Azure Firewall Logs not appearing in Log Analytics #1745
Comments
|
@marrobi are you able to give me an example of a log you would expect to see, and a query that would return that log? |
|
Under log analytics, check for AzureFirewallApplicationRule or AzureFirewallNetworkRule as a category. Neither exist. They used to. There are also default Azure Firewall queries presented when view logs under the firewall resource in the portal. They fail. |
|
About 3 months ago we switched logging for the firewall to be "Dedicated". AFAIK, this means that logs no longer drop into the https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs#resource-specific I wonder if Azure Firewall properly supports resource-specific log tables. We might want remove this switch for now. |
|
I can't find anything that confirms Azure Firewall does, or doesn't, support resource-specific tables. However, in the docs it suggests that when setting up logging for a resource in the portal it will either hide this choice from the user, or offer both. In the case of Azure Firewall, it doesn't offer any choice. Is it possible that we've had no logs for 3 months (i.e. since we made this change)? |
|
FYI a total of 4 resources in our deployment use this Dedicated setting...
|
|
This is the reason we set it to Dedicated: https://github.com/microsoft/AzureTRE/pull/1313/files#r807969959 |
|
Could well be this. It has been a while as we only rely on the firewall logs when debugging new services. |
|
PR merged. Closing |
No description provided.
The text was updated successfully, but these errors were encountered: