How do I know what exactly uploads/accesses to a storage account?

Philip Bauer 0 Reputation points
2024-10-26T11:35:35.8066667+00:00

I'm currently facing a challenge identifying which applications, servers (or other sources) are uploading to specific storage accounts. We have several storage accounts still using TLS 1.0, and I want to upgrade them to TLS 1.2 or 1.3. However, upgrading will require updates on the other side of each connection to avoid breaking the upload or access processes. How can I effectively determine what is connected to these storage accounts to ensure a smooth upgrade?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,303 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,218 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marcin Policht 25,285 Reputation points MVP
    2024-10-26T11:45:32.8033333+00:00
    1. Enable Storage Analytics Logging
      • Location: Azure Portal > Storage Account > Diagnostic settings.
      • What it captures: Logs for requests made to the storage account (including source IPs, user agents, and request types).
      • Analyze logs:
        • Identify unique IPs, request patterns, or client applications based on the logs.
        • Export logs to Log Analytics, Event Hub, or Storage Account for easier querying.
      Log query example (KQL in Log Analytics):
         AzureDiagnostics 
         | where ResourceType == "STORAGEACCOUNTS"
         | where Category == "StorageWrite" or Category == "StorageRead"
         | project TimeGenerated, CallerIpAddress, UserAgent_s, RequestUri_s
      
    2. Check Azure Monitor Metrics
      • Go to Insights > Storage Accounts in Azure Monitor.
      • Monitor incoming connections by protocol version (check for TLS metrics if enabled) and look for unusual access patterns.
    3. Network Logs from NSGs or Firewalls
      • If you’re using Network Security Groups (NSGs) or Azure Firewall, export flow logs to identify connections to your storage accounts.
      • Analyze logs for source IPs and ports connecting to storage account endpoints.
    4. Check Application Insights or Log Traces
      • If applications using the storage accounts are monitored through Application Insights, look for dependencies related to storage access in the telemetry.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.