Skip to main content

Azure Application Gateway

Thumbnail icon

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It works on application layer (OSI layer 7) and supports URL based routing. This integration helps in analyzing access patterns, tracking performance information for each instance, including total requests served, throughput in bytes, healthy and unhealthy backend instance count.

Log and Metric types

For Azure Application Gateway, you can collect the following logs and metrics:

  • Access log. These logs provide information on access patterns including the caller's IP, requested URL, response latency, return code, and bytes in and out.
  • Performance log. These log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count. The Performance log is available only for the v1 SKU. For the v2 SKU, use Metrics for performance data.
  • Firewall log. You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall.

To know more about the different resource log category types and schemas collected for Azure Application Gateway, refer to Azure documentation.

Setup

Azure service sends monitoring data to Azure Monitor, which can then stream data to Eventhub. Sumo Logic supports:

You must explicitly enable diagnostic settings for each Azure Application Gateway you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described here.

When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: Azure/ApplicationGateway/Logs, Azure/ApplicationGateway/Metrics.

Configure metrics collection

In this section, you will configure a pipeline for shipping metrics from Azure Monitor to an Event Hub, on to an Azure Function, and finally to an HTTP Source on a hosted collector in Sumo Logic.

  1. Configure an HTTP Source.
  2. Configure and deploy the ARM Template.
  3. Export metrics to Event Hub. Perform below steps for each Azure Application Gateway that you want to monitor.
    • Choose Stream to an event hub as destination.
    • Select AllMetrics.
    • Use the Event hub namespace created by the ARM template in Step 2 above. You can create a new Event hub or use the one created by ARM template. You can use the default policy RootManageSharedAccessKey as the policy name.

Configure logs collection

In this section, you will configure a pipeline for shipping diagnostic logs from Azure Monitor to an Event Hub.

  1. To set up the Azure Event Hubs cloud-to-cloud source in Sumo Logic portal, refer to our Azure Event Hubs source documentation.
  2. To create the Diagnostic settings in Azure portal, refer to the Azure documentation. Perform below steps for each Azure Application Gateway that you want to monitor.
    • Choose Stream to an event hub as the destination.
    • Select allLogs.
    • Use the Event hub namespace and Event hub name configured in previous step in destination details section. You can use the default policy RootManageSharedAccessKey as the policy name.

Troubleshooting

Azure Event Hubs Source

Common error types are described here.

You can try restarting the source for ThirdPartyConfig errors.

HTTP Logs and Metrics Source used by Azure Functions

To troubleshoot metrics collection, follow the instructions in Collect Metrics from Azure Monitor > Troubleshooting metrics collection.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.