Microsoft Docs - Azure Virtual Network Cmdlets
Associates or disassociates a Log Analytics workspace with an Azure Firewall policy.
Set-AzFirewallPolicyLogAnalyticsWorkspace -FirewallPolicy -LogAnalyticsWorkspaceResourceId [-DefaultProfile ] [] The Set-AzFirewallPolicyLogAnalyticsWorkspace cmdlet associates a Log Analytics workspace with an Azure Firewall policy. This allows you to send firewall logs to the specified workspace for analysis and monitoring. To disassociate a workspace, you can set the -LogAnalyticsWorkspaceResourceId parameter to an empty string or $null.
| Name | Type | Description | Required |
|---|---|---|---|
| -FirewallPolicy | PSFirewallPolicy | The Azure Firewall policy object to update. This object can be retrieved using the Get-AzFirewallPolicy cmdlet. |
True |
| -LogAnalyticsWorkspaceResourceId | String | The resource ID of the Log Analytics workspace to associate with the firewall policy. If this parameter is set to an empty string or $null, the existing association will be removed. |
True |
| -DefaultProfile | IAzureContextContainer | The credentials, account, tenant, and subscription that are used for communication with Azure. | False |
| -WhatIf | SwitchParameter | Performs the cmdlet in a test run without executing the changes and provides a summary of the changes that would be made. | False |
| -Confirm | SwitchParameter | Prompts you for confirmation before executing the cmdlet. | False |
This example associates a Log Analytics workspace with an Azure Firewall policy.
# Get the firewall policy
$firewallPolicy = Get-AzFirewallPolicy -Name "MyFirewallPolicy" -ResourceGroupName "MyResourceGroup"
# Define the Log Analytics workspace resource ID
$logAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyLogAnalyticsRG/providers/Microsoft.OperationalInsights/workspaces/MyLogAnalyticsWorkspace"
# Associate the Log Analytics workspace with the firewall policy
Set-AzFirewallPolicyLogAnalyticsWorkspace -FirewallPolicy $firewallPolicy -LogAnalyticsWorkspaceResourceId $logAnalyticsWorkspaceIdThis example disassociates the Log Analytics workspace from an Azure Firewall policy.
# Get the firewall policy
$firewallPolicy = Get-AzFirewallPolicy -Name "MyFirewallPolicy" -ResourceGroupName "MyResourceGroup"
# Disassociate the Log Analytics workspace
Set-AzFirewallPolicyLogAnalyticsWorkspace -FirewallPolicy $firewallPolicy -LogAnalyticsWorkspaceResourceId $null
# Alternatively, using an empty string:
# Set-AzFirewallPolicyLogAnalyticsWorkspace -FirewallPolicy $firewallPolicy -LogAnalyticsWorkspaceResourceId ""For more information on Azure Firewall logging and monitoring, refer to the official Azure documentation.