Azure Web Application Firewall Monitoring and Logging
Azure Web Application Firewall (WAF) monitoring and logging are provided through logging and integration with Azure Monitor and Azure Monitor logs.
Azure Monitor
WAF with Application Gateway log is integrated with Azure Monitor. Azure Monitor allows you to track diagnostic information including WAF alerts and logs. You can configure WAF monitoring within the Application Gateway resource in the portal under the Diagnostics tab or through the Azure Monitor service directly.
Logs and diagnostics
WAF with Application Gateway provides detailed reporting on each threat it detects. Logging is integrated with Azure Diagnostics logs and alerts are recorded in a json format. These logs can be integrated with Azure Monitor logs.
For additional information on diagnostics log, visit Application Gateway WAF resource logs
Application Gateway WAF v2 Metrics
New WAF metrics are only available for Core Rule Set 3.2 or greater, or with bot protection and geo-filtering. The metrics can be further filtered on the supported dimensions.
| Metrics | Description | Dimension |
|---|---|---|
| WAF Total Requests | Count of successful requests that WAF engine has served | Action, Country/Region, Method, Mode |
| WAF Managed Rule Matches | Count of total managed rule matches | Action, Country/Region, Mode, Rule Group, Rule Id |
| WAF Custom Rule Matches | Count of custom rule matches | Action, Country/Region, Mode, Rule Group, Rule Name |
| WAF Bot Protection Matches | Count of total bot protection rule matches that have been blocked or logged from malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. | Action, Country/Region, Bot Type, Mode |
For metrics supported by Application Gateway V2 SKU, see Application Gateway v2 metrics
Application Gateway WAF v1 Metrics
| Metrics | Description | Dimension |
|---|---|---|
| Web Application Firewall Blocked Requests Count | Count of total requests that have been blocked by the WAF engine | |
| Web Application Firewall Blocked Requests Distribution | Total number of rules hit distribution for the blocked requests by Rule Group and Rule ID | Rule Group, Rule ID |
| Web Application Firewall Total Rule Distribution | Count of total matched requests distribution by Rule Group and Rule ID | Rule Group, Rule ID |
For metrics supported by Application Gateway V1 SKU, see Application Gateway v1 metrics
Access WAF Metrics in Azure portal
From the Azure portal menu, select All Resources >> <your-Application-Gateway-profile>.
Under Monitoring, select Metrics:
In Metrics, select the metric to add:
Select Add filter to add a filter:
Select New chart to add a new chart
Configure Alerts in Azure portal
Set up alerts on Azure Application Gateway by selecting Monitoring >> Alerts.
Select New alert rule for metrics listed in Metrics section.
Alert will be charged based on Azure Monitor. For more information about alerts, see Azure Monitor alerts.
Next steps
- Learn about Web Application Firewall.
- Learn about Web Application Firewall Logs.
Povratne informacije
Pošalјite i prikažite povratne informacije za