2 account (Since we don't have folder rename option in GPV2 Storage account, we can only clone the folder in GPV2 storage account)? You can see all the activity in performed under $logs folder , you can use Azure Storage explorer tool or portal to view the logs

127808-image.png

All logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account. The $logs container is located in the blob namespace of the storage account, for example: http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, though its contents can be deleted. If you use your storage-browsing tool to navigate to the container directly, you will see all the blobs that contain your logging data.

The $logs container is not displayed when a container listing operation is performed, such as the List Containers operation. It must be accessed directly. For example, you can use the List Blobs operation to access the blobs in the $logs container. Learn more here

It also depends on what type of authentication the user has logged to find the time stamp.

Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.




image.png (3.4 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @Sumarigo-MSFT. Do you think rename operation also will be covered as part of logging ?

0 Votes 0 ·
Sumarigo-MSFT avatar image Sumarigo-MSFT venkatnathan-1872 ·

@venkatnathan-1872 Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

You can try this kusto query to find out the information files and folders in a container:

To get this details, make sure to enable the diagnostics settings for the storage account: https://docs.microsoft.com/en-us/answers/questions/552843/index.html


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members(Original posters help the community find answers faster by identifying the correct answer. )


0 Votes 0 ·

Thanks @Sumarigo-MSFT. Sorry for the delayed response. I have enabled diagnostic seeting (Classic) in azure storage (general purpose v2). Logging version is 2.0. Now, Log entries are stored under $log container in the below format.

<version-number>;<request-start-time>;<operation-type>;<request-status>;<http-status-code>;<end-to-end-latency-in-ms>;<server-latency-in-ms>;<authentication-type>;<requester-account-name>;<owner-account-name>;<service-type>;<request-url>;<requested-object-key>;<request-id-header>;<operation-count>;<requester-ip-address>;<request-version-header>;<request-header-size>;<request-packet-size>;<response-header-size>;<response-packet-size>;<request-content-length>;<request-md5>;<server-md5>;<etag-identifier>;<last-modified-time>;<conditions-used>;<user-agent-header>;<referrer-header>;<client-request-id>;<user-object-id>;<tenant-id>;<application-id>;<audience>;<issuer>;<user-principal-name>;<reserved-field>;<authorization-detail>

But, I want to see the user, who modified/deleted the blob file, information. Actually, such information is null/blank in log files when i look <user-principal-name> or <user-object-id>.

Is there any specific reason ? Could you please tell me if I miss anything here.




0 Votes 0 ·
Sumarigo-MSFT avatar image Sumarigo-MSFT venkatanathan-7551 ·

@venkatnathan-1872 Firstly, apologies for the delay response here! This is all that is currently offered as an option, as there are limitations on what is logged due to Protected Identifiable Information: which can't be shared doe to restriction in public forum. I would recommend you to contact support, so If you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to AzCommunity[at]Microsoft[dot]com referencing this thread as well as your subscription ID. Please mention "ATTN subm" in the subject field. Thank you for your cooperation on this matter and look forward to your reply.

I also recommended that you add your voice to the feedback channels for our Product Group here: Audit logging on Azure Files – Customer Feedback for ACE Community Tooling



Please do not forget to 140623-image.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 Votes 0 ·
image.png (1.1 KiB)