Brittany Coppola
Michael Cronk
Altan Gulen
Ava Silver
Matt Spurlin
Collecting and forwarding Azure platform logs has traditionally been a complex, manual process, requiring you to configure and manage Azure Monitor diagnostic settings, Event Hubs, and Azure Functions apps. This process extends setup time, introduces maintenance burden, and adds cost—both when setting up new environments and scaling existing ones.
Datadog’s new automated log forwarding feature removes this friction by automating the setup and configuration of the diagnostic settings and Azure services needed to send Azure platform logs to Datadog.
In this blog post, we’ll cover the key benefits of this new feature, how it works, and how to get started configuring the feature via the Datadog Azure integration.
Key benefits of automating Azure log forwarding
The new log forwarding feature automates forwarding of different kinds of platform logs that are essential for visibility, compliance, and troubleshooting. This includes Microsoft Entra ID sign-in logs (such as user login attempts), audit logs (like role assignments or resource permission changes), and activity logs (for events such as the creation or deletion of Azure VMs).
This automation provides the following benefits:
-
Reduced operational overhead by automatically setting up and scaling the Azure services needed to forward logs from your Azure environment.
-
Faster setup by automatically deploying log forwarding infrastructure to any Azure subscriptions you select.
-
Improved reliability and reduced Azure costs, as your Azure log forwarding services will be scaled down to reduce spend when lower log volume is detected, or scaled up to handle higher log volumes.
How automated Azure log forwarding works
Deploying automated log forwarding works through two key components created in your Azure environment.
First, a control plane (deployed once per region through Azure Functions) handles the orchestration of log forwarders across your subscriptions. The control plane is responsible for deploying and monitoring the log forwarding infrastructure. It also automatically scales log forwarders based on log volume.
Second, log forwarders (created through Azure Functions and Azure storage accounts) are deployed in each subscription you set as within scope. These log forwarders collect platform logs from diagnostic settings in Azure Monitor, and temporarily store logs for buffering before sending them to Datadog.
Please see the Azure Automated Log Forwarding Architecture and Configuration guide for more details about the technical architecture and configuration.
Setting up the ARM template in the Azure integration
You set up the automated forwarding feature by configuring an ARM template accessed through Datadog’s Azure integration.
To get started, perform the following steps:
-
Open the Azure integration page in Datadog.
-
Launch the ARM template. Click on “Add Log Collection” to open up the ARM template in the Azure portal.
-
Configure your deployment. Fill in the fields in the ARM template, including the region where the control plane will be deployed, and the Azure subscriptions for which you want to configure log forwarding.
-
Run the ARM template in your Azure environment.
-
View your logs in Datadog Log Management. Azure logs will be visible in Datadog a few minutes after deployment has completed.
Get started with automated Azure log forwarding today
By automating log forwarding to Datadog, you can reduce operational overhead and complexity while providing reliable, scalable log collection across your Azure environment. To read more about this new feature, check out the Azure Automated Log Forwarding Architecture and Configuration guide. Not a Datadog customer yet? Sign up for a 14-day free trial to start monitoring your Azure environment with Datadog today.
