/
Azure Resource logs: Application Gateway logs

Azure Resource logs: Application Gateway logs

Overview

3 Types of resource logs from Application Gateway

  • Access log: You can use this log to view Application Gateway access patterns and analyze important information, such as, caller's IP, requested URL, response latency, return code, and bytes in and out.

  • Firewall log: You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall.

  • Performance log: You can use this log to view how Application Gateway instances are performing.

 

Azure Application Gateway Access Log: AzureApplicationGatewayAccessLog

You can use this log to view Application Gateway access patterns and analyze important information. This includes the caller's IP, requested URL, response latency, return code, and bytes in and out.

This log contains one record per instance of Application Gateway. The Application Gateway instance is identified by the instanceId property.

 

Log Structure

{
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "TenantId",
"type": "string"
},
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "ResourceId",
"type": "string"
},
{
"name": "Category",
"type": "string"
},
{
"name": "ResourceGroup",
"type": "string"
},
{
"name": "SubscriptionId",
"type": "string"
},
{
"name": "ResourceProvider",
"type": "string"
},
{
"name": "Resource",
"type": "string"
},
{
"name": "ResourceType",
"type": "string"
},
{
"name": "OperationName",
"type": "string"
},
{
"name": "ResultType",
"type": "string"
},
{
"name": "CorrelationId",
"type": "string"
},
{
"name": "ResultDescription",
"type": "string"
},
{
"name": "Tenant_g",
"type": "string"
},
{
"name": "JobId_g",
"type": "string"
},
{
"name": "RunbookName_s",
"type": "string"
},
{
"name": "StreamType_s",
"type": "string"
},
{
"name": "Caller_s",
"type": "string"
},
{
"name": "requestUri_s",
"type": "string"
},
{
"name": "Level",
"type": "string"
},
{
"name": "DurationMs",
"type": "long"
},
{
"name": "CallerIPAddress",
"type": "string"
},
{
"name": "OperationVersion",
"type": "string"
},
{
"name": "ResultSignature",
"type": "string"
},
{
"name": "id_s",
"type": "string"
},
{
"name": "status_s",
"type": "string"
},
{
"name": "LogicalServerName_s",
"type": "string"
},
{
"name": "Message",
"type": "string"
},
{
"name": "clientInfo_s",
"type": "string"
},
{
"name": "httpStatusCode_d",
"type": "real"
},
{
"name": "identity_claim_appid_g",
"type": "string"
},
{
"name": "identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g",
"type": "string"
},
{
"name": "userAgent_s",
"type": "string"
},
{
"name": "ruleName_s",
"type": "string"
},
{
"name": "identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s",
"type": "string"
},
{
"name": "systemId_g",
"type": "string"
},
{
"name": "isAccessPolicyMatch_b",
"type": "bool"
},
{
"name": "EventName_s",
"type": "string"
},
{
"name": "httpMethod_s",
"type": "string"
},
{
"name": "subnetId_s",
"type": "string"
},
{
"name": "type_s",
"type": "string"
},
{
"name": "instanceId_s",
"type": "string"
},
{
"name": "macAddress_s",
"type": "string"
},
{
"name": "vnetResourceGuid_g",
"type": "string"
},
{
"name": "direction_s",
"type": "string"
},
{
"name": "subnetPrefix_s",
"type": "string"
},
{
"name": "primaryIPv4Address_s",
"type": "string"
},
{
"name": "conditions_sourcePortRange_s",
"type": "string"
},
{
"name": "priority_d",
"type": "real"
},
{
"name": "conditions_destinationPortRange_s",
"type": "string"
},
{
"name": "conditions_destinationIP_s",
"type": "string"
},
{
"name": "conditions_None_s",
"type": "string"
},
{
"name": "conditions_sourceIP_s",
"type": "string"
},
{
"name": "httpVersion_s",
"type": "string"
},
{
"name": "matchedConnections_d",
"type": "real"
},
{
"name": "startTime_t",
"type": "datetime"
},
{
"name": "endTime_t",
"type": "datetime"
},
{
"name": "DatabaseName_s",
"type": "string"
},
{
"name": "clientIP_s",
"type": "string"
},
{
"name": "host_s",
"type": "string"
},
{
"name": "requestQuery_s",
"type": "string"
},
{
"name": "sslEnabled_s",
"type": "string"
},
{
"name": "clientPort_d",
"type": "real"
},
{
"name": "httpStatus_d",
"type": "real"
},
{
"name": "receivedBytes_d",
"type": "real"
},
{
"name": "sentBytes_d",
"type": "real"
},
{
"name": "timeTaken_d",
"type": "real"
},
{
"name": "resultDescription_ErrorJobs_s",
"type": "string"
},
{
"name": "resultDescription_ChildJobs_s",
"type": "string"
},
{
"name": "identity_claim_http_schemas_microsoft_com_identity_claims_scope_s",
"type": "string"
},
{
"name": "workflowId_s",
"type": "string"
},
{
"name": "resource_location_s",
"type": "string"
},
{
"name": "resource_workflowId_g",
"type": "string"
},
{
"name": "resource_resourceGroupName_s",
"type": "string"
},
{
"name": "resource_subscriptionId_g",
"type": "string"
},
{
"name": "resource_runId_s",
"type": "string"
},
{
"name": "resource_workflowName_s",
"type": "string"
},
{
"name": "_schema_s",
"type": "string"
},
{
"name": "correlation_clientTrackingId_s",
"type": "string"
},
{
"name": "properties_sku_Family_s",
"type": "string"
},
{
"name": "properties_sku_Name_s",
"type": "string"
},
{
"name": "properties_tenantId_g",
"type": "string"
},
{
"name": "properties_enabledForDeployment_b",
"type": "bool"
},
{
"name": "code_s",
"type": "string"
},
{
"name": "resultDescription_Summary_MachineId_s",
"type": "string"
},
{
"name": "resultDescription_Summary_ScheduleName_s",
"type": "string"
},
{
"name": "resultDescription_Summary_Status_s",
"type": "string"
},
{
"name": "resultDescription_Summary_StatusDescription_s",
"type": "string"
},
{
"name": "resultDescription_Summary_MachineName_s",
"type": "string"
},
{
"name": "resultDescription_Summary_TotalUpdatesInstalled_d",
"type": "real"
},
{
"name": "resultDescription_Summary_RebootRequired_b",
"type": "bool"
},
{
"name": "resultDescription_Summary_TotalUpdatesFailed_d",
"type": "real"
},
{
"name": "resultDescription_Summary_InstallPercentage_d",
"type": "real"
},
{
"name": "resultDescription_Summary_StartDateTimeUtc_t",
"type": "datetime"
},
{
"name": "resource_triggerName_s",
"type": "string"
},
{
"name": "resultDescription_Summary_InitialRequiredUpdatesCount_d",
"type": "real"
},
{
"name": "properties_enabledForTemplateDeployment_b",
"type": "bool"
},
{
"name": "resultDescription_Summary_EndDateTimeUtc_s",
"type": "string"
},
{
"name": "resultDescription_Summary_DurationInMinutes_s",
"type": "string"
},
{
"name": "resource_originRunId_s",
"type": "string"
},
{
"name": "properties_enabledForDiskEncryption_b",
"type": "bool"
},
{
"name": "resource_actionName_s",
"type": "string"
},
{
"name": "correlation_actionTrackingId_g",
"type": "string"
},
{
"name": "resultDescription_Summary_EndDateTimeUtc_t",
"type": "datetime"
},
{
"name": "resultDescription_Summary_DurationInMinutes_d",
"type": "real"
},
{
"name": "conditions_protocols_s",
"type": "string"
},
{
"name": "identity_claim_ipaddr_s",
"type": "string"
},
{
"name": "ElasticPoolName_s",
"type": "string"
},
{
"name": "identity_claim_http_schemas_microsoft_com_claims_authnmethodsreferences_s",
"type": "string"
},
{
"name": "RunOn_s",
"type": "string"
},
{
"name": "query_hash_s",
"type": "string"
},
{
"name": "SourceSystem",
"type": "string"
},
{
"name": "MG",
"type": "string"
},
{
"name": "ManagementGroupName",
"type": "string"
},
{
"name": "Computer",
"type": "string"
},
{
"name": "RawData",
"type": "string"
},
{
"name": "healthyHostCount_d",
"type": "real"
},
{
"name": "unHealthyHostCount_d",
"type": "real"
},
{
"name": "requestCount_d",
"type": "real"
},
{
"name": "latency_d",
"type": "real"
}, { "name": "failedRequestCount_d", "type": "real" }, { "name": "throughput_d", "type": "real" }, { "name": "timeStamp_t", "type": "datetime" }, { "name": "listenerName_s", "type": "string" }, { "name": "backendPoolName_s", "type": "string" }, { "name": "backendSettingName_s", "type": "string" }, { "name": "originalRequestUriWithArgs_s", "type": "string" }, { "name": "clientResponseTime_d", "type": "real" }, { "name": "transactionId_g", "type": "string" }, { "name": "sslCipher_s", "type": "string" }, { "name": "sslProtocol_s", "type": "string" }, { "name": "sslClientVerify_s", "type": "string" }, { "name": "sslClientCertificateFingerprint_s", "type": "string" }, { "name": "sslClientCertificateIssuerName_s", "type": "string" }, { "name": "serverRouted_s", "type": "string" }, { "name": "serverStatus_s", "type": "string" }, { "name": "serverResponseLatency_s", "type": "string" }, { "name": "upstreamSourcePort_s", "type": "string" }, { "name": "originalHost_s", "type": "string" }, { "name": "AdditionalFields", "type": "dynamic" }, { "name": "WAFEvaluationTime_s", "type": "string" }, { "name": "WAFMode_s", "type": "string" }, { "name": "WAFPolicyID_s", "type": "string" }, { "name": "connectionSerialNumber_d", "type": "real" }, { "name": "noOfConnectionRequests_d", "type": "real" }, { "name": "Type", "type": "string" }, { "name": "_ItemId", "type": "string" }, { "name": "_ResourceId", "type": "string" }, { "name": "IngestionTime", "type": "datetime" }, { "name": "LogId", "type": "string" } ], "rows": [ [ "89535190-33d4-40ee-90a1-4af37d5cf2d7", "2023-09-14T08:02:36Z", "/SUBSCRIPTIONS/E0DE53D1-C8BC-4ED4-90CC-9362C6FEF41C/RESOURCEGROUPS/TEST/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/APPGW-1", "ApplicationGatewayAccessLog", "TEST", "e0de53d1-c8bc-4ed4-90cc-9362c6fef41c", "MICROSOFT.NETWORK", "APPGW-1", "APPLICATIONGATEWAYS", "ApplicationGatewayAccess", "", "", "", "", "", "", "", "", "/.env", "", null, "", "", "", "", "", "", "", "", null, "", "", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36", "appgw-routing-rule-1", "", "", null, "", "GET", "", "", "appgw_0", "", "", "", "", "", "", null, "", "", "", "", "HTTP/1.1", null, null, null, "", "1.2.3.4", "192.1.1.1:80", "", "", 45306, 404, 231, 460, 0.006, "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", null, "", "", "", "", "", "", null, null, null, null, null, "", null, null, "", "", "", null, "", "", null, null, "", "", "", "", "", "", "Azure", "", "", "", "", null, null, null, null, null, null, "2023-09-14T08:02:36Z", "appgw-listener-1", "appgw-backend-pool-1", "appgw-backend-setting-1", "/.env", 0, "51bbbac9-6e92-4937-a689-9fff8789ac9f", "", "", "", "", "", "5.6.7.8:80", "404", "0.004", "37856", "192.1.1.1:80", null, "0.004", "Prevention", "/subscriptions/e0de53d1-c8bc-4ed4-90cc-9362c6fef41c/resourceGroups/test/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/Waf-rule-1", 871313, 1, "AzureDiagnostics", "2ec3a84e-ee71-4eef-a6cc-f7a8afa4028d", "/subscriptions/e0de53d1-c8bc-4ed4-90cc-9362c6fef41c/resourcegroups/test/providers/microsoft.network/applicationgateways/appgw-1", "2023-09-14T08:03:03.1091014Z", "2ec3a84e-ee71-4eef-a6cc-f7a8afa4028d" ] ] } ]}