Configuring Diagnostics and Logging
Complete the full lesson to earn 25 points
Work through each section, then tap “Mark as Complete” on the last one.
✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro
Configuring Diagnostics and Logging in Azure App Service
Introduction: The Critical Role of Observability
When you deploy a web application to Azure App Service, the deployment is only the beginning of the application's lifecycle. Once the code is running in the cloud, you lose the ability to easily attach a debugger or inspect local log files on a physical server. This is where diagnostics and logging become your most valuable tools. Without a clear window into how your application is behaving, you are essentially flying blind, unable to distinguish between a minor network hiccup, a database bottleneck, or a critical logic error in your code.
Effective diagnostics and logging in Azure App Service allow you to monitor the health of your application in real-time, troubleshoot issues as they arise, and gain insights into performance trends. By configuring these services correctly, you transform your application from a "black box" into a transparent system that provides actionable data. This lesson will guide you through the various logging options available in Azure App Service, how to configure them, and the best practices for maintaining a healthy and debuggable environment.
Understanding the Logging Architecture in Azure App Service
Azure App Service provides a multi-layered approach to logging. It distinguishes between platform-level logs (infrastructure logs) and application-level logs (the logs generated by your code). Understanding this distinction is the first step in setting up a functional observability strategy.
Platform Logs
Platform logs include information about the environment, such as web server logs (HTTP status codes, request timing, client IP addresses), deployment logs, and infrastructure health metrics. These are automatically generated by the Azure platform and can be routed to various storage destinations for long-term analysis.
Application Logs
Application logs are the messages generated by your specific source code. Whether you are using ASP.NET Core, Node.js, Python, or Java, your application likely has its own logging framework (such as Serilog, Winston, or standard library logging). Azure App Service provides "hooks" to capture these logs and stream them to centralized locations like Log Analytics, Blob Storage, or an Event Hub.
Callout: The Difference Between Logs and Metrics It is important to distinguish between logs and metrics. Metrics are numerical data points that represent the state of your system over time, such as CPU utilization, memory consumption, or the number of requests per second. Logs are textual records of events that occur within your application. While metrics help you identify when a problem is happening, logs help you identify why it is happening.
Configuring Diagnostic Settings
The primary way to manage logging in Azure App Service is through the Diagnostic Settings feature. This allows you to define where your logs should go and which types of logs you want to capture.
Step-by-Step: Enabling Diagnostic Settings
- Navigate to your App Service in the Azure Portal.
- Under the "Monitoring" section in the left-hand navigation menu, select "Diagnostic settings."
- Click "Add diagnostic setting."
- Provide a name for the setting and select the log categories you wish to enable. Common categories include
AppServiceHTTPLogs,AppServiceConsoleLogs, andAppServiceAppLogs. - Choose your destination details. You can send logs to:
- Log Analytics Workspace: Best for complex querying, alerting, and visualization.
- Storage Account: Best for long-term archiving and compliance at a lower cost.
- Event Hub: Best for streaming logs to external third-party monitoring tools or custom processing pipelines.
- Click "Save" to apply the configuration.
Note: Enabling logging does incur costs based on the volume of data stored or processed. Always monitor your usage in Log Analytics to avoid unexpected charges, especially in high-traffic production environments.
Application Logging: Capturing Code-Level Events
Depending on your programming language, the way you send logs to Azure App Service differs. Azure provides the "App Service Logs" feature, which acts as a bridge between your application's output and the Azure platform.
Configuring Application Logging in the Portal
Before your application can send logs, you must enable the logging feature within the App Service configuration:
- Navigate to "App Service logs" in the left-hand menu.
- Toggle "Application Logging (Filesystem)" to "On."
- Set a retention period (in days). This determines how long the logs stay on the local disk before being purged.
- Set the logging level (e.g., Error, Warning, Information, Verbose).
- Click "Save."
Implementation Examples by Language
ASP.NET Core
In ASP.NET Core, you should use the standard Microsoft.Extensions.Logging framework. Azure App Service automatically picks up logs sent to the standard output stream if you have configured the logging provider correctly.
// In your Program.cs or Startup.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
{
logging.ClearProviders();
logging.AddConsole(); // This sends logs to the standard output
logging.AddAzureWebAppDiagnostics(); // Specialized provider for Azure
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
Node.js
For Node.js, you typically write to console.log or console.error. Azure App Service captures these streams automatically if the "Application Logging" feature is enabled in the portal.
// Example of logging in Node.js
app.get('/api/data', (req, res) => {
console.log(`Processing request for ${req.url}`);
try {
// Logic here
res.send('Success');
} catch (err) {
console.error(`Error occurred: ${err.message}`);
res.status(500).send('Internal Server Error');
}
});
Using Log Analytics for Advanced Troubleshooting
Once you have configured your logs to flow into a Log Analytics Workspace, you gain access to Kusto Query Language (KQL). This is a powerful tool for searching through millions of log entries in seconds.
Common KQL Queries for App Service
To get started, you can use the AppServiceConsoleLogs table to find recent errors:
AppServiceConsoleLogs
| where TimeGenerated > ago(1h)
| where Result == "Error"
| project TimeGenerated, ResultDescription, OperationId
| sort by TimeGenerated desc
This query filters logs from the last hour, isolates entries marked as errors, and displays the description and operation ID. The Operation ID is particularly useful because it allows you to trace a single request across multiple log entries, even if your application is distributed across multiple instances.
Tip: Use the "Smart Detection" feature in Application Insights. It automatically analyzes your logs and alerts you to unusual patterns, such as an increase in failed requests or an unexpected spike in latency, without you having to manually write queries for every scenario.
Best Practices for Logging Strategy
Effective logging is not just about turning on every checkbox; it is about gathering the right amount of information without overwhelming your storage or performance.
1. Log Levels Matter
Always use appropriate log levels. Use Error for events that prevent a user from completing a task, Warning for unexpected events that do not stop the flow, and Information for general operational milestones. Reserve Verbose or Debug for local development or deep-dive troubleshooting sessions, as they generate high volumes of data that can impact performance.
2. Structured Logging
Instead of logging plain strings, use structured logging. This means logging data as key-value pairs (often in JSON format). Structured logs allow tools like Log Analytics to index specific properties, making it significantly easier to filter by user ID, tenant ID, or error code.
3. Avoid Logging Sensitive Information
Never log PII (Personally Identifiable Information) such as passwords, credit card numbers, or social security numbers. Even if your logs are encrypted at rest, they are often accessible to developers and system administrators. Use masking techniques if you must log parts of a request.
4. Correlation IDs
In a distributed system, a single user request might pass through several services. Always generate a unique Correlation ID at the edge of your application and pass it through all your internal service calls. Log this ID in every entry so you can reconstruct the entire journey of a request.
Common Pitfalls and How to Avoid Them
Even with the best intentions, developers often fall into common traps when configuring logging.
- The "Silent Failure" Trap: Many developers configure logging but never verify that the logs are actually arriving at the destination. Always perform an end-to-end test after setting up a new logging pipeline.
- Performance Bottlenecks: Extremely verbose logging can consume significant CPU and I/O resources on your App Service plan. If you notice high CPU usage, check your logging configuration to see if you are logging too much data, especially in tight loops.
- Ignoring Retention Policies: If you send logs to a storage account or Log Analytics without a retention policy, your costs will grow indefinitely. Always set a lifecycle management policy or a retention period in the Log Analytics workspace.
- Hardcoding Log Paths: Never hardcode absolute paths for log files in your code (e.g.,
C:\logs\app.log). Azure App Service runs in a sandboxed environment with specific directory structures. Use environment variables or rely on the platform's standard logging streams.
Callout: Logging vs. Tracing While logging records discrete events, distributed tracing captures the execution flow across service boundaries. If your application relies on microservices, consider integrating OpenTelemetry or Application Insights SDKs to provide a visual map of your request paths. This is far more effective for debugging latency issues than standard logging alone.
Quick Reference: Comparison of Logging Destinations
| Destination | Best For | Pros | Cons |
|---|---|---|---|
| Filesystem | Quick debugging | Easy to access, no extra cost | Temporary, limited retention |
| Log Analytics | Production monitoring | Powerful KQL queries, alerting | Cost associated with data ingestion |
| Storage Account | Long-term compliance | Extremely cheap, durable | Difficult to search/query |
| Event Hub | Real-time streaming | High throughput, third-party integration | Requires external consumer |
Deep Dive: Monitoring Performance with Application Insights
While standard logging is necessary, Application Insights (a feature of Azure Monitor) takes your diagnostics to the next level. It is an Application Performance Management (APM) service that automatically monitors your live web applications.
Enabling Application Insights
- In your App Service, select "Application Insights" from the menu.
- Select "Turn on Application Insights."
- Choose an existing resource or create a new one.
- The service will inject a small agent into your runtime that monitors dependencies, performance, and exceptions automatically.
Why Use Application Insights Over Basic Logging?
Application Insights provides "Dependency Tracking." If your application makes a call to a SQL database, a REST API, or a cache, Application Insights will automatically record the duration of that call and whether it succeeded. If your application is slow, you can instantly see which dependency is the culprit.
Code-level Custom Metrics
You can also send custom telemetry to Application Insights from your code. If you want to track how many times a specific business process occurs, you can use the SDK:
// Example using the Application Insights SDK in .NET
var telemetryClient = new TelemetryClient();
telemetryClient.TrackEvent("OrderPlaced", new Dictionary<string, string> {
{ "OrderId", "12345" },
{ "ProductType", "Digital" }
});
This allows you to create custom dashboards in the Azure Portal based on business events, rather than just technical error logs.
Handling Log Rotation and Cleanup
One often overlooked aspect of diagnostics is the maintenance of log files when using the "Filesystem" option. Azure App Service has a limited amount of space for your application. If your application generates massive amounts of logs, it can fill up the disk, potentially causing the application to crash.
Best Practices for Cleanup:
- Use the Retention Policy: Always set a retention period in the "App Service logs" settings. This tells Azure to automatically delete files older than X days.
- Externalize Logs: If you need to keep logs for years, do not keep them on the App Service disk. Configure a continuous export to a Blob Storage account. You can then use Azure Blob Storage lifecycle management rules to move logs to "Cool" or "Archive" storage tiers to save money.
- Monitor Disk Usage: Use the "Metrics" tab in the Azure Portal to keep an eye on "FileSystem Storage" usage. If you see a trend moving upward, investigate if your logging levels are too high or if your application is throwing an excessive number of exceptions.
Troubleshooting Common Configuration Issues
Sometimes, logs simply do not appear. This is a frustrating but common scenario. Here is a checklist to troubleshoot missing logs:
- Check the "App Service Logs" toggle: Is the feature actually turned on? It is easy to assume it is enabled when it is not.
- Verify the Log Level: If you set the level to "Error," but your application is only generating "Information" logs, you will see nothing. Temporarily set it to "Verbose" to confirm that logs are being generated at all.
- Check for Firewall Rules: If you are streaming logs to a Log Analytics workspace, ensure that your network configuration allows the App Service to reach the Log Analytics endpoint.
- Review Application Initialization: Sometimes, errors occur during the application startup process before the logging framework has been initialized. Check the "Kudu" console (available at
https://<your-app>.scm.azurewebsites.net) to view theLogFilesdirectory directly. - Check Permissions: If you are using Managed Identity to write logs to a Storage Account, ensure the App Service has the "Storage Blob Data Contributor" role assigned on that account.
Managing Secrets in Logs
A recurring security concern is the accidental logging of secrets. As your application grows, the risk of a developer accidentally logging an authorization token or a database connection string increases.
Mitigation Strategies:
- Custom Logging Providers: Implement a custom logging formatter that scans for patterns (like regex for API keys) and masks them before they are written to the output stream.
- Code Reviews: Make logging statements a specific part of your code review checklist. Ensure that no one is logging the
Requestobject directly, as this often contains headers with sensitive information. - Automated Scanning: Use static analysis tools (SAST) in your CI/CD pipeline to flag potential logging of sensitive data.
- Centralized Configuration: Keep logging configuration in
appsettings.jsonor Azure App Settings, rather than hardcoding logging levels, so you can quickly turn off verbose logging if you discover a leak.
Integrating with CI/CD Pipelines
Diagnostics configuration should be treated as "Infrastructure as Code" (IaC). Do not manually configure logging settings in the production portal. Instead, use ARM templates, Bicep, or Terraform to define your diagnostic settings.
Example Bicep Snippet for Diagnostic Settings:
resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'app-logs-to-workspace'
scope: webApp
properties: {
workspaceId: logAnalyticsWorkspace.id
logs: [
{
category: 'AppServiceHTTPLogs'
enabled: true
}
{
category: 'AppServiceAppLogs'
enabled: true
}
]
}
}
By including this in your deployment pipeline, you ensure that every environment (Development, Staging, Production) has the exact same logging configuration, eliminating the "it works in dev but not in prod" configuration drift.
Conclusion: Key Takeaways
Configuring diagnostics and logging is not a "set it and forget it" task; it is an ongoing process of refining your visibility into the application. By following these principles, you ensure that your team is prepared for the inevitable challenges of cloud-based web applications.
- Observability is Mandatory: Treat logging and monitoring as a core component of your application architecture, not as an afterthought.
- Use the Right Tools: Leverage Log Analytics for querying, Application Insights for performance tracking, and Storage Accounts for long-term archiving.
- Prioritize Structured Logging: Structured logs (JSON) are significantly more powerful than unstructured text, enabling efficient querying and automated alerting.
- Maintain Hygiene: Regularly review your logging levels and retention policies to manage costs and prevent disk space exhaustion.
- Secure Your Data: Never log sensitive information. Mask PII and use identity-based authentication for all logging destinations.
- Automate Everything: Use IaC (Bicep/Terraform) to ensure consistent logging configurations across all environments, reducing the risk of human error.
- Trace the Journey: Use Correlation IDs to track requests across distributed components, making it possible to debug complex issues in high-scale environments.
By mastering these concepts, you shift your role from a developer who "hopes the code works" to an engineer who "knows exactly how the system is performing." This level of insight is what separates high-performing teams from those who spend weeks chasing ghost bugs in production.
Enjoying the courses?
Everything stays free. Pro shows fewer ads, doubles your daily points limit so you progress twice as fast, and lets you read each lesson on one page.
- ✓ Fewer advertisements
- ✓ 2× daily points limit
- ✓ Distraction-free lessons