Sending Azure Firewall logs to azure diagnostic table and resource specific tables simultaneously?

Hi CTI,

Yes, your understanding is correct I had experience with a similar setup and It's worked fine. You can do that by setting up two separate diagnostic settings. Here’s how it works:

1. Head to your Azure Firewall settings in the Azure portal.
2. Create two diagnostic settings: For the AzureDiagnostics table, select the log categories you need (like ApplicationRuleLog, NetworkRuleLog, etc.), choose Log Analytics workspace as the destination, and leave the destination table as AzureDiagnostics. For the Resource-specific tables, repeat the process but make sure the destination is set to Resource-specific tables.
3. Check your setup to ensure both diagnostic settings are active and configured correctly.

By doing this, you’re essentially telling Azure to send the logs to two different tables simultaneously. The AzureDiagnostics table gives you a combined view of all logs, while the Resource-specific tables provide structured data for easier querying and analysis.

References:

• https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall
• https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference
• https://techcommunity.microsoft.com/blog/azurenetworksecurityblog/exploring-the-new-resource-specific-structured-logging-in-azure-firewall/3620530

If the information helped address your question, please Accept the answer.

Luis