azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard
verified publisher icon MicrosoftDocs

Doc is out of date

Open dangbuzhude266 opened this issue 3 years ago • 6 comments

[Enter feedback here] Hi,

Current FW log Doc doesn't cover all fw log category groups supported at Azure portal Ex: Azure Firewall Network Rule Hit, Azure Firewall Application Rule Hit,etc

Can MS help to update FW log Doc to the latest version ? and explain each logs differnces ?

#### Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

dangbuzhude266 avatar Aug 16 '22 04:08 dangbuzhude266

@dangbuzhude266, Thanks for your feedback. We shall review this and get back to you shortly!

KapilAnanth-MSFT avatar Aug 16 '22 07:08 KapilAnanth-MSFT

@dangbuzhude266, I can see Network Rule Log and Application log documented here.

image image

Can you be more specific on which Rule(s) you think is missing from the document?

Thanks, Kapil

KapilAnanth-MSFT avatar Aug 16 '22 08:08 KapilAnanth-MSFT

Hi,

Please see below picture

@.***

From: Kapil Ananth @.> Sent: Tuesday, August 16, 2022 4:37 PM To: MicrosoftDocs/azure-docs @.> Cc: Binwei Ni @.>; Mention @.> Subject: Re: [MicrosoftDocs/azure-docs] Doc is out of date (Issue #97142)

@dangbuzhude266https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdangbuzhude266&data=05%7C01%7Cbinweini%40microsoft.com%7C1eae102f9a024c2fa74e08da7f628360%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962358356791925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pID0FHh9y3XW12lmnDtQmTKej2T30kUmzoymJcaVhuA%3D&reserved=0, I can see Network Rule Log and Application log documented here.

[image]https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuser-images.githubusercontent.com%2F107474080%2F184835448-f1e17527-83f3-4192-ba85-43d16dd0f6d7.png&data=05%7C01%7Cbinweini%40microsoft.com%7C1eae102f9a024c2fa74e08da7f628360%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962358356791925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zflEPl8Gq1SnZ%2BHMifQzyFksdVGo6EhPVNPtUc0AZh8%3D&reserved=0 [image]https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuser-images.githubusercontent.com%2F107474080%2F184835517-65b2e335-ccdc-43ae-8e37-3db2838fa210.png&data=05%7C01%7Cbinweini%40microsoft.com%7C1eae102f9a024c2fa74e08da7f628360%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962358356791925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LAzu8owTPp5m8DsBxWhv1yDxYfX6Rl9KYRhVIkdq3Us%3D&reserved=0

Can you be more specific on which Rule(s) you think is missing from the document?

Thanks, Kapil

Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F97142%23issuecomment-1216318897&data=05%7C01%7Cbinweini%40microsoft.com%7C1eae102f9a024c2fa74e08da7f628360%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962358356791925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fPLXptPdBqatejFfbIzPMQTSJ6S9lu8ykqKlNK7ipf0%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA2RM7IATFL55LFPC2WQ5OCDVZNHLNANCNFSM56UI2XTQ&data=05%7C01%7Cbinweini%40microsoft.com%7C1eae102f9a024c2fa74e08da7f628360%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962358356791925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=z9g62C3%2Fi4TzpUsEeuaS8ZWdxUiqzHVWIE2V9P4uDYo%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.@.>>

dangbuzhude266 avatar Aug 16 '22 10:08 dangbuzhude266

@dangbuzhude266, can you please check your latest comment. I can only see the below.

image

KapilAnanth-MSFT avatar Aug 16 '22 10:08 KapilAnanth-MSFT

Hi Kapil,

Current Azure firewall offers below log category:

Azure Firewall Application Rule Azure Firewall Network Rule Azure Firewall DNS Proxy Azure Firewall Network Rule Hit Azure Firewall Application Rule Hit Azure Firewall Nat Rule Hit Azure Firewall ThreatIntel Hit Azure Firewall Idps Signature Hit Azure Firewall Dns query Hit Azure Firewall Fqdn Resolution Failure Hit Azure Firewall Network Rule Aggregation Hit Azure Firewall Application Rule Aggregation Hit Azure Firewall Nat Rule Aggregation Hit

Currently only app/network/dns log has been elaborated at official doc

From: Kapil Ananth @.> Sent: Tuesday, August 16, 2022 6:27 PM To: MicrosoftDocs/azure-docs @.> Cc: Binwei Ni @.>; Mention @.> Subject: Re: [MicrosoftDocs/azure-docs] Doc is out of date (Issue #97142)

@dangbuzhude266https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdangbuzhude266&data=05%7C01%7Cbinweini%40microsoft.com%7Cecebc231e1614164467008da7f71e68a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962424454445097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZCCzAaSoWTBm9pMkEzHvCqyEj6ZS67ZWMrh8Y1t6MXk%3D&reserved=0, can you please check your latest comment. I can only see the below.

[image]https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuser-images.githubusercontent.com%2F107474080%2F184857559-1e8d1c4f-2918-46b0-b756-626ee989b8c9.png&data=05%7C01%7Cbinweini%40microsoft.com%7Cecebc231e1614164467008da7f71e68a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962424454445097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MPoc9uCScs1QwNH%2FT1DrxMBu6Kd0ed2B4ZJ%2FZVmlBh4%3D&reserved=0

Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F97142%23issuecomment-1216452943&data=05%7C01%7Cbinweini%40microsoft.com%7Cecebc231e1614164467008da7f71e68a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962424454445097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oEquIeZd7NWFaxTD%2F3UUFx6xu7LywnMYIRcHfIHmuDo%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA2RM7ICLNNCYS42SX7SLER3VZNUIPANCNFSM56UI2XTQ&data=05%7C01%7Cbinweini%40microsoft.com%7Cecebc231e1614164467008da7f71e68a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637962424454601308%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E%2FI9QeSgS3F14ies3II3VO3RN44QjP4Hpg3w8rEytYw%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.@.>>

dangbuzhude266 avatar Aug 16 '22 10:08 dangbuzhude266

@dangbuzhude266, Thanks for bringing this up to our attention. I shall assign this to the author for further review.

@vhorne, kindly check this and update the docs with the new log categories. image

KapilAnanth-MSFT avatar Aug 16 '22 10:08 KapilAnanth-MSFT

@dangbuzhude266 The structured log feature is currently in Preview and is documented here: https://docs.microsoft.com/en-us/azure/firewall/firewall-preview#structured-firewall-logs-preview.

When it goes GA, we'll move this information to the Overview article. #please-close

vhorne avatar Aug 25 '22 13:08 vhorne