Azure OpenAI audit logs
Quick answer
Azure OpenAI audit logs are accessible via Azure Monitor and Azure Activity Logs, capturing API usage and administrative actions. Enable diagnostic settings in the Azure Portal to export logs to Log Analytics or Event Hubs for detailed auditing and compliance tracking.
PREREQUISITES
Azure subscription with Azure OpenAI resourceAzure Portal access with appropriate permissionsBasic knowledge of Azure Monitor and Log Analytics
Setup diagnostic logging
To capture Azure OpenAI audit logs, enable Diagnostic settings on your Azure OpenAI resource. This allows exporting logs to destinations like Log Analytics, Event Hubs, or Storage Accounts for auditing and monitoring.
| Step | Description |
|---|---|
| 1 | Go to Azure Portal and open your Azure OpenAI resource. |
| 2 | Select 'Diagnostic settings' under Monitoring. |
| 3 | Click 'Add diagnostic setting'. |
| 4 | Choose logs to send (e.g., 'AuditLogs', 'RequestLogs'). |
| 5 | Select destination(s): Log Analytics workspace, Event Hub, or Storage Account. |
| 6 | Save the diagnostic setting. |
Query audit logs with Log Analytics
Once logs are sent to a Log Analytics workspace, use Kusto Query Language (KQL) to analyze Azure OpenAI audit data. Common queries include tracking API calls, user activity, and error events.
from azure.identity import DefaultAzureCredential
from azure.monitor.query import LogsQueryClient
import os
credential = DefaultAzureCredential()
client = LogsQueryClient(credential)
workspace_id = os.environ["LOG_ANALYTICS_WORKSPACE_ID"]
query = '''
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.COGNITIVESERVICES"
| where Category == "AuditLogs"
| project TimeGenerated, OperationName, CallerIpAddress, ResultDescription
| order by TimeGenerated desc
| limit 10
'''
response = client.query_workspace(workspace_id, query)
for row in response.tables[0].rows:
print(row) output
['2026-04-10T15:23:45Z', 'InvokeCompletion', '192.168.1.10', 'Success'] ['2026-04-10T15:22:30Z', 'CreateDeployment', '192.168.1.11', 'Success'] ['2026-04-10T15:21:05Z', 'DeleteDeployment', '192.168.1.12', 'Failed: Unauthorized']
Common variations
You can export audit logs to Event Hubs for integration with SIEM tools or to Storage Accounts for long-term retention. Azure CLI and ARM templates also support configuring diagnostic settings programmatically.
az monitor diagnostic-settings create \
--resource /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.CognitiveServices/accounts/{resourceName} \
--name "OpenAI-Audit-Logs" \
--logs '[{"category": "AuditLogs", "enabled": true}]' \
--workspace {logAnalyticsWorkspaceId} output
Created diagnostic setting 'OpenAI-Audit-Logs' for resource '/subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.CognitiveServices/accounts/myOpenAIResource'
Troubleshooting tips
- If audit logs do not appear, verify that diagnostic settings are enabled and correctly configured.
- Ensure your Log Analytics workspace has the correct permissions and is in the same region as your Azure OpenAI resource.
- Check Azure Activity Logs for administrative actions if audit logs are missing.
Key Takeaways
- Enable diagnostic settings on your Azure OpenAI resource to capture audit logs.
- Use Azure Monitor Log Analytics with KQL to query and analyze audit data.
- Export logs to Event Hubs or Storage Accounts for integration and retention.
- Azure CLI supports programmatic configuration of audit log settings.
- Verify permissions and resource configurations if logs are missing.