Home

Firewall Logs

%3CLINGO-SUB%20id%3D%22lingo-sub-744691%22%20slang%3D%22en-US%22%3EFirewall%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744691%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20I%20access%20the%20Firewall%20Logs%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-744691%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-744984%22%20slang%3D%22en-US%22%3ERe%3A%20Firewall%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744984%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F373329%22%20target%3D%22_blank%22%3E%40CHERYL_LOBO%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhich%20Firewall%3F%26nbsp%3B%20CEF%20and%20Sylog%20Firewall%20devices%20will%20be%20in%3A%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3ECommonSecurityLog%0A%7C%20summarize%20count()%20by%20DeviceVendor%20%3C%2FPRE%3E%0A%3CP%3Eor%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3ESyslog%3C%2FPRE%3E%0A%3CP%3EAzureFirewall%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EAzureDiagnostics%20%0A%7C%20where%20ResourceType%20%3D%3D%20%22AZUREFIREWALLS%22%20%0A%7C%20summarize%20count()%20by%20Category%2C%20TimeGenerated%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
CHERYL_LOBO
Occasional Visitor

How can I access the Firewall Logs?

1 Reply

@CHERYL_LOBO 

 

Which Firewall?  CEF and Sylog Firewall devices will be in:  

 

CommonSecurityLog
| summarize count() by DeviceVendor 

or 

 

Syslog

AzureFirewall

 

AzureDiagnostics 
| where ResourceType == "AZUREFIREWALLS" 
| summarize count() by Category, TimeGenerated