...
The App Logs setup is neither simple nor rocket science but was chosen with a bit of scalability in mind. This is why logs get written to a Storage Account via a Diagnostic setting. Instead of putting the logs into the clients database, producing unnecessary load to the database, the applications logs (App Logs) are put into a Storage Account and get read back from there to display them in the App Repository.
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Learn more about some of the architectural components below in https://unique-ch.atlassian.net/wiki/spaces/ |
...
SD/pages/545292322/App+Logs#Architecture and how they are secured in https://unique-ch.atlassian.net/wiki/spaces/ |
...
Get started
Pre-requisites
...
Naturally, the maximum duration of logs you can browse are limited by the Retention. The UI currently shows only the last 48 hours of logs in separate entries. If the feature matures, further improvements could be done on this behalf.
...
Azure Monitor is the only allowed writer to the account while the App Repository (via Workload Identity) is the sole reader (both via RBAC). No humans have access to the account, also not via PIM or privileged roles.
Secure Deployment
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
See Hosted SDK, only mentioned here for completeness. |
Log scrubbing
The setup does not scrub the logs or sanitize them. If developers log classified data, it will be present in the logs within the retention period. The Legal Amendment to the Co-Development Agreement holds more information about the logs and their use case (or not-use-case) and how developers must interact with them.
...