Microsoft has announced the general availability of Azure Firewall structured logs. The new feature brings an improved logging experience for firewall events and makes it easier to search, filter, and analyze network traffic data.
“Azure Firewall’s structured logs provide a more detailed view of firewall events. They include information such as source and destination and action taken by the firewall. They also include more metadata, such as the time of the event and the name of the Azure Firewall instance,” Microsoft explained.
With Azure Firewall structured logs, IT admins can get detailed insights about firewall events, including protocols, IP addresses, port numbers, and actions. The feature also makes it easier to view additional metadata such as the Azure Firewall instance’s name and the time at which the event occurred.
“Customers will be able to choose using Resource Specific Tables instead of the existing AzureDiagnostics table. In case both sets of logs are required, at least two diagnostic settings would need to be created per firewall. When Resource specific mode is selected by the user, ‘Structured Logs’ are enabled and individual tables in the selected workspace are created for each category selected in the diagnostic setting,” Microsoft explained.
Microsoft has introduced support for several new diagnostic log categories in Azure Firewall. These include the Application rule log, Network rule log, DNS proxy log, NAT rule log, Threat Intelligence log, Flow Trace, and more.
How to enable structured logs in Azure Firewall
To enable the structured logs setting in Azure Firewall, customers will need to configure a Log Analytics workspace in their Azure subscription. Then, log in to the Azure portal and navigate to the Firewall’s ‘Diagnostic settings’ blade. Select the Resource specific destination table and the type of events for logging.
Microsoft mentioned that Azure Firewall structured logs help IT admins to troubleshoot issues and detect patterns in network traffic. The feature also allows administrators to quickly respond to security threats and improve overall security posture. It’s possible to export Azure Firewall structured logs to Azure Event Hubs, Azure Blob Storage, and other tools for performing detailed analysis.