Switch to structured firewall logs

[dusan-ilic-mhra]

Resolves HASH_SIGN_FOLLOWED_BY_ISSUE_NUMBER

What is being addressed

As Structured Logs are in general availability:
https://azure.microsoft.com/en-us/updates/general-availability-new-monitoring-and-logging-updates-in-azure-firewall/
we could switch to resource-specific tables

[github-actions]

Unit Test Results

0 tests   0 ✔️  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 360ee61.

♻️ This comment has been updated with latest results.

[marrobi]

/test-extended

[github-actions]

🤖 pr-bot 🤖

⚠️ When using /test-extended on external PRs, the SHA of the checked commit must be specified

(in response to this comment from @marrobi)

[marrobi]

/test-extended c94824e

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/7290572361 (with refid 8f37b7d9)

(in response to this comment from @marrobi)

[marrobi]

Thanks, @dusan-ilic-mhra, can you take you take look at https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-firewall-new-embedded-workbooks/ba-p/3999795 and check the appropriate log categories are enabled and the embedded workbook works correctly (check the various tabs).

In the PR environment I see:

Might be it just needs more time. Once it does work we can remove this file - /workspaces/marrobi-azure-tre/core/terraform/notebooks.tf

[dusan-ilic-mhra]

@marrobi, I enabled these 3 log categories for now, as you can see from a commit in PR:

firewall_diagnostic_categories_enabled = [
"AZFWApplicationRule",
"AZFWNetworkRule",
"AZFWDnsProxy",
]

And, in my environment, I can see Azure Firewall Workbook works fine, for example:

DNAT actions are not showing as they are not enabled.

BR,
Dusan

[marrobi]

@dusan-ilic-mhra thanks, they have appeared on the PR deployment, must have just needed some time.

Can you remove this workbook then - ./core/terraform/notebooks.tf as don't believe its needed any more, and also update the changelog. Will try get it merged today. Thanks!

[dusan-ilic-mhra]

@marrobi, I removed ./core/terraform/notebooks.tf

Could you please update a changelog for me, as I'm not sure how to do it?

BR,
Dusan

[marrobi]

@dusan-ilic-mhra just add a line to this file - https://github.com/microsoft/AzureTRE/blob/main/CHANGELOG.md under enhancements as per the others.

[dusan-ilic-mhra]

@marrobi I've done it, but I needed to create a PR:
#3818
I haven't been able to commit directly.

[marrobi]

Not sure what you mean? Just add that change in your dusan-ilic-mhra:dusanilic/switch-to-structured-firewall-logs branch and push it?

[dusan-ilic-mhra]

@marrobi Done, thanks!

[marrobi]

/test-extended

[github-actions]

🤖 pr-bot 🤖

⚠️ When using /test-extended on external PRs, the SHA of the checked commit must be specified

(in response to this comment from @marrobi)

[marrobi]

/test-extended abc4adf

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/7298896358 (with refid 8f37b7d9)

(in response to this comment from @marrobi)

[marrobi]

@dusan-ilic-mhra can you update the core version - core/version.txt - thanks.

[dusan-ilic-mhra]

@marrobi Done.

[marrobi]

@dusan-ilic-mhra you need to accept the CLA as per - #3816 (comment) can you follow the instructions (paste the appropriate response into the comments). Thanks.

[marrobi]

LGTM

[dusan-ilic-mhra]

@microsoft-github-policy-service agree company="MHRA"

[dusan-ilic-mhra]

@dusan-ilic-mhra you need to accept the CLA as per - #3816 (comment) can you follow the instructions (paste the appropriate response into the comments). Thanks.

@marrobi I accepted:
#3816 (comment)

[marrobi]

/test-force-approve abc4adf

Passed above.

[github-actions]

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 360ee61)

(in response to this comment from @marrobi)