Configuring the Firewall Logs to be Sent to a Log Analytics Workspace
To configure a Log Analytics Workspace as the destination for Azure Firewall logs of the target Azure subscription, do the following:
-
Login to the Microsoft Azure Portal, open your firewall resource group, and select the firewall that you are monitoring.
-
Under Monitoring, select Diagnostic settings.
For Azure Firewall, three service-specific logs are available:
-
AzureFirewallApplicationRule
-
AzureFirewallNetworkRule
-
AzureFirewallDnsProxy
-
-
Select Add diagnostic setting. The Diagnostics settings page provides the settings for the diagnostic logs.
-
In this example, Azure Monitor logs stores the logs, so type Firewall log analytics for the name.
-
Under Log, select AzureFirewallApplicationRule, AzureFirewallNetworkRule, and AzureFirewallDnsProxy to collect the logs.
-
Select the Send to Log Analytics workspace check box , and then pick the Log Analytics workspace to which the logs are to be sent.
-
Finally, to save the configuration, click on the Save button .