cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AzureDiagnostics table not showing action_s and ruleId_s columns

knoxbox
Copper Contributor

‎May 19 2020 09:05 AM - last edited on ‎Apr 08 2022 10:26 AM by

‎May 19 2020 09:05 AM - last edited on ‎Apr 08 2022 10:26 AM by

AzureDiagnostics table not showing action_s and ruleId_s columns

Logs are coming from an Application Gateway setup as a WAF v2.0.

The logs are sent to my workspace, but the action_s and ruleId_s fields are not present in the AzureDiagnostics table. This prevents me from detecting which HTTP requests are being flagged by OWASP rules.

 

I have a second Application Gateway setup as a WAF with logs going to another workspace, and there the AzureDiagnostics table shows the action_s and ruleId_s fields. Both  firewalls are setup the same.

1,922 Views
0 Likes
3 Replies
Reply
3 Replies
JcLIF070

‎Nov 29 2022 03:42 AM

‎Nov 29 2022 03:42 AM

Re: AzureDiagnostics table not showing action_s and ruleId_s columns

I am having this same issue with no current resolution. Did you ever find a way to fix this?
1 Like
Reply
KevinHemelrijk

‎Apr 18 2023 02:26 AM

‎Apr 18 2023 02:26 AM

Re: AzureDiagnostics table not showing action_s and ruleId_s columns

Any solution already? We are facing the same problem
0 Likes
Reply
PhilipVandeVyver

‎Apr 19 2023 12:07 AM

‎Apr 19 2023 12:07 AM

Re: AzureDiagnostics table not showing action_s and ruleId_s columns

Those fields are only being created when new records with the "action_s" and "ruleId_s" are being injected in the Log Analytics Workspace.
If no HTTPS requist are flagged by the OWASP rules, no logging is done and the fields are not created.
1 Like
Reply