Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

Microsoft Azure – Enabling Logs for Troubleshooting the Azure Firewall Rules

  • Last Updated : 29 Dec, 2021

Azure Firewall Diagnostic settings are used to configure logs and metrics for a resource to the destination of Log Analytics Workspace.

Pre-requisites:

  • Azure Firewall Resource
  • Log Analytics Workspace which is configured for monitoring your Azure resources.

Implementation:

Step 1: Login to Azure Portal

Step 2: Search for Firewalls from azure global search and select Firewall

Step 3: Select your Firewall resource from Azure Firewall resources

Step 4: Navigate to Monitoring >> Access Diagnostic setting

Step 5: Now, Click on ‘Add Diagnostic setting‘ to configure the collection of the following data:

  1. AzureFirewallApplicationRule
  2. AzureFirewallNetworkRule
  3. AzureFirewallDnsProxy
  • Configure Firewall Logs:

  • Configure Firewall resource logs and metrics to the destination of Log Analytics Workspace:

  • Click on Save to update the changes.

Following are the azure KQL Query to test or to troubleshoot the firewall Logs:

AzureDiagnostics
| where Category == "AzureFirewallNetworkRule" 
or Category == "AzureFirewallApplicationRule"
| where OperationName == "AzureFirewallNetworkRuleLog"
 
or OperationName == "AzureFirewallApplicationRuleLog"

Output:

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!