Enable event logs in Azure
Configure Azure object replication to sync IAM service event logs from Atlan to your Azure Blob Storage, enabling continuous security monitoring and SIEM integration.
Prerequisites
You need:
- Existing Azure Storage Account (destination) to receive replicated data
- Both source and destination storage accounts with versioning enabled (see Azure documentation)
- Contributor or higher permissions on your Azure storage account
- Existing containers in the destination storage account
Configure object replication policy
-
Receive the replication policy JSON file from Atlan.
- Atlan creates the initial replication policy and provides the JSON configuration
-
Go to Azure Portal → Your Storage Account → Data management → Object replication.
-
Select Upload replication rules.
-
Upload the JSON policy file received from Atlan.
-
Download the generated JSON file.
- Azure assigns a policyId to the generated JSON
- This file is required for final setup
-
Send the generated JSON file back to Atlan securely.
- Atlan finalizes the replication link from their side
Verify continuous replication
Application audit logs stream to Atlan's Azure Blob Storage in near real time. Once logs are available in Atlan's storage account, they replicate to your organization's Azure Blob Storage container through Azure object replication. Replication is ongoing without delays, ensuring logs are continuously transferred as they're generated.
Logs are stored in your Azure Blob Storage with the following folder structure:
audit/logs/keycloak-events
Logs are stored in JSON format.
See also
- Cloud logging and monitoring: Understand log format, structure, and security details.