I'm struggling with getting some very basic IIS HTTP log data available for querying at Azure Monitor > Logs.
Here are my settings so far:
App Service
App Service logs: Web server logging - File System
Diagnostic settings: Send to Log Analytics
log: AppServiceHTTPLogs
Log Analytics Workspace: LAWS-exitadviser
LAWS-exitadviser
Advanced settings > Data > IIS Logs > Collect W3C format IIS log files (checked)
The problem is that it always returns "NO RESULTS FOUND".
I'm totally lost. Does anybody know how to get/set it working?
Thanks!
You have to query 'W3CIISLog' table if you have installed log analytics agent in the source machine. For more information, please refer this document.
In your case, you would have to query 'AppServiceHTTPLogs' table. For more information, please refer this document.
Hope this helps!
Related
Using Linux App Service on Azure. How do I view the logs (app/console logs and HTTP request logs) for a particular time in the past?
In other logging apps I can enter a search term, or a time and jump straight to that point to view the logs for that point (and before and after). That's what I'd like to do for Azure.
You need to set WEBSITE_TIME_ZONE variable in Application settings.
Supported timezone values are
https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
https://learn.microsoft.com/en-us/azure/app-service/faq-configuration-and-management
You can verify Time by navigating to Console and executing time command enter
If you want to search in logs you may download them in txt file into local machine or send the logs to Azure Log Analytics and query them using query language filters
| where TimeGenerated xxx
We have provisioned the instance of the Azure app gateway (Standard v2 East AU region) and has enabled the diagnostics settings of it to dump all metrics and logs to the log analytics workspace and this seem to be working fine, however we wanted to additional insights of the request and hence have scaled up the tier and enabled the WAF v2 (as shown in the image below).
Now based on this documentation here https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging and after waiting for some time, we expected that the firewall logs will be automatically populating in the same log analytics workspace however this does not seem to work and they are simply not populated there.
Note that we can see the "ApplicationGatewayAccessLog" logs and below query is evident of the same AzureDiagnostics | distinct Category that returns only one category i.e. "ApplicationGatewayAccessLog"
Does anyone know if we are missing something or have any input?
Sometimes, the output is not the same when you explore data from Application Gateway ---logs and from your specific Log Analytics workspace---logs. You cam compare these results on your side. See this issue.
In this case, you should have finished some access actions to your Application Gateway and trigger the firewall access log collection before the data can be collected by the Azure monitoring. Though document stated Firewall logs are collected every 60 seconds. Sometimes, the data delays(even more than 2 days) to be logged in the logs and your located region also impacts on the data display time. From this blog, you can see hourly log of firewall actions on the WAF.
For more information, you can use Log Analytics to examine Application Gateway Web Application Firewall Logs.
I'm setting up Azure WebApp logging. My concern is that error logs are stored in webapp server level, the size increasing day by day from Elmah. Is there a best approach to maintaining the logs, both storing and automating archiving or deleting?
My web development is based on angular. Any suggestion for aggregating logs, like what kind of logs would be generated?
Yes, by default, logs are not automatically deleted (with the exception of Application Logging (Filesystem)). To automatically delete logs, set the Retention Period (Days) field. You could automate the deletion by leveraging KUDU Virtual File System (VFS) Rest API. For a sample script, checkout this discussion thread for a similar approach:
How can you delete all log files from an Azure WebApp using powershell?
Just to highlight, these are the logging that you could capture on WebApps:
• Detailed Error Logging
• Failed Request Tracing
• Web Server Logging
• Application logging - you can turn on the file system option temporarily for debugging purposes. This option turns off automatically in 12 hours. You can also turn on the blob storage option to select a blob container to write logs to.
For log directory information kindly refer to this document: https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs
I know that I can go to "Azure Resources" to view the resources that are connected, but it doesn't list everything that I have set to point to the workspace. For instance, CDN endpoints don't have a setting that you can configure in the portal, but you can do it in powershell. They're not listed on the Azure Resources blade in the workspace, either. I have tried using the query
AzureDiagnostics
| where TimeGenerated > ago(1d)
| summarize count() by Category
This only showed three categories. For nsgs and a key vault. I have a lot more resources connected to this workspace.
we can enable CDN diagnostics logging with Azure PowerShell / Portal as well. For detailed instructions, please refer this tutorial.
As mentioned in this tutorial, CDN falls under the list of services that support AzureDiagnostics table logs (with the supported log category of 'CoreAnalytics' which helps to get the CDN endpoint metrics bandwidth, egress, etc.)
AFAIK the reason for not getting CDN related logs under your AzureDiagnostics table would be because the configuration of CDN to send diagnostic logs to Log Analytics was not done properly or else the CDN service hasn't generated any new log for some reason.
I would suggest you to (double check or) enable CDN diagnostics logging with Azure PowerShell / Portal as instructed here and see if it resolves the issue.
Hope this helps!!
How do I clear the SharePoint Usage Logs and/or Web Analytics Logs?
I've tried deleting the *.usage files found in {SharePoint Hive}\Logs, and deleting the Usage Service Application as well as the Web Analytics Service Application?
The reason why I as is because I have a web part that determines the most visited sites. In my code I use the
SPWeb.GetUsageData(SPUsageReportType.url, SPUsagePeriodType.lastMonth)
method, and it always returns the same data. I would like to reset the values it returns.
Have you tried looking at the usage database? Usage might be backed by that database.
You can also limit the retention timeframe for specific usage items: Set-SPUsageDefinition -Identity"Page Requests" -DaysRetained 3 or see this blog post: How to reduce the size of logging database OR How to purge the old data from Logging Database.
Another way of clearing the logs is shown here using only central admin: How to Delete Usage Logs on Sharepoint. Sahhil Malik shows yet more ways to refresh the logs: SharePoint 2010 - Drives are running out of free space.
If you are just trying to restart the logging, try:
◦Open the "SharePoint 2010 Management Shell" (Powershell for SharePoint).
◦Type "New-SPLogFile"
Done.
The logs will be in "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS"
You may delete WEB Analytics Service along with associated Data
under
Application Management->Service Applications->Manage service applications
select web analytics from service
and delete it along with associated data