Supported logs for Microsoft.Network/azureFirewalls
The following table lists the types of logs available for the Microsoft.Network/azureFirewalls resource type.
For a list of supported metrics, see Supported metrics - Microsoft.Network/azureFirewalls
| Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
|---|---|---|---|---|---|---|
AZFWApplicationRule |
Azure Firewall Application Rule | AZFWApplicationRule Contains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes. |
No | No | Queries | Yes |
AZFWApplicationRuleAggregation |
Azure Firewall Network Rule Aggregation (Policy Analytics) | AZFWApplicationRuleAggregation Contains aggregated Application rule log data for Policy Analytics. |
No | No | Yes | |
AZFWDnsQuery |
Azure Firewall DNS query | AZFWDnsQuery Contains all DNS Proxy events log data. |
No | No | Queries | Yes |
AZFWFatFlow |
Azure Firewall Fat Flow Log | AZFWFatFlow This query returns the top flows across Azure Firewall instances. Log contains flow information, date transmission rate (in Megabits per second units) and the time period when the flows were recorded. Please follow the documentation to enable Top flow logging and details on how it is recorded. |
No | No | Queries | Yes |
AZFWFlowTrace |
Azure Firewall Flow Trace Log | AZFWFlowTrace Flow logs across Azure Firewall instances. Log contains flow information, flags and the time period when the flows were recorded. Please follow the documentation to enable flow trace logging and details on how it is recorded. |
Yes | No | Queries | Yes |
AZFWFqdnResolveFailure |
Azure Firewall FQDN Resolution Failure | No | No | Yes | ||
AZFWIdpsSignature |
Azure Firewall IDPS Signature | AZFWIdpsSignature Contains all data plane packets that were matched with one or more IDPS signatures. |
No | No | Queries | Yes |
AZFWNatRule |
Azure Firewall Nat Rule | AZFWNatRule Contains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes. |
No | No | Queries | Yes |
AZFWNatRuleAggregation |
Azure Firewall Nat Rule Aggregation (Policy Analytics) | AZFWNatRuleAggregation Contains aggregated NAT Rule log data for Policy Analytics. |
No | No | Yes | |
AZFWNetworkRule |
Azure Firewall Network Rule | AZFWNetworkRule Contains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes. |
No | No | Queries | Yes |
AZFWNetworkRuleAggregation |
Azure Firewall Application Rule Aggregation (Policy Analytics) | AZFWNetworkRuleAggregation Contains aggregated Network rule log data for Policy Analytics. |
No | No | Yes | |
AZFWThreatIntel |
Azure Firewall Threat Intelligence | AZFWThreatIntel Contains all Threat Intelligence events. |
No | No | Queries | Yes |
AzureFirewallApplicationRule |
Azure Firewall Application Rule (Legacy Azure Diagnostics) | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
AzureFirewallDnsProxy |
Azure Firewall DNS Proxy (Legacy Azure Diagnostics) | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
AzureFirewallNetworkRule |
Azure Firewall Network Rule (Legacy Azure Diagnostics) | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |