Azure DDoS Protection monitoring data reference
This article contains all the monitoring reference information for this service.
See Monitor Azure DDoS Protection for details on the data you can collect for Azure DDoS Protection and how to use it.
Metrics
This section lists all the automatically collected platform metrics for this service. These metrics are also part of the global list of all platform metrics supported in Azure Monitor.
For information on metric retention, see Azure Monitor Metrics overview.
Supported metrics for Microsoft.Network/publicIPAddresses
The following table lists the metrics available for the Microsoft.Network/publicIPAddresses resource type.
- All columns might not be present in every table.
- Some columns might be beyond the viewing area of the page. Select Expand table to view all available columns.
Table headings
- Category - The metrics group or classification.
- Metric - The metric display name as it appears in the Azure portal.
- Name in REST API - The metric name as referred to in the REST API.
- Unit - Unit of measure.
- Aggregation - The default aggregation type. Valid values: Average (Avg), Minimum (Min), Maximum (Max), Total (Sum), Count.
- Dimensions - Dimensions available for the metric.
- Time Grains - Intervals at which the metric is sampled. For example,
PT1M
indicates that the metric is sampled every minute,PT30M
every 30 minutes,PT1H
every hour, and so on. - DS Export- Whether the metric is exportable to Azure Monitor Logs via diagnostic settings. For information on exporting metrics, see Create diagnostic settings in Azure Monitor.
Metric | Name in REST API | Unit | Aggregation | Dimensions | Time Grains | DS Export |
---|---|---|---|---|---|---|
Byte Count Total number of Bytes transmitted within time period |
ByteCount |
Bytes | Total (Sum) | Port , Direction |
PT1M | Yes |
Inbound bytes dropped DDoS Inbound bytes dropped DDoS |
BytesDroppedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound bytes forwarded DDoS Inbound bytes forwarded DDoS |
BytesForwardedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound bytes DDoS Inbound bytes DDoS |
BytesInDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound SYN packets to trigger DDoS mitigation Inbound SYN packets to trigger DDoS mitigation |
DDoSTriggerSYNPackets |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP packets to trigger DDoS mitigation Inbound TCP packets to trigger DDoS mitigation |
DDoSTriggerTCPPackets |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP packets to trigger DDoS mitigation Inbound UDP packets to trigger DDoS mitigation |
DDoSTriggerUDPPackets |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Under DDoS attack or not Under DDoS attack or not |
IfUnderDDoSAttack |
Count | Maximum | <none> | PT1M | Yes |
Packet Count Total number of Packets transmitted within time period |
PacketCount |
Count | Total (Sum) | Port , Direction |
PT1M | Yes |
Inbound packets dropped DDoS Inbound packets dropped DDoS |
PacketsDroppedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound packets forwarded DDoS Inbound packets forwarded DDoS |
PacketsForwardedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound packets DDoS Inbound packets DDoS |
PacketsInDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
SYN Count Total number of SYN Packets transmitted within time period |
SynCount |
Count | Total (Sum) | Port , Direction |
PT1M | Yes |
Inbound TCP bytes dropped DDoS Inbound TCP bytes dropped DDoS |
TCPBytesDroppedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP bytes forwarded DDoS Inbound TCP bytes forwarded DDoS |
TCPBytesForwardedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP bytes DDoS Inbound TCP bytes DDoS |
TCPBytesInDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP packets dropped DDoS Inbound TCP packets dropped DDoS |
TCPPacketsDroppedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP packets forwarded DDoS Inbound TCP packets forwarded DDoS |
TCPPacketsForwardedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound TCP packets DDoS Inbound TCP packets DDoS |
TCPPacketsInDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP bytes dropped DDoS Inbound UDP bytes dropped DDoS |
UDPBytesDroppedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP bytes forwarded DDoS Inbound UDP bytes forwarded DDoS |
UDPBytesForwardedDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP bytes DDoS Inbound UDP bytes DDoS |
UDPBytesInDDoS |
BytesPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP packets dropped DDoS Inbound UDP packets dropped DDoS |
UDPPacketsDroppedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP packets forwarded DDoS Inbound UDP packets forwarded DDoS |
UDPPacketsForwardedDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Inbound UDP packets DDoS Inbound UDP packets DDoS |
UDPPacketsInDDoS |
CountPerSecond | Maximum | <none> | PT1M | Yes |
Data Path Availability Average IP Address availability per time duration |
VipAvailability |
Count | Average | Port |
PT1M | Yes |
The metric names present different packet types, and bytes vs. packets, with a basic construct of tag names on each metric as follows:
Dropped tag name (for example, Inbound Packets Dropped DDoS): The number of packets dropped/scrubbed by the DDoS protection system.
Forwarded tag name (for example Inbound Packets Forwarded DDoS): The number of packets forwarded by the DDoS system to the destination VIP – traffic that wasn't filtered.
No tag name (for example Inbound Packets DDoS): The total number of packets that came into the scrubbing system – representing the sum of the packets dropped and forwarded.
Note
While multiple options for Aggregation are displayed on Azure portal, only the aggregation types listed in the table are supported for each metric. We apologize for this confusion and we are working to resolve it.
Metric dimensions
For information about what metric dimensions are, see Multi-dimensional metrics.
This service has the following dimensions associated with its metrics.
- Direction
- Port
Resource logs
This section lists the types of resource logs you can collect for this service. The section pulls from the list of all resource logs category types supported in Azure Monitor.
Supported resource logs for Microsoft.Network/publicIPAddresses
Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
---|---|---|---|---|---|---|
DDoSMitigationFlowLogs |
Flow logs of DDoS mitigation decisions | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
DDoSMitigationReports |
Reports of DDoS mitigations | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
DDoSProtectionNotifications |
DDoS protection notifications | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
Azure Monitor Logs tables
This section lists the Azure Monitor Logs tables relevant to this service, which are available for query by Log Analytics using Kusto queries. The tables contain resource log data and possibly more depending on what is collected and routed to them.
Azure DDoS Protection Microsoft.Network/publicIPAddresses
Activity log
The linked table lists the operations that can be recorded in the activity log for this service. These operations are a subset of all the possible resource provider operations in the activity log.
For more information on the schema of activity log entries, see Activity Log schema.
Related content
- See Monitor Azure DDoS Protection for a description of monitoring Azure DDoS Protection.
- See Monitor Azure resources with Azure Monitor for details on monitoring Azure resources.