Configuring the Firewall Logs to be Sent to a Log Analytics Workspace

To configure a Log Analytics Workspace as the destination for Azure Firewall logs of the target Azure subscription, do the following:

1. Login to the Microsoft Azure Portal, open your firewall resource group, and select the firewall that you are monitoring.

2. Under Monitoring, select Diagnostic settings.

   For Azure Firewall, three service-specific logs are available:

   • AzureFirewallApplicationRule

   • AzureFirewallNetworkRule

   • AzureFirewallDnsProxy

3. Select Add diagnostic setting. The Diagnostics settings page provides the settings for the diagnostic logs.

4. In this example, Azure Monitor logs stores the logs, so type Firewall log analytics for the name.

5. Under Log, select AzureFirewallApplicationRule, AzureFirewallNetworkRule, and AzureFirewallDnsProxy to collect the logs.

6. Select the Send to Log Analytics workspace check box , and then pick the Log Analytics workspace to which the logs are to be sent.

7. Finally, to save the configuration, click on the Save button .