Microsoft.Network/azureFirewalls
16 diagnostic categories routing into 13 Log Analytics tables.
Source: Microsoft Learn
Diagnostic categories
-
AZFWApplicationRule
Azure Firewall Application Rule
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWApplicationRule
-
AZFWApplicationRuleAggregation
Azure Firewall Application Rule Aggregation (Policy Analytics)
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWApplicationRuleAggregation
-
AZFWDnsAdditional
Azure Firewall DNS Flow Trace Log
Basic Logs Cost to export PII- Routes to
- AZFWDnsFlowTrace
-
AZFWDnsQuery
Azure Firewall DNS query
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWDnsQuery
-
AZFWFatFlow
Azure Firewall Fat Flow Log
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWFatFlow
-
AZFWFlowTrace
Azure Firewall Flow Trace Log
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWFlowTrace
-
AZFWFqdnResolveFailure
Azure Firewall FQDN Resolution Failure
Cost to export -
AZFWIdpsSignature
Azure Firewall IDPS Signature
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWIdpsSignature
-
AZFWNatRule
Azure Firewall Nat Rule
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWNatRule
-
AZFWNatRuleAggregation
Azure Firewall Nat Rule Aggregation (Policy Analytics)
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWNatRuleAggregation
-
AZFWNetworkRule
Azure Firewall Network Rule
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWNetworkRule
-
AZFWNetworkRuleAggregation
Azure Firewall Network Rule Aggregation (Policy Analytics)
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWNetworkRuleAggregation
-
AZFWThreatIntel
Azure Firewall Threat Intelligence
Basic Logs Ingestion-time transform Cost to export PII- Routes to
- AZFWThreatIntel
-
AzureFirewallApplicationRule
Azure Firewall Application Rule (Legacy Azure Diagnostics)
PII- Routes to
- AzureDiagnostics
- Per-category table
- AZFWApplicationRule
-
AzureFirewallDnsProxy
Azure Firewall DNS Proxy (Legacy Azure Diagnostics)
- Routes to
- AzureDiagnostics
-
AzureFirewallNetworkRule
Azure Firewall Network Rule (Legacy Azure Diagnostics)
PII- Routes to
- AzureDiagnostics
- Per-category table
- AZFWNetworkRule
Destination tables
-
AZFWApplicationRule
PIIContains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes.
23 columns in this table.
-
AZFWApplicationRuleAggregation
PIIContains aggregated Application rule log data for Policy Analytics.
20 columns in this table.
-
AZFWDnsFlowTrace
PIIContains all the DNS proxy data between the client, firewall, and DNS server.
19 columns in this table.
-
AZFWDnsQuery
PIIContains all DNS Proxy events log data.
24 columns in this table.
-
AZFWFatFlow
PIIThis query returns the top flows across Azure Firewall instances. Log contains flow information, date transmission rate (in Megabits per second units) and the time period when the flows were recorded. Please follow the documentation to enable Top flow logging and details on how it is recorded.
14 columns in this table.
-
AZFWFlowTrace
PIIFlow logs across Azure Firewall instances. Log contains flow information, flags and the time period when the flows were recorded. Please follow the documentation to enable flow trace logging and details on how it is recorded.
16 columns in this table.
-
AZFWIdpsSignature
PIIContains all data plane packets that were matched with one or more IDPS signatures.
18 columns in this table.
-
AZFWNatRule
PIIContains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes.
19 columns in this table.
-
AZFWNatRuleAggregation
PIIContains aggregated NAT Rule log data for Policy Analytics.
17 columns in this table.
-
AZFWNetworkRule
PIIContains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes.
19 columns in this table.
-
AZFWNetworkRuleAggregation
PIIContains aggregated Network rule log data for Policy Analytics.
20 columns in this table.
-
AZFWThreatIntel
PIIContains all Threat Intelligence events.
18 columns in this table.
-
AzureDiagnostics
PIIStores resource logs for Azure services that use Azure Diagnostics mode. Resource logs describe the internal operation of Azure resources.
174 columns in this table.