Enable diagnostics logging for apps in Azure App Service
Note
Beginning June 1, 2024, all newly created App Service apps will have the option to create a unique default hostname with a naming convention of <app-name>
-<random-hash>
.<region>
.azurewebsites.net
. The names of existing apps will not change.
Example: myapp-ds27dh7271aah175.westus-01.azurewebsites.net
For more information, refer to Unique Default Hostname for App Service Resource.
This video shows you how to enable diagnostics logging for apps.
The steps in the video are also described in the following sections.
Overview
Azure provides built-in diagnostics to assist with debugging an App Service app. In this article, you learn how to enable diagnostic logging and add instrumentation to your application, as well as how to access the information logged by Azure.
This article uses the Azure portal and Azure CLI to work with diagnostic logs. For information on working with diagnostic logs using Visual Studio, see Troubleshooting Azure in Visual Studio.
Note
In addition to the logging instructions in this article, there's new, integrated logging capability with Azure Monitoring. You'll find more on this capability in the Send logs to Azure Monitor section.
Type | Platform | Location | Description |
---|---|---|---|
Application logging | Windows, Linux | App Service file system and/or Azure Storage blobs | Logs messages generated by your application code. The messages can be generated by the web framework you choose, or from your application code directly using the standard logging pattern of your language. Each message is assigned one of the following categories: Critical, Error, Warning, Info, Debug, and Trace. You can select how verbose you want the logging to be by setting the severity level when you enable application logging. |
Web server logging | Windows | App Service file system or Azure Storage blobs | Raw HTTP request data in the W3C extended log file format. Each log message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on. |
Detailed Error Messages | Windows | App Service file system | Copies of the .htm error pages that would have been sent to the client browser. For security reasons, detailed error pages shouldn't be sent to clients in production, but App Service can save the error page each time an application error occurs that has HTTP code 400 or greater. The page may contain information that can help determine why the server returns the error code. |
Failed request tracing | Windows | App Service file system | Detailed tracing information on failed requests, including a trace of the IIS components used to process the request and the time taken in each component. It's useful if you want to improve site performance or isolate a specific HTTP error. One folder is generated for each failed request, which contains the XML log file, and the XSL stylesheet to view the log file with. |
Deployment logging | Windows, Linux | App Service file system | Logs for when you publish content to an app. Deployment logging happens automatically and there are no configurable settings for deployment logging. It helps you determine why a deployment failed. For example, if you use a custom deployment script, you might use deployment logging to determine why the script is failing. |
When stored in the App Service file system, logs are subject to the available storage for your pricing tier (see App Service limits).
Note
App Service provides a dedicated, interactive diagnostics tool to help you troubleshoot your application. For more information, see Azure App Service diagnostics overview.
In addition, you can use other Azure services to improve the logging and monitoring capabilities of your app, such as Azure Monitor.
Enable application logging (Windows)
To enable application logging for Windows apps in the Azure portal, navigate to your app and select App Service logs.
Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both.
The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to. The Blob option also includes additional information in the log messages, such as the ID of the origin VM instance of the log message (InstanceId
), thread ID (Tid
), and a more granular timestamp (EventTickCount
).
Note
Currently only .NET application logs can be written to the blob storage. Java, PHP, Node.js, Python application logs can only be stored on the App Service file system (without code modifications to write logs to external storage).
Also, if you regenerate your storage account's access keys, you must reset the respective logging configuration to use the updated access keys. To do this:
- In the Configure tab, set the respective logging feature to Off. Save your setting.
- Enable logging to the storage account blob again. Save your setting.
Select the Level, or the level of details to log. The following table shows the log categories included in each level:
Level | Included categories |
---|---|
Disabled | None |
Error | Error, Critical |
Warning | Warning, Error, Critical |
Information | Info, Warning, Error, Critical |
Verbose | Trace, Debug, Info, Warning, Error, Critical (all categories) |
When finished, select Save.
Note
If you write logs to blobs, the retention policy no longer applies if you delete the app but keep the logs in the blobs. For more information, see Costs that might accrue after resource deletion.
Enable application logging (Linux/Container)
To enable application logging for Linux apps or custom containers in the Azure portal, navigate to your app and select App Service logs.
In Application logging, select File System.
In Quota (MB), specify the disk quota for the application logs. In Retention Period (Days), set the number of days the logs should be retained.
When finished, select Save.
Enable web server logging
To enable web server logging for Windows apps in the Azure portal, navigate to your app and select App Service logs.
For Web server logging, select Storage to store logs on blob storage, or File System to store logs on the App Service file system.
In Retention Period (Days), set the number of days the logs should be retained.
Note
If you regenerate your storage account's access keys, you must reset the respective logging configuration to use the updated keys. To do this:
- In the Configure tab, set the respective logging feature to Off. Save your setting.
- Enable logging to the storage account blob again. Save your setting.
When finished, select Save.
Note
If you write logs to blobs, the retention policy no longer applies if you delete the app but keep the logs in the blobs. For more information, see Costs that might accrue after resource deletion.
Log detailed errors
To save the error page or failed request tracing for Windows apps in the Azure portal, navigate to your app and select App Service logs.
Under Detailed Error Logging or Failed Request Tracing, select On, then select Save.
Both types of logs are stored in the App Service file system. Up to 50 errors (files/folders) are retained. When the number of HTML files exceeds 50, the oldest error files are automatically deleted.
The Failed Request Tracing feature by default captures a log of requests that failed with HTTP status codes between 400 and 600. To specify custom rules, you can override the <traceFailedRequests>
section in the web.config file.
Add log messages in code
In your application code, you use the usual logging facilities to send log messages to the application logs. For example:
ASP.NET applications can use the System.Diagnostics.Trace class to log information to the application diagnostics log. For example:
System.Diagnostics.Trace.TraceError("If you're seeing this, something bad happened");
By default, ASP.NET Core uses the Microsoft.Extensions.Logging.AzureAppServices logging provider. For more information, see ASP.NET Core logging in Azure. For information about WebJobs SDK logging, see Get started with the Azure WebJobs SDK
Python applications can use the OpenCensus package to send logs to the application diagnostics log.
Stream logs
Before you stream logs in real time, enable the log type that you want. Any information written to the console output or files ending in .txt, .log, or .htm that are stored in the /home/LogFiles directory (D:\home\LogFiles) is streamed by App Service.
Note
Some types of logging buffer write to the log file, which can result in out of order events in the stream. For example, an application log entry that occurs when a user visits a page may be displayed in the stream before the corresponding HTTP log entry for the page request.
In Azure portal
To stream logs in the Azure portal, navigate to your app and select Log stream.
In Cloud Shell
To stream logs live in Cloud Shell, use the following command:
Important
This command may not work with web apps hosted in a Linux app service plan.
az webapp log tail --name appname --resource-group myResourceGroup
To filter specific log types, such as HTTP, use the --Provider parameter. For example:
az webapp log tail --name appname --resource-group myResourceGroup --provider http
In local terminal
To stream logs in the local console, install Azure CLI and sign in to your account. Once signed in, followed the instructions for Cloud Shell
Access log files
If you configure the Azure Storage blobs option for a log type, you need a client tool that works with Azure Storage. For more information, see Azure Storage Client Tools.
For logs stored in the App Service file system, the easiest way is to download the ZIP file in the browser at:
- Linux/custom containers:
https://<app-name>.scm.azurewebsites.net/api/logs/docker/zip
- Windows apps:
https://<app-name>.scm.azurewebsites.net/api/dump
For Linux/custom containers, the ZIP file contains console output logs for both the docker host and the docker container. For a scaled-out app, the ZIP file contains one set of logs for each instance. In the App Service file system, these log files are the contents of the /home/LogFiles directory.
For Windows apps, the ZIP file contains the contents of the D:\Home\LogFiles directory in the App Service file system. It has the following structure:
Log type | Directory | Description |
---|---|---|
Application logs | /LogFiles/Application/ | Contains one or more text files. The format of the log messages depends on the logging provider you use. |
Failed Request Traces | /LogFiles/W3SVC#########/ | Contains XML files, and an XSL file. You can view the formatted XML files in the browser. |
Detailed Error Logs | /LogFiles/DetailedErrors/ | Contains HTM error files. You can view the HTM files in the browser. Another way to view the failed request traces is to navigate to your app page in the portal. From the left menu, select Diagnose and solve problems, then search for Failed Request Tracing Logs, then click the icon to browse and view the trace you want. |
Web Server Logs | /LogFiles/http/RawLogs/ | Contains text files formatted using the W3C extended log file format. This information can be read using a text editor or a utility like Log Parser. App Service doesn't support the s-computername , s-ip , or cs-version fields. |
Deployment logs | /LogFiles/Git/ and /deployments/ | Contain logs generated by the internal deployment processes, as well as logs for Git deployments. |
Send logs to Azure Monitor
With the new Azure Monitor integration, you can create Diagnostic Settings to send logs to Storage Accounts, Event Hubs and Log Analytics. When you add a diagnostic setting, App Service adds app settings to your app, which triggers an app restart.
Supported log types
The following table shows the supported log types and descriptions:
Log Name | Log type | Windows | Windows Container | Linux | Linux Container | Description |
---|---|---|---|---|---|---|
App Service Console Logs | AppServiceConsoleLogs | Java SE & Tomcat | Yes | Yes | Yes | Standard output and standard error 3 |
HTTP logs | AppServiceHTTPLogs | Yes | Yes | Yes | Yes | Web server logs |
App Service Environment Platform Logs | AppServiceEnvironmentPlatformLogs | Yes | N/A | Yes | Yes | App Service Environment: scaling, configuration changes, and status logs |
Access Audit Logs | AppServiceAuditLogs | Yes | Yes | Yes | Yes | Login activity via FTP and Kudu |
Site Content Change Audit Logs | AppServiceFileAuditLogs | Yes | Yes | TBA | TBA | File changes made to the site content; only available for Premium tier and above |
App Service Application Logs | AppServiceAppLogs | ASP.NET, .NET Core, & Tomcat 1 | ASP.NET & Tomcat 1 | .NET Core, Java, SE & Tomcat Blessed Images 2 | Java SE & Tomcat Blessed Images 2 | Application logs 3 |
IPSecurity Audit logs | AppServiceIPSecAuditLogs | Yes | Yes | Yes | Yes | Requests from IP Rules |
App Service Platform logs | AppServicePlatformLogs | TBA | Yes | Yes | Yes | Container operation logs |
Report Antivirus Audit Logs | AppServiceAntivirusScanAuditLogs 4 | Yes | Yes | Yes | Yes | Anti-virus scan logs using Microsoft Defender for Cloud; only available for Premium tier |
1 For Tomcat apps, add TOMCAT_USE_STARTUP_BAT
to the app settings and set it to false
or 0
. Need to be on the latest Tomcat version and use java.util.logging.
2 For Java SE apps, add WEBSITE_AZMON_PREVIEW_ENABLED
to the app settings and set it to true
or to 1
.
3 Current logging limit is set to 100 logs per minute.
4 AppServiceAntivirusScanAuditLogs log type is still currently in Preview
Networking considerations
For Diagnostic Settings restrictions, refer to the official Diagnostic Settings documentation regarding destination limits.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for