I have a Azure App Service making SSH and I need to see my logs of the public calls going out and global front door is also in the front. Any advise will help

Peter Wilcox 1 Reputation point
2023-08-28T01:59:26.21+00:00

I have a Azure App Service making SSH and I need to see my logs of the public calls going out and global front door is also in the front. Any advise will help.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
567 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 34,416 Reputation points Microsoft Employee
    2023-09-05T06:31:01.8766667+00:00

    @Peter Wilcox

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to check logs of your App Service via Azure Front Door.

    You have to make note of two important things here:

    • Azure Front Door only provides load balancing and global availability for HTTP and HTTPS requests
      • Not for SSH connections
    • Outgoing traffic from Origin (your case - App Service), will not go through the AFD
      • So, no logging for outgoing requests can be provided by AFD.
            - You must check them directly from the App service
        

    You informed us that the App Service is

    • VNET Integrated
    • and the subnet contains a NAT Gateway.

    And if there are any logging available at the VNET Level.

    Unfortunately, NAT gateway does not have any logs of it's own.

    The efficient way to log Azure Virtual Network traffic is by leveraging NSG Flow logs.

    • This is how we can capture traffic between and outside Virtual machines
    • As of now, this feature does not support App Service integrated subnets as of now
    • Incompatible services - NSG Flow Logs

    App services deployed under an Azure App Service plan don't support NSG flow logs

    and I believe the behavior is same even if NAT gateway is associated to the subnet where App Service is integrated.

    My recommendation is to leverage tools and monitoring from Azure App Service end for logging instead of VNET logging or AFD.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.