Agents Administration - Tests
 

Configuring the Firewall Logs to be Sent to a Log Analytics Workspace

Typically, to consolidate log entries, correlate log data, and perform complex analysis, the Firewall logs are often sent to one/more Log Analytics Workspaces. By default, the Log Analytics Workspace Name parameter is set to All. This indicates that the test reads log data from all Log Analytics Workspaces configured for the target subscription, by default. However, if you want the test to use only those Log Analytics Workspaces to which the Azure Firewall logs are sent, then provide the names of these workspaces here as a comma-separated list. To determine the names of the workspaces, do the following:

  1. Login to the Microsoft Azure Portal open your firewall resource group, and select the firewall that you are monitoring.

  2. Click on the Diagnostic Settings option under Monitoring.

  3. The diagnostic settings that pre-exist for the chosen firewall will then appear. If any of the existing diagnostic settings have already been configured with Log Analytics Workspaces, then the Log Analytics workspace column of that list will display these workspace names. You can configure the LOG ANALYTICS WORKSPACE NAME parameter of this test with any of these workspace names. If required, you can even configure this parameter with two/more workspaces displayed here, as a commaseparated list.

  4. However, If the Log Analytics workspace column in Diagnostic settings page is blank for all the existing diagnostic settings, it is a clear indication that the Firewall logs are yet to be configured to be sent to any Log Analytics Workspace. In this case therefore, you should create a new diagnostic setting for the target Azure Firewall, where a Log Analytics Workspace is configured as the destination for the firewall logs. To achieve this, follow the procedure detailed below:

    To configure a Log Analytics Workspace as the destination for Azure Firewall logs of the target Azure subscription, do the following:

    1. Login to the Microsoft Azure Portal, open your firewall resource group, and select the firewall that you are monitoring.

    2. Under Monitoring, select Diagnostic settings.

      For Azure Firewall, three service-specific logs are available:

      • AzureFirewallApplicationRule

      • AzureFirewallNetworkRule

      • AzureFirewallDnsProxy

    3. Select Add diagnostic setting. The Diagnostics settings page provides the settings for the diagnostic logs.

    4. In this example, Azure Monitor logs stores the logs, so type Firewall log analytics for the name.

    5. Under Log, select AzureFirewallApplicationRule, AzureFirewallNetworkRule, and AzureFirewallDnsProxy to collect the logs.

    6. Select the Send to Log Analytics workspace check box , and then pick the Log Analytics workspace to which the logs are to be sent.

    7. Finally, to save the configuration, click on the Save button .