Azure Firewall Diagnostic settings are used to configure logs and metrics for a resource to the destination of Log Analytics Workspace.
Pre-requisites:
- Azure Firewall Resource
- Log Analytics Workspace which is configured for monitoring your Azure resources.
Implementation:
Step 1: Login to Azure Portal
Step 2: Search for Firewalls from azure global search and select Firewall
Step 3: Select your Firewall resource from Azure Firewall resources
Step 4: Navigate to Monitoring >> Access Diagnostic setting
Step 5: Now, Click on ‘Add Diagnostic setting‘ to configure the collection of the following data:
- AzureFirewallApplicationRule
- AzureFirewallNetworkRule
- AzureFirewallDnsProxy
- Configure Firewall resource logs and metrics to the destination of Log Analytics Workspace:
- Click on Save to update the changes.
Following are the azure KQL Query to test or to troubleshoot the firewall Logs:
AzureDiagnostics
| where Category == "AzureFirewallNetworkRule"
or Category == "AzureFirewallApplicationRule"
| where OperationName == "AzureFirewallNetworkRuleLog"
or OperationName == "AzureFirewallApplicationRuleLog"
Output:
