There are multiple locations where traffic is blocked for security reasons. Create a dashboard to easily monitor the frequency of blocked traffic, in order to gain visibility into intentional and unintentional spikes.
- Firewall and NSG specific details to use in log queries: Log Analytics Workspace
- Resource on query syntax
- Resource to create dashboard
- The logs have
AzureDiagnosticsentries - To filter on entries that contain insights on what the WAF (Web Application Firewall) is evaluating, matching, and blocking, use the
ApplicationGatewayAccessLogcategory,
- The logs have
AzureDiagnosticsentries - To filter on resource logs for firewall application rules, use the
AzureFirewallApplicationRulecategory - To filter on resource logs for firewall network rules, use the
AzureFirewallNetworkRulecategory - To filter on logs where the NSG (Network Security Group) rules were applied, use the
NetworkSecurityGroupRuleEventcategory