Hello @Kit Shing Kwong ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have used Azure Firewall to protect Azure Kubernetes Service (AKS) clusters and would like to find the detailed log of the outbound traffic including the request URI and response status codes.
You can monitor Azure Firewall using Structured Logs, which uses a predefined schema to structure log data for easy searching, filtering, and analysis. These logs include information such as source and destination IP addresses, protocols, port numbers, and firewall actions.
Refer: https://learn.microsoft.com/en-us/azure/firewall/logs-and-metrics
https://learn.microsoft.com/en-us/azure/firewall/firewall-structured-logs
https://learn.microsoft.com/en-us/azure/firewall/enable-top-ten-and-flow-trace
You seem to be using the correct logs:
AZFWNetworkRule - https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/azfwnetworkrule
AZFWApplicationRule - https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/azfwapplicationrule
For request URI:
In the AZFWApplicationRule log, you can find:
For response status codes:
HTTP(s) response status codes are mostly found in WAF logs but not in the Azure Firewall logs.
In Azure Firewall, you will only find the action taken by the firewall following the match with a particular rule. For example: Firewall may Allow/Deny a specific packet.
You can also use Azure Firewall Workbook which provides a flexible canvas for Azure Firewall data analysis. You can use it to gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses. Azure Firewall Workbook allows you to filter your firewalls and resource groups, and dynamically filter per category with easy-to-read data sets when investigating an issue in your logs.
Refer: https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook
If you are looking for something else, please let us know.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.