How to collect/ view change log of Ppplication gateway v2 version

Harsh Thakor 116 Reputation points
2023-02-22T11:07:22.2666667+00:00

We want to have a track of all the changes that are been done to the application gateway V2 version and want to integrate those logs with the SIEM/XDR tool. Please guide us on where we will be able to collect those change/audit logs.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure AI Metrics Advisor
Azure AI Metrics Advisor
An Azure artificial intelligence analytics service that proactively monitors metrics and diagnoses issues.
83 questions
Azure ISV (Independent Software Vendors) and Startups
Azure ISV (Independent Software Vendors) and Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.ISV (Independent Software Vendors) and Startups: A Microsoft program that helps customers adopt Microsoft Cloud solutions and drive user adoption.
97 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AshokPeddakotla-MSFT 35,091 Reputation points
    2023-02-22T11:37:41.05+00:00

    Harsh Thakor Welcome to Microsoft Q&A forum!

    Incase if you haven't checked earlier about the Azure Monitor, please see the below information which will help you to start with it.

    Azure Monitor is a monitoring service that provides metrics and logs for Azure resources, including Application Gateway. It collects data from different sources and provides a unified view of the monitored resources.

    You can use Azure Log Analytics to examine the logs of the Application Gateway V2 version. The logs are stored in the Azure Diagnostics table and you can use the Azure Monitor Log Table Reference for a reference of all Azure Monitor Logs / Log Analytics tables. The logs contain information such as the URI of the client request, user agent details, request routing rule, HTTP method, Appgw instance, HTTP version, client IP, host header, query string, and SSL enabled. You can use the Azure Log Analytics to examine the logs and create a query to summarize the logs based on the ruleId_s and time generated. You can also add the query to your dashboard for a quick view of the logs.

    You can find more information on how to examine the logs using Azure Log Analytics in the following articles:

    Monitoring Azure Application Gateway data reference

    Use Log Analytics to examine Application Gateway Web Application Firewall (WAF) Logs

    Once you have the logs in Azure Log Analytics, you can integrate them with your SIEM/XDR tool.

    You have three options for storing your logs:

    • Storage account: Storage accounts are best used for logs when logs are stored for a longer duration and reviewed when needed.
    • Event hubs: Event hubs are a great option for integrating with other security information and event management (SIEM) tools to get alerts on your resources.
    • Azure Monitor logs: Azure Monitor logs is best used for general real-time monitoring of your application or looking at trends.

    Hope this helps. Do let us know if you need any further help.

    If this answers your query, do click 'Accept Answer' and 'Yes' if this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.