Reputation: 19
Is there a way to view traffic logs for Azure Storage for connections that got blocked by Firewall settings from Networking pane?
Where can I find log within Azure Monitor/Log Analytics workspace that informs about some connection attempt (here from PowerBi service) that was dropped due to firewall settings? Can it be checked anywhere?
In Azure Storage Account I have enabled enabled all "Diagnostic settings" possible (account level, blob, queue, table etc.) and set "Send to Log Analytics workspace" for each of them. Then in "Networking" I've set "Public network access" to "Disabled" and triggered some published PowerBi report dataset refresh that uses Azure Table Storage within mentioned Azure Storage Account. Refresh fails with:
"There was an error when processing the data in the dataset.Hide details Data source error: The credentials provided for the AzureTables source are invalid. (Source at https://<account_name>.table.core.windows.net/.). The exception was raised by the IDataReader interface. Please review the error message and provider documentation for further information and corrective action. Table: <table_name>." error due to firewall settings. However in Log Analytics workspace I didn't find any logs of any rejected connection.
Upvotes: 1
Views: 1572
Answers (1)
Reputation: 7820
Is there a way to view traffic logs for Azure Storage for connections that got blocked by Firewall settings from Networking pane?
To check the traffic logs for Azure Storage and see the connections blocked by Firewall settings in Networking, you can follow the steps below.
For testing, I have disabled Public network access in storage account, then when I try to access blob, the firewall is blocking the connection.
Enable diagnostic settings, skip this step if are already set up.
Go to Insights > Failures.
- Here you can filter the log, if any traffic blocked from networking for storage transactions.
- KQL query to check the view traffic logs for azure storage for connections that got blocked by firewall.
let serviceValues = dynamic(['blob']);
let operationValues = dynamic(['*']);
let statusValues = dynamic(['AuthorizationFailure']);
StorageBlobLogs
| union StorageQueueLogs
| union StorageTableLogs
| union StorageFileLogs
| where StatusText != "Success"
| where "*" in ('blob') or ServiceType in ('blob')
| where "*" in ('*') or OperationName in ('*')
| where "*" in ('AuthorizationFailure') or StatusText in ('AuthorizationFailure')
| extend Service = ServiceType
| extend AuthType = AuthenticationType
| extend CallerIpAddress = split(CallerIpAddress, ":")[0]
| summarize ErrorCount = count()
by
Service,
OperationName,
StatusText,
StatusCode,
AuthType,
tostring(CallerIpAddress),
Uri
| sort by ErrorCount desc
Output:
Upvotes: 2
Related Questions
- Monitor HTTP traffic for Azure Web App using Log analytics and KQL query
- How to send Azure storage account activity logs to Azure Log analytics workspace
- How to read application log files from Azure Storage on Log Analytics
- How to ensure the diagnostic settings for storage accounts Azure policy is permanently enforced?
- Enable diagnostic settings for Storage account using Azure Policy Definition
- Azure Free Space metric does not show any data
- Connecting storage account datalake 2 to log analytics workspace
- VM scale set doesn't allow Diagnostic settings to be sent to Log Analytics
- Can I use Azure Policy to audit or enforce Azure Activity Log diagnostic settings?