Azure Firewall Log Query - Src and Dst IP Only

Ajaz Nawaz 21 Reputation points
2022-03-15T15:39:29.63+00:00

Hi folks - newbie here so excuse me - don't worry i'll stop asking basic qtns here very soon [hopefully]

Can I please ask someone to share script to run query for defined source / destination IP only only.

So in other words, show me all flow with the following src / dst IP pair.

Thanks !

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
573 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
    2022-03-25T21:38:46.723+00:00

    Hello @Ajaz Nawaz , apologies for the delayed response here. Below is the query which will fetch all the Diagnostic Firewall logs for the specific Source and Destination IP pair with destination port as 443. 

    AzureDiagnostics  
| where ResourceType == "AZUREFIREWALLS"  
| extend  
    src_host =   "src_ip"  
    ,dest_host =  "dst_ip"  
    ,dest_port =  "443"  
| project TimeGenerated,Category,src_host,dest_host,dest_port,msg_s

    I was able to run this query in my Log Analytics workspace.
    186960-image.png

    You can add another | where Category =="AzureFirewallNetworkRule" to get any specific rule.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    2 people found this answer helpful.
    0 comments