Enable and configure diagnostic logging and metrics for WAF on Azure Front Door and Azure Application Gateway

Implementation Effort: Medium

User Impact: Low

Overview

Diagnostic logging and metrics are essential for understanding WAF enforcement, tuning policies, and investigating incidents across both edge and regional gateways.

For Azure Front Door, navigate to your Front Door instance in the Azure portal, open Diagnostic settings, and add a setting to your Log Analytics workspace or Storage/Event Hub. Select the FrontDoor WebApplicationFirewall Log, FrontDoor Access Log, or FrontDoor Health Probe Log categories to capture every request, custom rule match, and health probe events . Front Door also emits metrics such as Web Application Firewall Request CountandJS Challenge Request Count that you can chart and alert on in Azure Monitor .

For Azure Application Gateway with WAF, go to your Application Gateway resource, open Diagnostic settings, and send logs to your Log Analytics workspace. Enable Application Gateway Firewall Log, Application Gateway Performance Log, or Application Gateway Access Log to record WAF detections, HTTP transaction details, and performance counters . You can also leverage built-in metrics like WAF Total Requests, WAF Managed Rule Matches, WAF Bot Protection Matches etc for alerting and building dashboards in Azure Monitor.

Reference

• Configure Azure Front Door logs
• Azure Web Application Firewall Monitoring and Logging
• Metrics for Application Gateway
• Azure Web Application Firewall monitoring and logging