| title | description | services | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Azure Firewall network rule name logging (preview) |
Learn about Azure Firewall network rule name logging (preview) |
firewall |
vhorne |
firewall |
conceptual |
01/25/2023 |
victorh |
Important
This feature is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Currently, a network rule hit event shows the following attributes in the logs:
- Source and destination IP/port
- Action (allow, or deny)
With this new feature, the event logs for network rules also show the following attributes:
- Policy name
- Rule collection group
- Rule collection
- Rule name
To enable the Network Rule name Logging feature, the following commands need to be run in Azure PowerShell. For the feature to immediately take effect, an operation needs to be run on the firewall. This operation can be a rule change (least intrusive), a setting change, or a stop/start operation. Otherwise, the firewall/s is updated with the feature within several days.
Run the following Azure PowerShell commands to configure Azure Firewall network rule name logging:
Connect-AzAccount
Select-AzSubscription -Subscription "subscription_id or subscription_name"
Register-AzProviderFeature -FeatureName AFWEnableNetworkRuleNameLogging -ProviderNamespace Microsoft.Network
Register-AzResourceProvider -ProviderNamespace Microsoft.Network
Run the following Azure PowerShell command to turn off this feature:
Unregister-AzProviderFeature -FeatureName AFWEnableNetworkRuleNameLogging -ProviderNamespace Microsoft.Network
- To learn more about Azure Firewall logs and metrics, see Azure Firewall logs and metrics