Description:
Storage logging is a feature that allows you to collect detailed information about requests made to your Azure Storage resources. This information can be used to troubleshoot problems, monitor usage, and comply with security requirements.

Rationale:
Enabling storage logging for table service requests is important for several reasons:

  • It can help you troubleshoot problems with your table service. For example, if you are experiencing performance issues, you can use the log data to identify the source of the problem.
  • It can help you monitor usage of your table service. The log data can show you how often your tables are being accessed, and which operations are being performed. This information can be used to optimize your table service resources.
  • It can help you comply with security requirements. Some security regulations, such as PCI DSS, require you to collect detailed information about all access to your data. Storage logging can help you meet these requirements.

Impact:
Enabling storage logging for table service requests has the following impact:

  • It will increase the amount of storage used by your storage account. The log data is stored in a separate blob container in your storage account.
  • It may increase the latency of your table service requests. The log data is collected and stored before it is sent to your storage account. This can add a small amount of latency to your requests.

Default Value:
By default, storage logging is not enabled for table service requests.

Pre-requisites:

  • You must have access to the Azure portal or the Azure CLI.
  • You must have the following permissions:
    • Storage Account Contributor
    • Storage Analytics Contributor

Remediation Steps:
To remediate this policy, you must enable storage logging for table service requests. You can do this using the Azure portal or the Azure CLI.

Test Plan:
To test that this policy has been implemented correctly, you can follow these steps:

  1. Check the status of storage logging for table service requests in the Azure portal or the Azure CLI.
  2. Verify that the log data is being collected and stored in your storage account.

Implementation Plan:
To implement this policy, you can follow these steps:

  1. Enable storage logging for table service requests in the Azure portal or the Azure CLI.
  2. Verify that the log data is being collected and stored in your storage account.

Azure Console:
To enable storage logging for table service requests in the Azure portal, follow these steps:

  1. Go to the Azure portal.
  2. Click on the Storage accounts blade.
  3. Select the storage account that you want to enable storage logging for.
  4. Click on the Diagnostics settings blade.
  5. In the Status section, select On.
  6. In the Table properties section, select the Read, Write, and Delete checkboxes.
  7. Click on the Save button.

Azure CLI:
To enable storage logging for table service requests using the Azure CLI, run the following command:

az storage account update --name <storage_account_name> --enable-logging true --table-properties read write delete

Backout Plan:
To back out this change, you can disable storage logging for table service requests. You can do this using the Azure portal or the Azure CLI.

Note:

  • This policy does not apply to blob service requests.
  • You can also enable storage logging for other Azure Storage services, such as blob service and queue service.
  • For more information about storage logging, see the Azure Storage documentation: https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging.

Reference:

  • Azure Storage documentation: https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging

Section 2:

  • Tags: storage, logging, table service
  • Keywords: read, write, delete