我们已经配置了 Azure 应用程序网关的实例(标准 v2 东部 AU 区域),并启用了它的诊断设置,以将所有指标和日志转储到日志分析工作区,这似乎工作得很好,但是,我们想要对请求进行额外的深入了解,因此已经扩大了层级并启用了 WAF v2(如下图所示)。
现在根据这里的文档 https:/docs.microsoft.comen-usazureapplication-gatewayapplication-gateway-diagnostics#diagnostic-logging。 在等待了一段时间后,我们期望防火墙日志会自动填充到同一个日志分析工作区中,但这似乎并不奏效,它们根本没有填充到那里。
distinct Category that returns only one category i.e. "ApplicationGatewayAccessLog"
Does anyone know if we are missing something or have any input?
Sometimes, the output is not the same when you explore data from Application Gateway ---logs and from your specific Log Analytics workspace---logs. You cam compare these results on your side. See this issue.
In this case, you should have finished some access actions to your Application Gateway and trigger the firewall access log collection before the data can be collected by the Azure monitoring. Though document stated Firewall logs are collected every 60 seconds. Sometimes, the data delays(even more than 2 days) to be logged in the logs and your located region also impacts on the data display time. From this blog, you can see hourly log of firewall actions on the WAF.
For more information, you can use Log Analytics to examine Application Gateway Web Application Firewall Logs.