Using Diagnostic Logs for Azure SFTP

Introduction

Azure provides a reliable and scalable solution for Secure File Transfer Protocol (SFTP) by leveraging Azure Storage accounts.

However, even with a robust infrastructure in place, there is no getting away from intermittent connectivity issues which cause disruption to the SFTP service. Or when a user is not able to connect to our Azure SFTP server, is it because we haven’t whitelisted their IP address, or are they using an incorrect user account? In such situations, having access to detailed diagnostic logs is crucial for troubleshooting.

In this blog post, we will explore how to utilize Azure diagnostic logs to troubleshoot connectivity issues:

Configuring Diagnostic Settings in Storage Account

1.Head over to Azure Portal and go to the storage account which you already have Azure SFTP configured.
2.In the left-hand menu, scroll down to the Monitoring section and click on Diagnostic settings. Click on the Add diagnostic setting button.

3.In the Logs tab, select the checkbox for StorageRead under the Logs Categories. Under the Metrics tab, select the checkbox for Transaction.

4. Configure Destination Details: Under the Destination details section, select the option to Send to Log Analytics workspace and choose the Log Analytics workspace you would like to send the logs to from the dropdown list.

Testing and Checking SFTP Logs

1.Perform a connectivity test to your Azure SFTP, such as attempting to connecting via WinSCP.

2.In the Azure portal, navigate to the Logs section under Monitoring for the storage account.

3.Copy and paste the following Log Analytics query on the query editor, and run it to view the latest connection attempts, ordered by the latest events:

StorageBlobLogs
| where OperationName == "SftpConnect"
| take 1000
| order by TimeGenerated desc

The query above should return the following

If you scroll a bit further to the right, it will contain the IP address where the request address originates from.

A few things to note:

1. Replace the “OperationName” on the above query to suit your need, I found that the operation SftpConnect is sufficient for troubleshooting access or network-related issue, refer to the following documentation for the list of available operations.
2. If you are using Consumption Logic Apps which connects to the same Azure region as your storage account, the CallerIpAddress will show as local IP addresses, instead of one of the outbound addresses listed in Microsoft’s documentation.