Azure Gateway WAF - Diagnostics Issue

About

Asked 22/4, 2020 at 2:18 Answered 22/4, 2020 at 2:18

azure-log-analytics azure-application-gateway azure-security azure-waf

I'm trying to setup Azure WAF (v2) on my App Gateway (currently in detection mode first to handle false positive cases), however, I'm seeing this warning:

To view your detection logs, you must have diagnostics enabled.

So, I went to Diagnostic settings and created it there with following options:

Log:

ApplicationGatewayAccessLog - (checked)

ApplicationGatewayPerformanceLog - (checked)

ApplicationGatewayFirewallLog - (checked)

Metric:

AllMetrics - (checked)

I have Send to Log Analytics checked as well. Also Archive to a storage account enabled.

But I'm still seeing the same warning mentioned above. Any idea what I might be missing here?

UPDATE, I do see records within log with following query, but warning is still there:

AzureDiagnostics | where OperationName == "ApplicationGatewayFirewall"

Ra answered 22/4, 2020 at 2:18 Comment(7)

Just to make sure, if you refresh the diagnostic settings blade, you do see your configuration. Right? Maybe logging on and off? We do use App Gateway w/WAF enabled and did not face this behaviour. – Ardy 22/4, 2020 at 2:31

I do see it under App Gateway \ Diagnostic Settings, and I tried to log out and log in again, but still same warning. I even tried to run some malicious scan to make sure that I will have some logs, but still no luck. – Ra 22/4, 2020 at 2:36

Go to your log analytics / logs and look for ApplicationGatewayFirewall. Is there any data? – Ardy 22/4, 2020 at 2:37

@Ardy I have updated my question, I did run a query as you suggested, and I see my requests when I go trough log analytics workspace, however, warning is still there. – Ra 22/4, 2020 at 3:9

@Ra The same issue is happening for me as well. I'm wondering if you found a solution for it? – Pontic 16/8, 2021 at 14:59

@Pontic if you are asking about logs, it takes a min to show logs under AzureDiagnostics. If you were referring to the warning, it's been a while since I did this, but I think it was related to what I had selected for diagnostic, check this article: learn.microsoft.com/en-us/azure/firewall/firewall-diagnostics Also one additional note if you are just starting with WAF, might be a better option to use WAF for Azure FrontDoor instead of WAF for AppGateway. It gives a bit more options (e.g. geofence etc.). – Ra 16/8, 2021 at 16:40

Thanks :) I can see the logs now however the warning is still there. I have to use WAF on appgw as it is the only way to integrate it to AKS that we use for the applications. – Pontic 17/8, 2021 at 10:39

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags