Microsoft Azure – Enabling Logs for Troubleshooting the Azure Firewall Rules
Azure Firewall Diagnostic settings are used to configure logs and metrics for a resource to the destination of Log Analytics Workspace.
- Azure Firewall Resource
- Log Analytics Workspace which is configured for monitoring your Azure resources.
Step 1: Login to Azure Portal
Step 2: Search for Firewalls from azure global search and select Firewall
Step 3: Select your Firewall resource from Azure Firewall resources
Step 4: Navigate to Monitoring >> Access Diagnostic setting
Step 5: Now, Click on ‘Add Diagnostic setting‘ to configure the collection of the following data:
- Configure Firewall resource logs and metrics to the destination of Log Analytics Workspace:
- Click on Save to update the changes.
Following are the azure KQL Query to test or to troubleshoot the firewall Logs:
| where Category == "AzureFirewallNetworkRule"
or Category == "AzureFirewallApplicationRule"
| where OperationName == "AzureFirewallNetworkRuleLog"
or OperationName == "AzureFirewallApplicationRuleLog"