Logs from a site to site connection in Azure

There is no way to view logs direct, but we can download the Diagnostic logs of the VPN Gateway. In order to store the logs, you should add storage account and storage Container in the same Resource Group of the VPN Gateway. Here an example (ARM) to use PowerShell to configure the Diagnostic Logs for VPN Gateway:

# VNET Resource Group and Name
$rgName = ‘your resource name’
$vnetGwName = "your GW name"
$timestamp = get-date -uFormat "%d%m%y@%H%M%S"

# Details of existing Storage Account that will be used to collect the logs
$storageAccountName = "storage account name"
$storageAccountKey = ‘storage account key’
$captureDuration = 60
$storageContainer = "vpnlogs"
$logDownloadPath = "D:\vpnlogs (create the folder first)"
$Logfilename = "VPNDiagLog_" + $vnetGwName + "_" + $timestamp + ".txt"

# Set Storage Context and VNET Gateway ID
$storageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey

# NOTE: This is an Azure Service Manager cmdlet and so no AzureRM on this one.  AzureRM will not work as we don’t get the gatewayID with it.
$vnetGws = Get-AzureVirtualNetworkGateway

# Added check for only provisioned gateways as older deleted gateways of same name can also appear in results and capture will fail
$vnetGwId = ($vnetGws | ? GatewayName -eq $vnetGwName | ? state -EQ "provisioned").GatewayID

# Start Azure VNET Gateway logging
Start-AzureVirtualNetworkGatewayDiagnostics  `
    -GatewayId $vnetGwId `
    -CaptureDurationInSeconds $captureDuration `
    -StorageContext $storageContext `
    -ContainerName $storageContainer

# Optional – Test VNET gateway connection to another server across the tunnel 
# Only use this if you are connected to the local network you are connecting to FROM Azure. Otherwise create some traffic across the link from on prem.
# Test-NetConnection -ComputerName 10.0.0.4 -CommonTCPPort RDP

# Wait for diagnostics capturing to complete
Sleep -Seconds $captureDuration

# Step 6 – Download VNET gateway diagnostics log
$logUrl = ( Get-AzureVirtualNetworkGatewayDiagnostics -GatewayId $vnetGwId).DiagnosticsUrl
$logContent = (Invoke-WebRequest -Uri $logUrl).RawContent
$logContent | Out-File -FilePath $logDownloadPath\$Logfilename

This script need to be performed one by one.
More information about Diagnostic logs, refer to the link.

Related videos on Youtube

16 : 30

Sending Logs From A Linux Server to Log Analytics Workspace in Azure

InfoVerse Tech

474

34 : 26

Azure Application Insights Tutorial | Amazing telemetry service

Adam Marczak - Azure for Everyone

111

16 : 41

Azure: Connecting Networks with a Site-to-Site VPN

Cloud Academy

31

22 : 49

How to setup Site to Site (S2S) VPN from local OnPrem to Azure Cloud in 10 steps

ConsulCat

30

08 : 01

Azure Site-to-Site VPN quick setup

ITComputeGuru

25

09 : 33

How to Enable NSG Flow logs | Network Security Group | Azure Networking | Video 5

ITProGuide

5

25 : 36

Sending logs from Syslog Server to Azure Sentinel(tcpdump,client,server setup - rsyslog.conf)

Network Security Cloud Club

1

Author by

Victor Villar

Systems Engineer graduated from Universidad de Lima. I have certifications in Business Intelligence, Cloud Computing, Information Security, ITIL and IT Infrastructure. I have experience in areas of Development, Financial Information, Pre Sales, IT Infrastructure Consulting and Cloud Computing Consulting.

Updated on September 18, 2022