- Article
- 10 minutes to read
Overview
Azure provides built-in diagnostics to assist with debugging an App Service app. In this article, you learn how to enable diagnostic logging and add instrumentation to your application, as well as how to access the information logged by Azure.
This article uses the Azure portal and Azure CLI to work with diagnostic logs. For information on working with diagnostic logs using Visual Studio, see Troubleshooting Azure in Visual Studio.
Note
In addition to the logging instructions in this article, there's new, integrated logging capability with Azure Monitoring. You'll find more on this capability in the Send logs to Azure Monitor section.
| Type | Platform | Location | Description |
|---|---|---|---|
| Application logging | Windows, Linux | App Service file system and/or Azure Storage blobs | Logs messages generated by your application code. The messages can be generated by the web framework you choose, or from your application code directly using the standard logging pattern of your language. Each message is assigned one of the following categories: Critical, Error, Warning, Info, Debug, and Trace. You can select how verbose you want the logging to be by setting the severity level when you enable application logging. |
| Web server logging | Windows | App Service file system or Azure Storage blobs | Raw HTTP request data in the W3C extended log file format. Each log message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on. |
| Detailed Error Messages | Windows | App Service file system | Copies of the .htm error pages that would have been sent to the client browser. For security reasons, detailed error pages shouldn't be sent to clients in production, but App Service can save the error page each time an application error occurs that has HTTP code 400 or greater. The page may contain information that can help determine why the server returns the error code. |
| Failed request tracing | Windows | App Service file system | Detailed tracing information on failed requests, including a trace of the IIS components used to process the request and the time taken in each component. It's useful if you want to improve site performance or isolate a specific HTTP error. One folder is generated for each failed request, which contains the XML log file, and the XSL stylesheet to view the log file with. |
| Deployment logging | Windows, Linux | App Service file system | Logs for when you publish content to an app. Deployment logging happens automatically and there are no configurable settings for deployment logging. It helps you determine why a deployment failed. For example, if you use a custom deployment script, you might use deployment logging to determine why the script is failing. |
Note
App Service provides a dedicated, interactive diagnostics tool to help you troubleshoot your application. For more information, see Azure App Service diagnostics overview.
In addition, you can use other Azure services to improve the logging and monitoring capabilities of your app, such as Azure Monitor.
Enable application logging (Windows)
To enable application logging for Windows apps in the Azure portal, navigate to your app and select App Service logs.
Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both.
The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to. The Blob option also includes additional information in the log messages, such as the ID of the origin VM instance of the log message (InstanceId), thread ID (Tid), and a more granular timestamp (EventTickCount).
Note
If your Azure Storage account is secured by firewall rules, see Networking considerations.
Note
Currently only .NET application logs can be written to the blob storage. Java, PHP, Node.js, Python application logs can only be stored on the App Service file system (without code modifications to write logs to external storage).
Also, if you regenerate your storage account's access keys, you must reset the respective logging configuration to use the updated access keys. To do this:
- In the Configure tab, set the respective logging feature to Off. Save your setting.
- Enable logging to the storage account blob again. Save your setting.
Select the Level, or the level of details to log. The following table shows the log categories included in each level:
| Level | Included categories |
|---|---|
| Disabled | None |
| Error | Error, Critical |
| Warning | Warning, Error, Critical |
| Information | Info, Warning, Error, Critical |
| Verbose | Trace, Debug, Info, Warning, Error, Critical (all categories) |
When finished, select Save.
Note
If you write logs to blobs, the retention policy no longer applies if you delete the app but keep the logs in the blobs. For more information, see Costs that might accrue after resource deletion.
Enable application logging (Linux/Container)
To enable application logging for Linux apps or custom containers in the Azure portal, navigate to your app and select App Service logs.
In Application logging, select File System.
In Quota (MB), specify the disk quota for the application logs. In Retention Period (Days), set the number of days the logs should be retained.
When finished, select Save.
Enable web server logging
To enable web server logging for Windows apps in the Azure portal, navigate to your app and select App Service logs.
For Web server logging, select Storage to store logs on blob storage, or File System to store logs on the App Service file system.
Note
If your Azure Storage account is secured by firewall rules, see Networking considerations.
In Retention Period (Days), set the number of days the logs should be retained.
Note
If you regenerate your storage account's access keys, you must reset the respective logging configuration to use the updated keys. To do this:
- In the Configure tab, set the respective logging feature to Off. Save your setting.
- Enable logging to the storage account blob again. Save your setting.
When finished, select Save.
Note
If you write logs to blobs, the retention policy no longer applies if you delete the app but keep the logs in the blobs. For more information, see Costs that might accrue after resource deletion.
Log detailed errors
To save the error page or failed request tracing for Windows apps in the Azure portal, navigate to your app and select App Service logs.
Under Detailed Error Logging or Failed Request Tracing, select On, then select Save.
Both types of logs are stored in the App Service file system. Up to 50 errors (files/folders) are retained. When the number of HTML files exceeds 50, the oldest error files are automatically deleted.
The Failed Request Tracing feature by default captures a log of requests that failed with HTTP status codes between 400 and 600. To specify custom rules, you can override the <traceFailedRequests> section in the web.config file.
Add log messages in code
In your application code, you use the usual logging facilities to send log messages to the application logs. For example:
ASP.NET applications can use the System.Diagnostics.Trace class to log information to the application diagnostics log. For example:
System.Diagnostics.Trace.TraceError("If you're seeing this, something bad happened");By default, ASP.NET Core uses the Microsoft.Extensions.Logging.AzureAppServices logging provider. For more information, see ASP.NET Core logging in Azure. For information about WebJobs SDK logging, see Get started with the Azure WebJobs SDK
Stream logs
Before you stream logs in real time, enable the log type that you want. Any information written to the conosle output or files ending in .txt, .log, or .htm that are stored in the /home/LogFiles directory (D:\home\LogFiles) is streamed by App Service.
Note
Some types of logging buffer write to the log file, which can result in out of order events in the stream. For example, an application log entry that occurs when a user visits a page may be displayed in the stream before the corresponding HTTP log entry for the page request.
In Azure portal
To stream logs in the Azure portal, navigate to your app and select Log stream.
In Cloud Shell
To stream logs live in Cloud Shell, use the following command:
Important
This command may not work with web apps hosted in a Linux app service plan.
az webapp log tail --name appname --resource-group myResourceGroupTo filter specific log types, such as HTTP, use the --Provider parameter. For example:
az webapp log tail --name appname --resource-group myResourceGroup --provider httpIn local terminal
To stream logs in the local console, install Azure CLI and sign in to your account. Once signed in, followed the instructions for Cloud Shell
Access log files
If you configure the Azure Storage blobs option for a log type, you need a client tool that works with Azure Storage. For more information, see Azure Storage Client Tools.
For logs stored in the App Service file system, the easiest way is to download the ZIP file in the browser at:
- Linux/custom containers:
https://<app-name>.scm.azurewebsites.net/api/logs/docker/zip - Windows apps:
https://<app-name>.scm.azurewebsites.net/api/dump
For Linux/custom containers, the ZIP file contains console output logs for both the docker host and the docker container. For a scaled-out app, the ZIP file contains one set of logs for each instance. In the App Service file system, these log files are the contents of the /home/LogFiles directory.
For Windows apps, the ZIP file contains the contents of the D:\Home\LogFiles directory in the App Service file system. It has the following structure:
| Log type | Directory | Description |
|---|---|---|
| Application logs | /LogFiles/Application/ | Contains one or more text files. The format of the log messages depends on the logging provider you use. |
| Failed Request Traces | /LogFiles/W3SVC#########/ | Contains XML files, and an XSL file. You can view the formatted XML files in the browser. |
| Detailed Error Logs | /LogFiles/DetailedErrors/ | Contains HTM error files. You can view the HTM files in the browser. Another way to view the failed request traces is to navigate to your app page in the portal. From the left menu, select Diagnose and solve problems, then search for Failed Request Tracing Logs, then click the icon to browse and view the trace you want. |
| Web Server Logs | /LogFiles/http/RawLogs/ | Contains text files formatted using the W3C extended log file format. This information can be read using a text editor or a utility like Log Parser. App Service doesn't support the s-computername, s-ip, or cs-version fields. |
| Deployment logs | /LogFiles/Git/ and /deployments/ | Contain logs generated by the internal deployment processes, as well as logs for Git deployments. |
Send logs to Azure Monitor
With the new Azure Monitor integration, you can create Diagnostic Settings to send logs to Storage Accounts, Event Hubs and Log Analytics.
Supported log types
The following table shows the supported log types and descriptions:
| Log type | Windows | Windows Container | Linux | Linux Container | Description |
|---|---|---|---|---|---|
| AppServiceConsoleLogs | Java SE & Tomcat | Yes | Yes | Yes | Standard output and standard error |
| AppServiceHTTPLogs | Yes | Yes | Yes | Yes | Web server logs |
| AppServiceEnvironmentPlatformLogs | Yes | N/A | Yes | Yes | App Service Environment: scaling, configuration changes, and status logs |
| AppServiceAuditLogs | Yes | Yes | Yes | Yes | Login activity via FTP and Kudu |
| AppServiceFileAuditLogs | Yes | Yes | TBA | TBA | File changes made to the site content; only available for Premium tier and above |
| AppServiceAppLogs | ASP.NET, .NET Core, & Tomcat 1 | ASP.NET & Tomcat 1 | .NET Core, Java, SE & Tomcat Blessed Images 2 | Java SE & Tomcat Blessed Images 2 | Application logs |
| AppServiceIPSecAuditLogs | Yes | Yes | Yes | Yes | Requests from IP Rules |
| AppServicePlatformLogs | TBA | Yes | Yes | Yes | Container operation logs |
| AppServiceAntivirusScanAuditLogs 3 | Yes | Yes | Yes | Yes | Anti-virus scan logs using Microsoft Defender for Cloud; only available for Premium tier |
1 For Tomcat apps, add TOMCAT_USE_STARTUP_BAT to the app settings and set it to false or 0. Need to be on the latest Tomcat version and use java.util.logging.
2 For Java SE apps, add WEBSITE_AZMON_PREVIEW_ENABLED to the app settings and set it to true or to 1.
3 AppServiceAntivirusScanAuditLogs log type is still currently in Preview
Networking considerations
If you secure your Azure Storage account by only allowing selected networks, it can receive logs from App Service only if both of the following are true:
- The Azure Storage account is in a different Azure region from the App Service app.
- All outbound addresses of the App Service app are added to the Storage account's firewall rules. To find the outbound addresses for your app, see Find outbound IPs.
Next steps
- Query logs with Azure Monitor
- How to Monitor Azure App Service
- Troubleshooting Azure App Service in Visual Studio
- Analyze app Logs in HDInsight
- Tutorial: Run a load test to identify performance bottlenecks in a web app
FAQs
How to enable diagnostics logging for apps in Azure App service? ›
To enable application logging for Windows apps in the Azure portal, navigate to your app and select App Service logs. Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both. The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours.
Which type of data collection requires you to enable diagnostics in Azure? ›Rationale: You must enable diagnostics to use Azure Monitor to collect event log data. In addition, you must enable diagnostics to collect other information, such as performance counters and crash logs.
How do I enable diagnostics in Azure? ›- In the Azure portal, navigate to your data factory and select Diagnostics on the left navigation pane to see the diagnostics settings. ...
- Give your setting a name, select Send to Log Analytics, and then select a workspace from Log Analytics workspace. ...
- Select Save.
Open App Service diagnostics
In the left navigation, click on Diagnose and solve problems. For Azure Functions, navigate to your function app, and in the top navigation, click on Platform features, and select Diagnose and solve problems from the Resource management section.
You can also use the Network troubleshooter to troubleshoot the connection issues for the apps in the App Service. To open the network troubleshooter, go to the app service in the Azure portal. Select Diagnostic and solve problem, and then search for Network troubleshooter.
What are the logs required to diagnostic Azure solution? ›Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Azure Event Hubs. The Log Analytics agent collects data to Azure Monitor Logs. The Log Analytics agent is required for retired solutions, VM insights, and other services such as Microsoft Defender for Cloud.
What is the difference between activity logs and diagnostic logs in Azure? ›Of important note, the Activity Log is different from Diagnostic Logs. Activity Logs provide data about the operations on a resource from the outside (the “control plane”). Diagnostics Logs are emitted by a resource and provide information about the operation of that resource (the “data plane”).
Which of the following must be specified when enabling diagnostics for an Azure virtual machine? ›Add the Azure Diagnostics extension to the VM resource definition. To enable the diagnostics extension on a Windows Virtual Machine, you need to add the extension as a VM resource in the Resource Manager template. "name": "[concat(variables('vmName'),'Microsoft.
What is the use of diagnostic settings in Azure? ›Each Azure resource requires its own diagnostic setting, which defines the following criteria: Sources: The type of metric and log data to send to the destinations defined in the setting. The available types vary by resource type. Destinations: One or more destinations to send to.
How do I enable full diagnostic data? ›Go to Start , then select Settings > Privacy & security > Diagnostics & feedback. Make sure that the View diagnostic data setting is turned On, and then select Open Diagnostic Data Viewer.
How do I enable diagnostic services? ›
- Step 1: Press Windows + R to open Run window.
- Step 2: Input services. ...
- Step 3: Find Diagnostic Policy Service and double-click it to open its Properties.
- Step 4: Choose Automatic or Manual from the drop-down list of Startup type. ...
- Step 5: Click Apply and OK to save changes.
In the Azure portal, select Monitor > Workbooks. In the Insights section, select Activity Logs Insights. At the top of the Activity Logs Insights page, select: One or more subscriptions from the Subscriptions dropdown.
How do you detect and diagnose in Azure? ›Triage and diagnose an alert
You can also open the Azure portal, navigate to the Application Insights resource for your app, and open the Failures page. Clicking on 'Diagnose failures' will help you get more details and resolve the issue.
- Navigate to the Azure portal using one of the required roles.
- Go to Azure AD and select Audit logs, Sign-in logs, or Provisioning logs.
- Adjust the filter according to your needs.
- Select Project settings > Service connections.
- Select the service connection that you want to edit.
- See the Overview tab of the service connection where you can see the details of the service connection.
- Free up RAM by closing other open programs. ...
- Restart the software. ...
- Shut down and restart your computer. ...
- Use the Internet to find help. ...
- Undo any recent hardware or software changes. ...
- Uninstall the software, then reinstall it. ...
- Look for software patches. ...
- Scan for viruses and malware.
In Server Explorer, expand the Azure > App Service node. Locate the resource group that you created or selected when you deployed your API app. Under the resource group, right-click the node for your API app and select Attach Debugger. The remote debugger will try to connect.
What are Azure diagnostic logs? ›Resource logs were previously referred to as diagnostic logs. Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane) in addition to updates on Service Health events.
What are diagnostics logs used for? ›Diagnostics logs allow you to export basic usage metrics from your CDN endpoint to different kinds sources so that you can consume them in a customized way. You can do the following types of data export: Export data to blob storage, export to CSV, and generate graphs in Excel.
What are the three types of logs? ›Availability Logs: track system performance, uptime, and availability. Resource Logs: provide information about connectivity issues and capacity limits. Threat Logs: contain information about system, file, or application traffic that matches a predefined security profile within a firewall.
Where are diagnostic logs stored in Azure? ›
The diagnostics logs are saved in a blob container named $logs in your storage account. You can view the log data using a storage explorer like the Microsoft Azure Storage Explorer, or programmatically using the storage client library or PowerShell.
What is the difference between Azure diagnostics and resource specific? ›Azure diagnostics: All data is written to the AzureDiagnostics table. Resource-specific: Data is written to individual tables for each category of the resource.
How do I enable ADF logging? ›First, to enable this function, go to your copy activity. In the Settings section, click “Enable logging.”
How do I check logs of app services? ›On the portal, click on “Log Stream” immediately below “App Services log” and you'll see the log messages in real time.