Supported logs for Microsoft.Network/azureFirewalls

The following table lists the types of logs available for the Microsoft.Network/azureFirewalls resource type.

For a list of supported metrics, see Supported metrics - Microsoft.Network/azureFirewalls

Category Category display name Log table Supports basic log plan Supports ingestion-time transformation Example queries Costs to export
AZFWApplicationRule Azure Firewall Application Rule AZFWApplicationRule

Contains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes.

No No Queries Yes
AZFWApplicationRuleAggregation Azure Firewall Network Rule Aggregation (Policy Analytics) AZFWApplicationRuleAggregation

Contains aggregated Application rule log data for Policy Analytics.

No No Yes
AZFWDnsQuery Azure Firewall DNS query AZFWDnsQuery

Contains all DNS Proxy events log data.

No No Queries Yes
AZFWFatFlow Azure Firewall Fat Flow Log AZFWFatFlow

This query returns the top flows across Azure Firewall instances. Log contains flow information, date transmission rate (in Megabits per second units) and the time period when the flows were recorded. Please follow the documentation to enable Top flow logging and details on how it is recorded.

No No Queries Yes
AZFWFlowTrace Azure Firewall Flow Trace Log AZFWFlowTrace

Flow logs across Azure Firewall instances. Log contains flow information, flags and the time period when the flows were recorded. Please follow the documentation to enable flow trace logging and details on how it is recorded.

Yes No Queries Yes
AZFWFqdnResolveFailure Azure Firewall FQDN Resolution Failure No No Yes
AZFWIdpsSignature Azure Firewall IDPS Signature AZFWIdpsSignature

Contains all data plane packets that were matched with one or more IDPS signatures.

No No Queries Yes
AZFWNatRule Azure Firewall Nat Rule AZFWNatRule

Contains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes.

No No Queries Yes
AZFWNatRuleAggregation Azure Firewall Nat Rule Aggregation (Policy Analytics) AZFWNatRuleAggregation

Contains aggregated NAT Rule log data for Policy Analytics.

No No Yes
AZFWNetworkRule Azure Firewall Network Rule AZFWNetworkRule

Contains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes.

No No Queries Yes
AZFWNetworkRuleAggregation Azure Firewall Application Rule Aggregation (Policy Analytics) AZFWNetworkRuleAggregation

Contains aggregated Network rule log data for Policy Analytics.

No No Yes
AZFWThreatIntel Azure Firewall Threat Intelligence AZFWThreatIntel

Contains all Threat Intelligence events.

No No Queries Yes
AzureFirewallApplicationRule Azure Firewall Application Rule (Legacy Azure Diagnostics) AzureDiagnostics

Logs from multiple Azure resources.

No No Queries No
AzureFirewallDnsProxy Azure Firewall DNS Proxy (Legacy Azure Diagnostics) AzureDiagnostics

Logs from multiple Azure resources.

No No Queries No
AzureFirewallNetworkRule Azure Firewall Network Rule (Legacy Azure Diagnostics) AzureDiagnostics

Logs from multiple Azure resources.

No No Queries No

Next Steps