| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Manage Network Security Group Flow logs with Azure Network Watcher - Azure CLI 1.0 | Microsoft Docs |
This page explains how to manage Network Security Group Flow logs in Azure Network Watcher with Azure CLI 1.0 |
network-watcher |
na |
jimdial |
timlt |
2dfc3112-8294-4357-b2f8-f81840da67d3 |
network-watcher |
na |
article |
na |
infrastructure-services |
02/22/2017 |
jdial |
[!div class="op_single_selector"]
Network Security Group flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through a Network Security Group. These flow logs are written in json format and show outbound and inbound flows on a per rule basis, the NIC the flow applies to, 5-tuple information about the flow (Source/Destination IP, Source/Destination Port, Protocol), and if the traffic was allowed or denied.
This article uses cross-platform Azure CLI 1.0, which is available for Windows, Mac and Linux. Network Watcher currently uses Azure CLI 1.0 for CLI support.
In order for flow logging to work successfully, the Microsoft.Insights provider must be registered. If you are not sure if the Microsoft.Insights provider is registered, run the following script.
azure provider register --namespace Microsoft.Insights --subscription <subscriptionid>
The command to enable flow logs is shown in the following example:
azure network watcher configure-flow-log -g resourceGroupName -n networkWatcherName -t nsgId -i storageAccountId -e true
Use the following example to disable flow logs:
azure network watcher configure-flow-log -g resourceGroupName -n networkWatcherName -t nsgId -i storageAccountId -e false
The storage location of a flow log is defined at creation. A convenient tool to access these flow logs saved to a storage account is Microsoft Azure Storage Explorer, which can be downloaded here: http://storageexplorer.com/
If a storage account is specified, packet capture files are saved to a storage account at the following location:
https://{storageAccountName}.blob.core.windows.net/insights-logs-networksecuritygroupflowevent/resourceId%3D/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.network/networksecuritygroups/{nsgName}/{year}/{month}/{day}/PT1H.json
For information about the structure of the log visit Network Security Group Flow log Overview
Learn how to Visualize your NSG flow logs with PowerBI
Learn how to Visualize your NSG flow logs with open source tools