Azure VPN logs - for how long are they kept and how to query?

Question

Hello,

I need to troubleshoot a connection error between a Palo Alto equipment and Azure VPN.

The issue happened 6 months ago. Any chance I can find some info? And how?

Many thanks,

Answer 1

Hello @Daniel Sotreanu ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you would like to know for how long the VPN logs are retained and how to query them.

Retention period settings are configured in Diagnostic settings tab of Azure monitor in case you are sending the logs to a storage account as below:

If the logs are being sent to log analytics, then the retention period is set/changed at the workspace/table level:

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2#configure-the-default-workspace-retention-policy

Regarding your question on how to query the VPN logs, you can refer the below article which lists some of the sample queries for the VPN logs:

https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics#GatewayDiagnosticLog

Kindly let us know if the above helps or you need further assistance on this issue.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

It actually depends on how you've configured logging in Azure.

If you check the Diagnostic Settings for the Gateway, you're able to specify which logging categories to capture and where to send the logs. ref: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics

Even after configuring logging you also might find that the retention period on your logs has lapsed and they have been deleted. Again, this is user configurable - so you'll need to inspect the logging solution that was configured.