You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ddos-protection/ddos-view-diagnostic-logs.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,8 +47,8 @@ In this tutorial, you learn how to:
47
47
Notifications will notify you anytime a public IP resource is under attack, and when attack mitigation is over.
48
48
49
49
```kusto
50
-
AzureDiagnostics
51
-
| where Category == "DDoSProtectionNotifications"
50
+
AzureDiagnostics
51
+
| where Category == "DDoSProtectionNotifications"
52
52
```
53
53
54
54
@@ -73,8 +73,8 @@ The following table lists the field names and descriptions:
73
73
Attack mitigation flow logs allow you to review the dropped traffic, forwarded traffic and other interesting data-points during an active DDoS attack in near-real time. You can ingest the constant stream of this data into Microsoft Sentinel or to your third-party SIEM systems via event hub for near-real time monitoring, take potential actions and address the need of your defense operations.
74
74
75
75
```kusto
76
-
AzureDiagnostics
77
-
| where Category == "DDoSMitigationFlowLogs"
76
+
AzureDiagnostics
77
+
| where Category == "DDoSMitigationFlowLogs"
78
78
```
79
79
80
80
The following table lists the field names and descriptions:
@@ -101,8 +101,8 @@ The following table lists the field names and descriptions:
101
101
Attack mitigation reports use the Netflow protocol data, which is aggregated to provide detailed information about the attack on your resource. Anytime a public IP resource is under attack, the report generation will start as soon as the mitigation starts. There will be an incremental report generated every 5 mins and a post-mitigation report for the whole mitigation period. This is to ensure that in an event the DDoS attack continues for a longer duration of time, you'll be able to view the most current snapshot of mitigation report every 5 minutes and a complete summary once the attack mitigation is over.
102
102
103
103
```kusto
104
-
AzureDiagnostics
105
-
| where Category == "DDoSMitigationReports"
104
+
AzureDiagnostics
105
+
| where Category == "DDoSMitigationReports"
106
106
```
107
107
108
108
The following table lists the field names and descriptions:
@@ -134,8 +134,10 @@ The following table lists the field names and descriptions:
134
134
135
135
## Next steps
136
136
137
-
In this tutorial you learned how to view DDoS Protection diagnostic logs in a Log Analytics workspace. To learn more about the recommended steps to take when you receive a DDoS attack, see these next steps.
137
+
In this tutorial, you learned how to view DDoS Protection diagnostic logs in a Log Analytics workspace. To learn more about the recommended steps to take when you receive a DDoS attack, see these next steps.
138
138
139
139
> [!div class="nextstepaction"]
140
140
> [Engage with Azure DDoS Rapid Response](ddos-rapid-response.md)
141
+
142
+
> [!div class="nextstepaction"]
141
143
> [components of a DDoS Rapid Response Strategy](ddos-response-strategy.md)
0 commit comments