azurenetwork-programmingazure-log-analyticsazure-log-analytics-workspace

Where does Azure Log Analytics store the data?


I am not interested in the medium or query engine that Log Analytics uses under the hood. All I need to know is whether the workspace aka the log data is stored in the "public" Azure and if so, could it also be bound to my VNet. I couldn´t find any helpful resource in the docs that describes where the data actually resides.

Any guidance on that is much appreciated.


Solution

  • Good question! and thank you for being concerned about your data. Nowadays, with all that is happening, its good to think about this.

    As you might have guessed, the data is stored in datacenters of the cloud (in the same region you have set up your LA workspace). Data is stored in the OMS repository as records. Even if you move it somewhere else in the cloud, such as blob storage, it will still be on cloud, but you can secure your data by using a private link for your log analytics workspace, according to the doc, this lets you:

    1. Connect privately to Azure Monitor without opening up any public network access.
    2. Ensure your monitoring data is only accessed through authorized private networks.
    3. Prevent data exfiltration from your private networks by defining specific Azure Monitor resources that connect through your private endpoint.
    4. Securely connect your private on-premises network to Azure Monitor by using Azure ExpressRoute and Private Link.
    5. Keep all traffic inside the Azure backbone network.

    An Azure Monitor private link connects a private endpoint to a set of Azure Monitor resources made up of Log Analytics workspaces and Application Insights resources. That set is called an Azure Monitor Private Link Scope. If you check the doc, you will see a diagram, where it shows that this private link scope connects to your VNet through a private endpoint (as usual).

    enter image description here


    Sources: https://github.com/uglide/azure-content/blob/master/articles/log-analytics/log-analytics-data-sources.md

    Storing Azure Log Analytics to an Azure SQL Database

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security