Azure firewall high data processed

krutibasa majhi 0 Reputation points
2024-02-21T13:44:19.86+00:00

Hello All, I need you help to identify the issue. I observed a pattern in the Azure firewall metric for high data processing from January 24th, 2024, and I want to identify from which source it is generating high traffic. Due to this, the cost has also increased. I have configured the diagnostics setting but have not been able to identify the logs in the log analytics workspace. Is there any query that I can run to see the details of the sent or received bytes, source and destination IP details, etc. to identify the root cause? Thanks, Krutibasa

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
570 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vahid Ghafarpour 17,950 Reputation points
    2024-02-21T15:59:52.9533333+00:00

    May this query help you:

    AzureDiagnostics
| where TimeGenerated >= datetime(2024-01-24T00:00:00Z) and TimeGenerated < datetime(2024-01-25T00:00:00Z)
| where ResourceType == "AZUREFIREWALL"
| where Category == "FirewallDnsProxyLog"
| project TimeGenerated, SourceIP, DestinationIP, SentBytes, ReceivedBytes
| summarize TotalSentBytes = sum(SentBytes), TotalReceivedBytes = sum(ReceivedBytes) by SourceIP, DestinationIP
| order by TotalSentBytes desc

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful **