Share via

Need to find Top talkers from Azure Firewall network Logs

Shramik Ghadigaonkar 0 Reputation points
2024-11-05T10:20:11.85+00:00

I want a KQL query and configuration settings which can give me Azure firewall network rule logs with column having details for SentBytes and received bytes details for each packet.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
676 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,985 Reputation points MVP
    2024-11-05T10:33:12.6033333+00:00

    assuming you already configured Azure Firewall

    sending logs to Log Analytics Workspace

    the following may help to you 

    AzureDiagnostics
| where ResourceType == "AZUREFIREWALLS" and Category == "AzureFirewallNetworkRule"
| summarize TotalSentBytes = sum(SentBytes), TotalReceivedBytes = sum(ReceivedBytes) by SourceIP
| order by TotalSentBytes desc
  2. Wrillrous 0 Reputation points
    2024-11-05T10:42:46.5666667+00:00

    To get Azure Firewall network rule logs with SentBytes and ReceivedBytes details for each packet, you can use the following KQL query in Azure Log Analytics:

    AzureDiagnostics

    | where ResourceType == "AZUREFIREWALLS" and Category == "AzureFirewallNetworkRule"

    | project TimeGenerated, SourceIP, DestinationIP, Protocol, Action, SentBytes, ReceivedBytes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.