Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AGWFirewallLogs table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Audit, Azure Resources, Network |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| Action | string | Action taken on the request. Available values are Blocked and Allowed (for custom rules), Matched (when a rule matches a part of the request), and Detected and Blocked (these are both for mandatory rules, depending on if the WAF is in detection or prevention mode). |
| ClientIp | string | Originating IP for the request. |
| ClientPort | int | Originating port for the request. |
| DetailedData | string | Specific data found in request that matched the rule for the triggered event. |
| DetailedMessage | string | Description of the rule for the triggered event. |
| FileDetails | string | Configuration file that contained the rule for the triggered event. |
| Hostname | string | Hostname or IP address of the Application Gateway. |
| InstanceId | string | Application Gateway instance for which firewall data is being generated. For a multiple-instance application gateway, there is one row per instance. |
| LineDetails | string | Line number in the configuration file that triggered the event. |
| Message | string | User-friendly message for the triggering event. More details are provided in the details section. |
| OperationName | string | Name of the operation. |
| PolicyId | string | The ID of the firewall policy applied to the request. |
| PolicyScope | string | The scope of the policy. Values can be Global, Listener, or Location (for path-based rules). |
| PolicyScopeName | string | The name of the policy scope applied. |
| RequestUri | string | URL of the received request. |
| RuleId | string | Rule ID of the triggering event. |
| RuleSetType | string | Rule set type. The available value is OWASP. |
| RuleSetVersion | string | Rule set version used. Available values are 2.2.9 and 3.0. |
| Site | string | Site for which the log was generated. Currently, only Global is listed because rules are global. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Time (UTC) when the log was created. |
| TransactionId | string | Unique ID for a given transaction which helps group multiple rule violations that occurred within the same request. |
| Type | string | The name of the table |
This table is used by the following solutions:
In solution Azure Web Application Firewall (WAF):
This table collects data from the following Azure resource types:
microsoft.network/applicationgatewaysBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊