Switch to structured firewall logs (#3816)

CHANGELOG.md

@@ -7,6 +7,7 @@ FEATURES:
 
 ENHANCEMENTS:
 * Switch from OpenCensus to OpenTelemetry for logging ([#3762](https://github.com/microsoft/AzureTRE/pull/3762))
+* Switch to Structured Firewall Logs ([#3816](https://github.com/microsoft/AzureTRE/pull/3816))
 
 BUG FIXES:
 

core/version.txt

@@ -1 +1 @@
-__version__ = "0.9.1"
+__version__ = "0.9.2"

templates/shared_services/firewall/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-firewall
-version: 1.1.5
+version: 1.1.6
 description: "An Azure TRE Firewall shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

templates/shared_services/firewall/terraform/firewall.tf

@@ -61,7 +61,7 @@ resource "azurerm_monitor_diagnostic_setting" "firewall" {
   name                           = "diagnostics-fw-${var.tre_id}"
   target_resource_id             = azurerm_firewall.fw.id
   log_analytics_workspace_id     = data.azurerm_log_analytics_workspace.tre.id
-  log_analytics_destination_type = "AzureDiagnostics"
+  log_analytics_destination_type = "Dedicated"
 
   dynamic "enabled_log" {
     for_each = setintersection(data.azurerm_monitor_diagnostic_categories.firewall.log_category_types, local.firewall_diagnostic_categories_enabled)

templates/shared_services/firewall/terraform/locals.tf

@@ -2,13 +2,9 @@ locals {
   core_resource_group_name = "rg-${var.tre_id}"
   firewall_name            = "fw-${var.tre_id}"
   firewall_diagnostic_categories_enabled = [
-    "AzureFirewallApplicationRule",
-    "AzureFirewallNetworkRule",
-    "AzureFirewallDnsProxy",
-    # These are for resource specific table settings that are still in preview
-    # "AZFWApplicationRule",
-    # "AZFWNetworkRule",
-    # "AZFWDnsProxy",
+    "AZFWApplicationRule",
+    "AZFWNetworkRule",
+    "AZFWDnsProxy",
   ]
   tre_shared_service_tags = {
     tre_id                = var.tre_id