Azure VPN Gateway monitoring data reference
This article contains all the monitoring reference information for this service.
See Monitor Azure VPN Gateway for details on the data you can collect for VPN Gateway and how to use it.
Metrics
This section lists all the automatically collected platform metrics for this service. These metrics are also part of the global list of all platform metrics supported in Azure Monitor.
For information on metric retention, see Azure Monitor Metrics overview.
Supported metrics for microsoft.network/p2svpngateways
The following table lists the metrics available for the microsoft.network/p2svpngateways resource type.
- All columns might not be present in every table.
- Some columns might be beyond the viewing area of the page. Select Expand table to view all available columns.
Table headings
- Category - The metrics group or classification.
- Metric - The metric display name as it appears in the Azure portal.
- Name in REST API - The metric name as referred to in the REST API.
- Unit - Unit of measure.
- Aggregation - The default aggregation type. Valid values: Average (Avg), Minimum (Min), Maximum (Max), Total (Sum), Count.
- Dimensions - Dimensions available for the metric.
- Time Grains - Intervals at which the metric is sampled. For example,
PT1Mindicates that the metric is sampled every minute,PT30Mevery 30 minutes,PT1Hevery hour, and so on. - DS Export- Whether the metric is exportable to Azure Monitor Logs via diagnostic settings. For information on exporting metrics, see Create diagnostic settings in Azure Monitor.
| Category | Metric | Name in REST API | Unit | Aggregation | Dimensions | Time Grains | DS Export |
|---|---|---|---|---|---|---|---|
| Traffic | Gateway P2S Bandwidth Point-to-site bandwidth of a gateway in bytes per second |
P2SBandwidth |
BytesPerSecond | Average | Instance |
PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | P2S Connection Count Point-to-site connection count of a gateway |
P2SConnectionCount |
Count | Total (Sum) | Protocol, Instance |
PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Routing | User Vpn Route Count Count of P2S User Vpn routes learned by gateway |
UserVpnRouteCount |
Count | Total (Sum) | RouteType, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
Supported metrics for microsoft.network/vpngateways
The following table lists the metrics available for the microsoft.network/vpngateways resource type.
- All columns might not be present in every table.
- Some columns might be beyond the viewing area of the page. Select Expand table to view all available columns.
Table headings
- Category - The metrics group or classification.
- Metric - The metric display name as it appears in the Azure portal.
- Name in REST API - The metric name as referred to in the REST API.
- Unit - Unit of measure.
- Aggregation - The default aggregation type. Valid values: Average (Avg), Minimum (Min), Maximum (Max), Total (Sum), Count.
- Dimensions - Dimensions available for the metric.
- Time Grains - Intervals at which the metric is sampled. For example,
PT1Mindicates that the metric is sampled every minute,PT30Mevery 30 minutes,PT1Hevery hour, and so on. - DS Export- Whether the metric is exportable to Azure Monitor Logs via diagnostic settings. For information on exporting metrics, see Create diagnostic settings in Azure Monitor.
| Category | Metric | Name in REST API | Unit | Aggregation | Dimensions | Time Grains | DS Export |
|---|---|---|---|---|---|---|---|
| Traffic | Gateway S2S Bandwidth Site-to-site bandwidth of a gateway in bytes per second |
AverageBandwidth |
BytesPerSecond | Average | Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Routing | BGP Peer Status Status of BGP peer |
BgpPeerStatus |
Count | Average | BgpPeerAddress, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Routing | BGP Routes Advertised Count of Bgp Routes Advertised through tunnel |
BgpRoutesAdvertised |
Count | Total (Sum) | BgpPeerAddress, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Routing | BGP Routes Learned Count of Bgp Routes Learned through tunnel |
BgpRoutesLearned |
Count | Total (Sum) | BgpPeerAddress, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Gateway Inbound Flows Number of 5-tuple flows entering into a VPN gateway |
InboundFlowsCount |
Count | Maximum, Minimum | Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Ipsec | Tunnel MMSA Count MMSA Count |
MmsaCount |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Gateway Outbound Flows Number of 5-tuple flows exiting a VPN gateway |
OutboundFlowsCount |
Count | Maximum, Minimum | Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Ipsec | Tunnel QMSA Count QMSA Count |
QmsaCount |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Bandwidth Average bandwidth of a tunnel in bytes per second |
TunnelAverageBandwidth |
BytesPerSecond | Average | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Egress Bytes Outgoing bytes of a tunnel |
TunnelEgressBytes |
Bytes | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Errors | Tunnel Egress Packet Drop Count Count of outgoing packets dropped by tunnel |
TunnelEgressPacketDropCount |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Errors | Tunnel Egress TS Mismatch Packet Drop Outgoing packet drop count from traffic selector mismatch of a tunnel |
TunnelEgressPacketDropTSMismatch |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Egress Packets Outgoing packet count of a tunnel |
TunnelEgressPackets |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Ingress Bytes Incoming bytes of a tunnel |
TunnelIngressBytes |
Bytes | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Errors | Tunnel Ingress Packet Drop Count Count of incoming packets dropped by tunnel |
TunnelIngressPacketDropCount |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Errors | Tunnel Ingress TS Mismatch Packet Drop Incoming packet drop count from traffic selector mismatch of a tunnel |
TunnelIngressPacketDropTSMismatch |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Ingress Packets Incoming packet count of a tunnel |
TunnelIngressPackets |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel NAT Allocations Count of allocations for a NAT rule on a tunnel |
TunnelNatAllocations |
Count | Total (Sum) | NatRule, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel NATed Bytes Number of bytes that were NATed on a tunnel by a NAT rule |
TunnelNatedBytes |
Bytes | Total (Sum) | NatRule, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel NATed Packets Number of packets that were NATed on a tunnel by a NAT rule |
TunnelNatedPackets |
Count | Total (Sum) | NatRule, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel NAT Flows Number of NAT flows on a tunnel by flow type and NAT rule |
TunnelNatFlowCount |
Count | Total (Sum) | NatRule, FlowType, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Errors | Tunnel NAT Packet Drops Number of NATed packets on a tunnel that dropped by drop type and NAT rule |
TunnelNatPacketDrop |
Count | Total (Sum) | NatRule, DropType, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel Peak PPS Tunnel Peak Packets Per Second |
TunnelPeakPackets |
Count | Maximum | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Traffic | Tunnel Reverse NATed Bytes Number of bytes that were reverse NATed on a tunnel by a NAT rule |
TunnelReverseNatedBytes |
Bytes | Total (Sum) | NatRule, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel Reverse NATed Packets Number of packets on a tunnel that were reverse NATed by a NAT rule |
TunnelReverseNatedPackets |
Count | Total (Sum) | NatRule, ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | No |
| Traffic | Tunnel Total Flow Count Total flow count on a tunnel |
TunnelTotalFlowCount |
Count | Total (Sum) | ConnectionName, RemoteIP, Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
| Routing | VNet Address Prefix Count Count of Vnet address prefixes behind gateway |
VnetAddressPrefixCount |
Count | Total (Sum) | Instance |
PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D | Yes |
Metrics details
The following table provides more details about the metrics in the preceding tables.
| Metric | Description |
|---|---|
| BGP Peer Status | Average BGP connectivity status per peer and per instance. |
| BGP Routes Advertised | Number of routes advertised per peer and per instance. |
| BGP Routes Learned | Number of routes learned per peer and per instance. |
| Gateway Inbound Flows | Number of distinct 5-tuple flows (protocol, local IP address, remote IP address, local port, and remote port) flowing into a VPN Gateway. Limit is 250k flows. |
| Gateway Outbound Flows | Number of distinct 5-tuple flows (protocol, local IP address, remote IP address, local port, and remote port) flowing out of a VPN Gateway. Limit is 250k flows. |
| Gateway P2S Bandwidth | Average combined bandwidth utilization of all point-to-site connections on the gateway. |
| Gateway S2S Bandwidth | Average combined bandwidth utilization of all site-to-site connections on the gateway. |
| P2S Connection Count | Count of point-to-site connections on the gateway. |
| Tunnel Bandwidth | Average bandwidth utilization of tunnels created on the gateway. |
| Tunnel Egress Bytes | Number of outgoing bytes from a tunnel. |
| Tunnel Egress Packet Drop Count | Number of outgoing packets dropped by a tunnel. |
| Tunnel Egress Packets | Number of outgoing packets from a tunnel. |
| Tunnel Egress TS Mismatch Packet Drop | Number of outgoing packets dropped by tunnels caused by traffic-selector mismatch. |
| Tunnel Ingress Bytes | Number of incoming bytes to a tunnel. |
| Tunnel Ingress Packet Drop Count | Number of incoming packets dropped by a tunnel. |
| Tunnel Ingress Packets | Number of incoming packets to a tunnel. |
| Tunnel Ingress TS Mismatch Packet Drop | Number of incoming packets dropped by tunnels caused by traffic-selector mismatch. |
| Tunnel MMSA Count | Number of main mode security associations present. |
| Tunnel Peak PPS | Max number of packets per second per tunnel. |
| Tunnel QMSA Count | Number of quick mode security associations present. |
| Tunnel Total Flow Count | Number of distinct 3-tuple flows (protocol, local IP address, remote IP address) created per tunnel. |
| User Vpn Route Count | Number of user VPN routes configured on the VPN Gateway. |
| VNet Address Prefix Count | Number of virtual network address prefixes that the gateway uses and advertises. |
Metric dimensions
For information about what metric dimensions are, see Multi-dimensional metrics.
This service has the following dimensions associated with its metrics.
microsoft.network/p2svpngateways:
- Instance
- Protocol
- RouteType
microsoft.network/vpngateways:
- BgpPeerAddress
- ConnectionName
- DropType
- FlowType
- Instance
- NatRule
- RemoteIP
Resource logs
This section lists the types of resource logs you can collect for this service. The section pulls from the list of all resource logs category types supported in Azure Monitor.
Supported resource logs for microsoft.network/p2svpngateways
| Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
|---|---|---|---|---|---|---|
GatewayDiagnosticLog |
Gateway Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
IKEDiagnosticLog |
IKE Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
P2SDiagnosticLog |
P2S Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
Supported resource logs for microsoft.network/vpngateways
| Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
|---|---|---|---|---|---|---|
GatewayDiagnosticLog |
Gateway Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
IKEDiagnosticLog |
IKE Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
RouteDiagnosticLog |
Route Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
TunnelDiagnosticLog |
Tunnel Diagnostic Logs | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
Resource Logs details
The following table provides more details about the metrics in the preceding tables.
| Name | Description |
|---|---|
| GatewayDiagnosticLog | Contains resource logs for gateway configuration events, primary changes, and maintenance events |
| TunnelDiagnosticLog | Contains tunnel state change events. Tunnel connect/disconnect events have a summarized reason for the state change if applicable |
| RouteDiagnosticLog | Logs changes to static routes and BGP events that occur on the gateway |
| IKEDiagnosticLog | Logs IKE control messages and events on the gateway |
| P2SDiagnosticLog | Logs point-to-site control messages and events on the gateway. Connection source info is provided for IKEv2 and OpenVPN connections only |
Azure Monitor Logs tables
This section lists the Azure Monitor Logs tables relevant to this service, which are available for query by Log Analytics using Kusto queries. The tables contain resource log data and possibly more depending on what is collected and routed to them.
VPN Gateway Microsoft.Network/vpnGateways
Activity log
The linked table lists the operations that can be recorded in the activity log for this service. These operations are a subset of all the possible resource provider operations in the activity log.
For more information on the schema of activity log entries, see Activity Log schema.
Related content
- See Monitor Azure VPN Gateway for a description of monitoring Azure VPN Gateway.
- See Monitor Azure resources with Azure Monitor for details on monitoring Azure resources.