I am trying to collect the outbound logs for an Azure FW. So I have the diagnostics settings enabled for
-AzureFirewallApplicationRule
-AzureFirewallNetworkRule
-AzureFirewallDnsProxy
Also the Destination Table is set to be Resource-specific. But I dont see anything getting sent to the destination log workspace after waiting a whole day.
Any ideas?
Related
Log files for my sample application is getting created in the following folder in azure portal
D:/home/LogFiles/sample_application/sample_application.log
sample_application.log can be both edited and deleted.
Is there a way in azure portal to trigger an email alert when someone tries to modify or delete the log file??
• Yes, you can surely configure an alert using the Azure Monitor regarding the deletion of the log file from the App service through the kudu console or by some other means. For this purpose, you will have to create an alert rule from the Azure Monitor alerts pane with the condition ‘ AppServiceFileAuditLogs | where OperationName == “Delete” and Path == “D:/home/LogFiles/sample_application/sample_application.log” ’ with the action of sending an alert to the email id as registered with this alert rule. Please find the link below on how to create an alert rule through Azure Monitor: -
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-activity-log
Also find the below snapshot below for reference: -
Also, ensure that condition is selected as ‘Custom Log Search’ for as below: -
Please find the link below for detailed instructions on implementing the integration between Azure app service and Azure monitor: -
https://azure.github.io/AppService/2019/11/01/App-Service-Integration-with-Azure-Monitor.html
I have the default blob trigger function within my function app. If I give someone R/W access to a container within my storage account and they upload a blob file, I want to print out who sent the file - specifically their IP address - or some other identifying characteristic. I have gone through the $logs directory as I saw on a different post that the sender IP would be there, but it was not. Does anyone know how to get the sender IP?
yes, it's possible to get a caller ip by activating diagnostic settings (preview). I've send logs to log analytics workspace and here is demo query
StorageBlobLogs
| project CallerIpAddress, AccountName, OperationName, StatusText
I'm getting an error trying to connect CosmosDB (SQL) as an Azure Stream Analytics Output.
I have configured CosmosDB account, added database and new container + I've added a sample JSON document to my container.
When trying to set Stream Analytics output is says: "Failed to load database" in Database selection menu.
CosmosDB account and Stream Analytics job are in the same resource group and location (North Europe).
I've tried another way of setup, but when I select "Provide Cosmos DB settings manually" it creates Output, but instantly I got an error "Connection test failed":
Any idea what could cause these errors?
By updating the Firewall configuration to “All networks” resolves the issue.
In depth solution from my repro:
I have received failed to load databases error:
Error due to: Firewall and virtual networks=> Allow access from : Selected networks.
Now, changed the Firewall and virtual networks=> Allow access from: All networks.
After updating the firewall configuration, loads the databases as shown without any issue.
Hope this helps.
I am trying to alert/visualize Resource changes like creation/deletion of Azure resources using Log Analytics/OMS.
I am able to find new deployments using:
AzureActivity
| where ActivityStatus == 'Succeeded' and OperationNameValue contains 'Microsoft.Resources/deployments/write'
and VM start/stop also is traceable.
However, i do not see any logs when a VM is deleted from a resource group. I checked in the resource group Activity logs too, however such an important event doesnt seem to be tracked properly. Only thing I find is the deletion of shutdown schedules as part of VM deletion, however this isnt a reliable indicator.
How can I track resource deletions using Log Analytics?
You can set up an alert when the vm is deleted in log analytics.
Nav to azure portal, your log analytics -> in the left blade, select Alerts -> New alert rule-> in the new page, select your vm as resource -> then in the condition, add an condition: Delete Virtual Machine.
In Azure I have a table storage account and there is a table WADLogsTable. It is being written too in surprisingly high volumes given the sites it is currently hosting. This website is doing it's own logging and not using any Trace.* or anything like that. I have to believe there is something automated populating the log tables. I checked all the app services and each one has all the "Diagnostics logs" turned off.
How do I figure out what is populating the logs table and kill it?
UPDATE: Thanks #Gaurav Mantri So I know what resource it is coming from and it appears to be webjob related. Not sure if it is required or optional. Here is some sample redacted output:
Executing: 'Function_Name' - Reason: 'New queue message detected on 'queue_name'.'
SnapshotHelper::RestoreSnapshotInternal SUCCESS - process
Job host started
SnapshotHelper::TakeSnapshotTimerCallback
Executed: 'Function_Name' (Succeeded)