App Service Integration with Azure Monitor (Preview)

4 minute read • By Jason Freeberg and Yutang Lin • November 1, 2019

We are happy to announce that App Service has new and improved integration with Azure Monitor (preview). You can now send your logs from Windows or Linux App Service to Storage Accounts, Event Hubs, or Log Analytics.

Increased visibility into your web apps

Azure Monitor is the central observability service to collect, analyze, and act on telemetry from your other Azure resources. You can use Azure Monitor to set up rule-based alerts, create dashboards, export to third-party services with Event Hubs, or archive logs and metrics for compliance needs.

App Service’s improved integration with Monitor enables new observability scenarios for development and operations teams. Developers can set up automatic emails with full stack traces when an exception is thrown. Operations teams can create dashboards to view the overall performance and stability of their applications. Compliance teams can monitor login attempts and file changes.

App Service integration with Azure Monitor is currently in preview.

Six brand new log types

App Service now outputs the following log types into Azure Monitor.

  • AppServiceConsoleLogs: Any logs or output written to the console (also known as standard output or standard error)
  • AppServiceHTTPLogs: Access logs from the web server (IIS for Windows web apps, Nginx for Linux)
  • AppServiceEnvironmentPlatformLogs: Logs for visibility into ASE operations such as scaling, configuration changes, and status
  • AppServiceAuditLogs: Logs for any user login via FTP or Kudu
  • AppServiceFileAuditLogs: Logs for file changes (add, delete, or update) via FTP or Kudu
  • AppServiceAppLogs: Any logs or exceptions written to the stack’s logging utility. Supports multi-line logs and exceptions
  • AppServiceIPSecLogs: Logs request made to the web app with IP info if there were IP access restriction rules set up
  • AppServicePlatformLogs: Logs from containers (ie. “docker run”)
  • AppServiceAntivirusScanAuditLogs: Logs from the anti-virus scan using Windows Defender (see blog for more information)

The table below shows the current availability for the log categories.

Log type Windows Windows Container Linux Linux Container Description
AppServiceConsoleLogs Java SE & Tomcat Yes Yes Yes Standard output and standard error
AppServiceHTTPLogs Yes Yes Yes Yes Web server logs
AppServiceEnvironmentPlatformLogs Yes N/A Yes Yes App Service Environment: scaling, configuration changes, and status logs
AppServiceAuditLogs Yes Yes Yes Yes Login activity via FTP and Kudu
AppServiceFileAuditLogs Yes Yes TBA TBA File changes made to the site content; only available for Premium tier and above
AppServiceAppLogs ASP .NET ASP .NET Java SE & Tomcat 1 Java SE & Tomcat 1 Application logs
AppServiceIPSecAuditLogs Yes Yes Yes Yes Requests from IP Rules
AppServicePlatformLogs TBA Yes Yes Yes Container operation logs
AppServiceAntivirusScanAuditLogs Yes Yes Yes Yes Anti-virus scan logs using Microsoft Defender; only available for Premium tier

1 For Java SE apps, add the app setting WEBSITE_AZMON_PREVIEW_ENABLED and set it to 1 true.

Getting Started


Before you start, make sure you have the following resources created.

  1. Create an App Service app
  2. Create a Storage Account, Event Hub Namespace, or Log Analytics workspace to send your logs to

Create a Diagnostic setting

In the Azure portal, navigate to your App Service. Under Monitoring, select Diagnostic settings > Add diagnostic setting.


Enter the following information to create the Diagnostic setting.

  1. Provide a name for the Diagnostic setting

  2. Select your desired destination(s) for the logs. There are three possible destinations:
    • Storage Account: Archive your logs for auditing or backup
      • Needs to be in the same region as your web app
      • Configure the retention days for the storage account
    • Event Hub: Stream the logs to third-party logging and telemetry systems
    • Log Analytics Workspace: Analyze the logs with other monitoring data and leverage Azure Monitor features such as log queries and log alerts
  3. Select the desired log categories to export. There are six log categories in addition to your metrics. The table below lists the log types with its description and availability per OS. The earlier section shows the availability of each log type

  4. Select Save at the top. This will trigger App Service to begin sending your logs to the chosen destinations.


View logs in a Storage account

Open the Storage account you configured in the diagnostic setting. Then select Containers.


You will see a list of containers that have been automatically created for the logs categories you enabled.


Query logs in a Log Analytics Workspace

Open the Log Analytics Workspace you configured in the diagnostic setting. Select Logs, then select LogManagement. (You will see log categories that you have not enabled.)


The App Service log categories are all prefixed with AppService*. Select an App Service log category, this will copy the table name into the query editor. Select Run above the editor, this will execute a simple query to show all columns of the table.


See this article for more information on the Kusto Query Language.

Stream logs from Event Hubs

Event Hubs allows you to stream your logs and metrics to 3rd party logging and telemetry systems or to Power BI. To get started, please see the Event Hubs documentation.