Tailpipe is an open-source CLI tool that allows you to collect logs and query them with SQL.
Azure provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.
The Azure Plugin for Tailpipe allows you to collect and query Azure logs using SQL to track activity, monitor trends, detect anomalies, and more!
- Get started →
- Documentation: Table definitions & examples
- Community: Join #tailpipe on Slack →
- Get involved: Issues
Collect and query logs:
Install Tailpipe from the downloads page:
# MacOS
brew install turbot/tap/tailpipe# Linux or Windows (WSL)
sudo /bin/sh -c "$(curl -fsSL https://tailpipe.io/install/tailpipe.sh)"Install the plugin:
tailpipe plugin install azureConfigure your connection credentials, table partition, and data source (examples):
vi ~/.tailpipe/config/azure.tpcconnection "azure" "my_subscription" {
tenant_id = "00000000-0000-0000-0000-000000000000"
subscription_id = "00000000-0000-0000-0000-000000000000"
client_id = "00000000-0000-0000-0000-000000000000"
client_secret = "my plaintext secret"
}
partition "azure_activity_log" "my_logs" {
source "azure_blob_storage" {
connection = connection.azure.my_subscription
account_name = "storage_account_name"
container = "container_name"
}
}Download, enrich, and save logs from your source (examples):
tailpipe collect azure_activity_logEnter interactive query mode:
tailpipe queryRun a query:
select
resource_type,
operation_name,
count(*) as operation_count
from
azure_activity_log
group by
resource_type,
operation_name
order by
operation_count desc;+-----------------------------------------------------------+------------------------------------------------------------------+-----------------+
| resource_type | operation_name | operation_count |
+-----------------------------------------------------------+------------------------------------------------------------------+-----------------+
| Microsoft.Resources/deployments | Microsoft.Resources/deployments/write | 86 |
| Microsoft.Resources/deployments | Microsoft.Resources/deployments/validate/action | 58 |
| Microsoft.Compute/virtualMachines | Microsoft.Authorization/policies/auditIfNotExists/action | 54 |
| Microsoft.Compute/virtualMachines | Microsoft.Authorization/policies/audit/action | 36 |
| Microsoft.Sql/servers | Microsoft.Authorization/policies/auditIfNotExists/action | 25 |
| Microsoft.Sql/servers/databases | Microsoft.Sql/servers/databases/read | 20 |
| MICROSOFT.CDN/profiles | Microsoft.Resourcehealth/healthevent/Activated/action | 18 |
+-----------------------------------------------------------+------------------------------------------------------------------+-----------------+Pre-built dashboards and detections for the Azure plugin are available in Powerpipe mods, helping you monitor and analyze activity across your Azure subscriptions.
For example, the Azure Activity Log Detections mod scans your activity logs for anomalies, such as a SQL server firewall rule getting updated or a change in your virtual networks.
Dashboards and detections are open source, allowing easy customization and collaboration.
To get started, choose a mod from the Powerpipe Hub.
Prerequisites:
Clone:
git clone https://github.com/turbot/tailpipe-plugin-azure.git
cd tailpipe-plugin-azureAfter making your local changes, build the plugin, which automatically installs the new version to your ~/.tailpipe/plugins directory:
makeRe-collect your data:
tailpipe collect azure_activity_logTry it!
tailpipe query
> .inspect azure_activity_logThis repository is published under the Apache 2.0 (source code) and CC BY-NC-ND (docs) licenses. Please see our code of conduct. We look forward to collaborating with you!
Tailpipe is a product produced from this open source software, exclusively by Turbot HQ, Inc. It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.
Want to help but don't know where to start? Pick up one of the help wanted issues: