Azure Application Proxy logging

Peter Holland · ‎May 02 2017

Hi,

so, aiming to replace ISA/TMG with Application Proxy for a variety of use case scenarios, the main question that is arising relates to logging.

are application proxy logs automatically available via OMS as they are part of Azure Active Directory authentication?

what about apps with no authentication?

the key information is the source IP, username, application(destination), which is available with the CSV log file download from application proxy, but the UI doesnt provide any information or automation around generating the log file, or connecting to the live data stream.

the big goal being intrusion detection, identification, and tracking.

is OMS the product to use for this?

what if the customer wished to use splunk or some other third party option, how do we connect to/parse the logs in that instance?

cheers

Pete

Kent Gaardmand · ‎May 04 2017

Hi Peter, nice to see you again :)
I cant answer you question regarding application proxy as i dont have acces to this feature and i cant actually find any information regarding the Proxy logs, but with regards to splunk and OMS, they should both be able to access the logs from resources.

Earl Zirkle · ‎Mar 09 2018

If you have the connectors installed, there are a few logs to check under AadApplicationProxy. However, more information as you've mentioned previously like source IP, username, application (destination) would be extremely helpful.

https://blogs.technet.microsoft.com/applicationproxyblog/2015/06/01/all-you-want-to-know-about-azure...

Azure Application Proxy logging

Azure Application Proxy logging

Re: Azure Application Proxy logging

Re: Azure Application Proxy logging

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Application Proxy logging