Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AZFWDnsFlowTrace table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Security |
| Basic Logs Eligible | ✓ Yes |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| MsgType | string | Shows whether the DNS message is a query or response, and whether it's from the client or forwarded by the firewall. |
| Protocol | string | Internet protocol used for the DNS query (e.g., TCP, UDP). |
| QueryMessage | string | Details of the DNS query, including the FQDN or URL. |
| QueryTime | datetime | Timestamp (UTC) when the DNS query was initiated. |
| ResponseTime | datetime | Timestamp (UTC) when the DNS response was received. |
| ServerIp | string | IP address of the DNS server that responded. |
| ServerMessage | string | Details of the DNS response received from the upstream DNS server. |
| ServerPort | int | Port on the DNS server that responded to the query. |
| SocketFamily | string | Internet protocol family for the DNS query. |
| SourceIp | string | IP address of the source that initiated the DNS query. |
| SourcePort | int | Source port from which the DNS query was sent. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Timestamp (UTC) when the data plane log was created. |
| Type | string | The name of the table |
This table collects data from the following Azure resource types:
microsoft.network/azurefirewallsBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊