您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

将 Azure AD 日志与 Azure Monitor 日志集成Integrate Azure AD logs with Azure Monitor logs

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中的日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

使用 Azure Monitor 日志可以跨各种数据源查询数据以查找特定事件、分析趋势和执行关联。Azure Monitor logs allows you to query data to find particular events, analyze trends, and perform correlation across various data sources. 通过将 Azure AD 活动日志与 Azure Monitor 日志集成,你现在可以执行以下任务:With the integration of Azure AD activity logs in Azure Monitor logs, you can now perform tasks like:

  • 比较 Azure AD 登录日志与 Azure 安全中心发布的安全日志Compare your Azure AD sign-in logs against security logs published by Azure Security Center

  • 通过从 Azure Application Insights 关联应用程序性能数据,可以解决应用程序登录页上的性能瓶颈。Troubleshoot performance bottlenecks on your application’s sign-in page by correlating application performance data from Azure Application Insights.

Ignite 会话中的以下视频通过实际用户方案演示了将 Azure Monitor 日志用于 Azure AD 日志的优点。The following video from an Ignite session demonstrates the benefits of using Azure Monitor logs for Azure AD logs in practical user scenarios.

本文介绍如何将 Azure Active Directory (Azure AD) 日志与 Azure Monitor 集成。In this article, you learn how to integrate Azure Active Directory (Azure AD) logs with Azure Monitor.

支持的报表Supported reports

可以将审核活动日志和登录活动日志路由到 Azure Monitor 日志以供进一步分析。You can route audit activity logs and sign-in activity logs to Azure Monitor logs for further analysis.

备注

目前不支持 B2C 相关的审核和登录活动日志。B2C-related audit and sign-in activity logs are not supported at this time.

先决条件Prerequisites

若要使用此功能,需满足以下条件:To use this feature, you need:

  • Azure 订阅。An Azure subscription. 如果没有 Azure 订阅,可以注册免费试用版If you don't have an Azure subscription, you can sign up for a free trial.
  • Azure AD 租户。An Azure AD tenant.
  • 一个是 Azure AD 租户的全局管理员或安全管理员的用户。A user who's a global administrator or security administrator for the Azure AD tenant.
  • 在 Azure 订阅中创建 Log Analytics 工作区。A Log Analytics workspace in your Azure subscription. 了解如何创建 Log Analytics 工作区Learn how to create a Log Analytics workspace.

将日志发送到 Azure MonitorSend logs to Azure Monitor

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 选择“Azure Active Directory” > “诊断设置” -> “添加诊断设置”。Select Azure Active Directory > Diagnostic settings -> Add diagnostic setting. 还可以从“审核日志”或“登录”页选择“导出设置”,以转到诊断设置配置页。You can also select Export Settings from the Audit Logs or Sign-ins page to get to the diagnostic settings configuration page.

  3. 在“诊断设置”菜单中,选中“发送到 Log Analytics 工作区”复选框,并选择“配置”。In the Diagnostic settings menu, select the Send to Log Analytics workspace check box, and then select Configure.

  4. 选择要将日志发送到的 Log Analytics 工作区,或在提供的对话框中创建新的工作区。Select the Log Analytics workspace you want to send the logs to, or create a new workspace in the provided dialog box.

  5. 执行下列两项操作或之一:Do either or both of the following:

    • 若要将审核日志发送到 Log Analytics 工作区,请选中“AuditLogs”复选框。To send audit logs to the Log Analytics workspace, select the AuditLogs check box.
    • 若要将登录日志发送到 Log Analytics 工作区,请选中“SignInLogs”复选框。To send sign-in logs to the Log Analytics workspace, select the SignInLogs check box.
  6. 选择“保存”,保存设置。Select Save to save the setting.

    诊断设置

  7. 大约 15 分钟后,验证事件是否已流式传输到 Log Analytics 工作区。After about 15 minutes, verify that events are streamed to your Log Analytics workspace.

后续步骤Next steps