Verify if the logs of the type "WAF, FW, StorageAccount, Application " are sent ot the Eventhub

Question

I am curious if there is a way to query Azure WAF Logs to reveal what logs are pushed to Event Hub? I have seen many attempts to it, also comments like: "You cannot find source/insights of logs going to EventHub".

I have also asked ChatGTP, but got some very basic expalantions.

Thanks!

Answer 1

Below are the steps to send logs to the EventHub:

• Create an Event Hubs Namespace and Event Hub.
• Go to the WAF, FW, or Storage Account Application in the Azure portal.

• Search for the diagnostic setting, enable the diagnostic setting and select the diagnostic setting.

• Select the categories of logs to be sent to a destination (potentially your Event Hub) and choose Destination details as "Stream to an Event Hub."

• Select the Event Hub details in the Destination section.

Now, we can track the logs of WAF, FW, or StorageAccount. To check whether it tracks a new event, a trigger will be initiated when there are changes in accounts.

• To track, we add alias data in the Event Hubs Instance. Create an Azure Data Explorer Database and Database.

Go to Azure Data Explorer select the Database, and run the query using the database name to view logs.