learn.microsoft.com
Open in
urlscan Pro
184.28.26.64
Public Scan
Submitted URL: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal#enable-nsg-flow-log
Effective URL: https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial
Submission: On July 20 via api from US — Scanned from CA
Effective URL: https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial
Submission: On July 20 via api from US — Scanned from CA
Form analysis
3 forms found in the DOMName: site-header-search-form-mobile — GET /en-us/search/
<form class="flex-grow-1" method="GET" role="search" id="ms--site-header-search-form-mobile" data-bi-name="site-header-search-form-mobile" name="site-header-search-form-mobile" aria-label="Search" action="/en-us/search/">
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control ">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-header-search-autocomplete-input-mobile"
data-test-id="site-header-search-autocomplete-input-mobile" class="autocomplete-input input
width-full" type="search" name="terms" aria-expanded="false" aria-owns="ax-1-listbox" aria-controls="ax-1-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-header-search-autocomplete-input-mobile-description"
placeholder="Search" data-bi-name="site-header-search-autocomplete-input-mobile" pattern=".*">
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-header-search-autocomplete-input-mobile-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-1-listbox" data-test-id="site-header-search-autocomplete-input-mobile-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>
Name: site-header-search-form — GET /en-us/search/
<form class="flex-grow-1" method="GET" role="search" id="ms--site-header-search-form" data-bi-name="site-header-search-form" name="site-header-search-form" aria-label="Search" action="/en-us/search/">
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control ">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-header-search-autocomplete-input" data-test-id="site-header-search-autocomplete-input" class="autocomplete-input input input-sm
width-full" type="search" name="terms" aria-expanded="false" aria-owns="ax-0-listbox" aria-controls="ax-0-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-header-search-autocomplete-input-description"
placeholder="Search" data-bi-name="site-header-search-autocomplete-input" pattern=".*">
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-header-search-autocomplete-input-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-0-listbox" data-test-id="site-header-search-autocomplete-input-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>
javascript:
<form action="javascript:" role="search" aria-label="Search" class="margin-bottom-xxs"><label class="visually-hidden" for="ax-2">Search</label>
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control has-icons-left">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="ax-2" data-test-id="ax-2" class="autocomplete-input input input-sm
control has-icons-left
width-full" type="text" aria-expanded="false" aria-owns="ax-3-listbox" aria-controls="ax-3-listbox" aria-activedescendant="" aria-describedby="ms--ax-2-description" placeholder="Filter by title" pattern=".*">
<span aria-hidden="true" class="icon is-small is-left">
<span class="has-text-primary docon docon-filter-settings"></span>
</span>
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--ax-2-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-3-listbox" data-test-id="ax-2-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
</form>
Text Content
Skip to main content We use optional cookies to improve your experience on our websites, such as through social media connections, and to display personalized advertising based on your online activity. If you reject optional cookies, only cookies necessary to provide you the services will be used. You may change your selection by clicking “Manage Cookies” at the bottom of the page. Privacy Statement Third-Party Cookies Accept Reject Manage cookies This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Download Microsoft Edge More info about Internet Explorer and Microsoft Edge Learn Suggestions will filter as you type Sign in * Profile * Settings Sign out Learn * Discover * Documentation In-depth articles on Microsoft developer tools and technologies * Training Personalized learning paths and courses * Credentials Globally recognized, industry-endorsed credentials * Q&A Technical questions and answers moderated by Microsoft * Code Samples Code sample library for Microsoft developer tools and technologies * Assessments Interactive, curated guidance and recommendations * Shows Thousands of hours of original programming from Microsoft experts Featured assessment It's your AI learning journey Wherever you are in your AI journey, Microsoft Learn meets you where you are and helps you deepen your skills. * Product documentation * ASP.NET * Azure * Dynamics 365 * Microsoft 365 * Microsoft Edge * Microsoft Entra * Microsoft Graph * Microsoft Intune * Microsoft Purview * Microsoft Teams * .NET * Power Apps * Power Automate * Power BI * Power Platform * PowerShell * SQL * Sysinternals * Visual Studio * Windows * Windows Server View all products Featured assessment It's your AI learning journey Wherever you are in your AI journey, Microsoft Learn meets you where you are and helps you deepen your skills. * Development languages * C++ * C# * DAX * Java * OData * OpenAPI * Power Query M * VBA Featured assessment It's your AI learning journey Wherever you are in your AI journey, Microsoft Learn meets you where you are and helps you deepen your skills. * Topics * Artificial intelligence * Compliance * DevOps * Platform engineering * Security Featured assessment It's your AI learning journey Wherever you are in your AI journey, Microsoft Learn meets you where you are and helps you deepen your skills. Suggestions will filter as you type Sign in * Profile * Settings Sign out Azure * Products * Popular products * Azure AI Services * Azure App Service * Azure Databricks * Azure DevOps * Azure Functions * Azure Monitor * Azure Virtual Machines * Popular categories * Compute * Networking * Storage * AI & machine learning * Analytics * Databases * Security * View all products * Architecture * Cloud Adoption Framework * Well-Architected Framework * Azure Architecture Center * Develop * Python * .NET * JavaScript * Java * PowerShell * Azure CLI * View all developer resources * Learn Azure * Start your AI learning assessment * Top learning paths * Cloud concepts * AI fundamentals * Intro to generative AI * Azure Architecture fundamentals * Earn credentials * Instructor-led courses * View all training * Troubleshooting * Resources * Product overview * Latest blog posts * Pricing information * Support options * More * Products * Popular products * Azure AI Services * Azure App Service * Azure Databricks * Azure DevOps * Azure Functions * Azure Monitor * Azure Virtual Machines * Popular categories * Compute * Networking * Storage * AI & machine learning * Analytics * Databases * Security * View all products * Architecture * Cloud Adoption Framework * Well-Architected Framework * Azure Architecture Center * Develop * Python * .NET * JavaScript * Java * PowerShell * Azure CLI * View all developer resources * Learn Azure * Start your AI learning assessment * Top learning paths * Cloud concepts * AI fundamentals * Intro to generative AI * Azure Architecture fundamentals * Earn credentials * Instructor-led courses * View all training * Troubleshooting * Resources * Product overview * Latest blog posts * Pricing information * Support options Portal Free account Table of contents Exit focus mode Search Suggestions will filter as you type * Network Watcher Documentation * Overview * Quickstarts * Diagnose VM traffic filter problem - Portal * Diagnose VM traffic filter problem - PowerShell * Diagnose VM traffic filter problem - Azure CLI * Configure NSG flow logs - Bicep * Configure NSG flow logs - ARM template * Tutorials * Diagnose a VM routing problem * Monitor communication between VMs * Monitor communication with virtual machine scale set * Diagnose a communication problem between networks * Log VM network traffic * Concepts * How-to guides * Reference * Resources Download PDF 1. Learn 2. Azure 3. Networking 4. Network Watcher 1. Learn 2. Azure 3. Networking 4. Network Watcher Read in English Save * Add to Collections * Add to Plan * Add to Challenges Table of contents Read in English Add to Collections Add to Plan Edit -------------------------------------------------------------------------------- SHARE VIA Facebook x.com LinkedIn Email -------------------------------------------------------------------------------- Print Table of contents TUTORIAL: LOG NETWORK TRAFFIC TO AND FROM A VIRTUAL MACHINE USING THE AZURE PORTAL * Article * 09/26/2023 * 2 contributors Feedback IN THIS ARTICLE 1. Prerequisites 2. Create a virtual network 3. Create a virtual machine 4. Register Insights provider 5. Create a storage account 6. Create an NSG flow log 7. Download the flow log 8. View the flow log 9. Clean up resources 10. Related content Show 6 more Network security group flow logging is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through a network security group. For more information about network security group flow logging, see NSG flow logs overview. This tutorial helps you use NSG flow logs to log a virtual machine's network traffic that flows through the network security group associated to its network interface. In this tutorial, you learn how to: * Create a virtual network * Create a virtual machine with a network security group associated to its network interface * Register Microsoft.insights provider * Enable flow logging for a network security group using Network Watcher flow logs * Download logged data * View logged data PREREQUISITES * An Azure account with an active subscription. If you don't have one, create a free account before you begin. CREATE A VIRTUAL NETWORK In this section, you create myVNet virtual network with one subnet for the virtual machine. 1. Sign in to the Azure portal. 2. In the search box at the top of the portal, enter virtual networks. Select Virtual networks from the search results. 3. Select + Create. In Create virtual network, enter or select the following values in the Basics tab: Expand table Setting Value Project details Subscription Select your Azure subscription. Resource Group Select Create new. Enter myResourceGroup in Name. Select OK. Instance details Name Enter myVNet. Region Select (US) East US. 4. Select Review + create. 5. Review the settings, and then select Create. CREATE A VIRTUAL MACHINE In this section, you create myVM virtual machine. 1. In the search box at the top of the portal, enter virtual machines. Select Virtual machines from the search results. 2. Select + Create and then select Azure virtual machine. 3. In Create a virtual machine, enter or select the following values in the Basics tab: Expand table Setting Value Project Details Subscription Select your Azure subscription. Resource Group Select myResourceGroup. Instance details Virtual machine name Enter myVM. Region Select (US) East US. Availability Options Select No infrastructure redundancy required. Security type Select Standard. Image Select Windows Server 2022 Datacenter: Azure Edition - x64 Gen2. Size Choose a size or leave the default setting. Administrator account Username Enter a username. Password Enter a password. Confirm password Reenter password. 4. Select the Networking tab, or select Next: Disks, then Next: Networking. 5. In the Networking tab, select the following values: Expand table Setting Value Network interface Virtual network Select myVNet. Subnet Select mySubnet. Public IP Select (new) myVM-ip. NIC network security group Select Basic. This setting creates a network security group named myVM-nsg and associates it with the network interface of myVM virtual machine. Public inbound ports Select Allow selected ports. Select inbound ports Select RDP (3389). Caution Leaving the RDP port open to the internet is only recommended for testing. For production environments, it's recommended to restrict access to the RDP port to a specific IP address or range of IP addresses. You can also block internet access to the RDP port and use Azure Bastion to securely connect to your virtual machine from the Azure portal. 6. Select Review + create. 7. Review the settings, and then select Create. 8. Once the deployment is complete, select Go to resource to go to the Overview page of myVM. 9. Select Connect then select RDP. 10. Select Download RDP File and open the downloaded file. 11. Select Connect and then enter the username and password that you created in the previous steps. Accept the certificate if prompted. REGISTER INSIGHTS PROVIDER NSG flow logging requires the Microsoft.Insights provider. To check its status, follow these steps: 1. In the search box at the top of the portal, enter subscriptions. Select Subscriptions from the search results. 2. Select the Azure subscription that you want to enable the provider for in Subscriptions. 3. Select Resource providers under Settings of your subscription. 4. Enter insight in the filter box. 5. Confirm the status of the provider displayed is Registered. If the status is NotRegistered, select the Microsoft.Insights provider then select Register. CREATE A STORAGE ACCOUNT In this section, you create a storage account to use it to store the flow logs. 1. In the search box at the top of the portal, enter storage accounts. Select Storage accounts from the search results. 2. Select + Create. In Create a storage account, enter or select the following values in the Basics tab: Expand table Setting Value Project details Subscription Select your Azure subscription. Resource Group Select myResourceGroup. Instance details Storage account name Enter a unique name. This tutorial uses mynwstorageaccount. Region Select (US) East US. The storage account must be in the same region as the virtual machine and its network security group. Performance Select Standard. NSG flow logs only support Standard-tier storage accounts. Redundancy Select Locally-redundant storage (LRS) or different replication strategy that matches your durability requirements. 3. Select the Review tab or select the Review button at the bottom. 4. Review the settings, and then select Create. CREATE AN NSG FLOW LOG In this section, you create an NSG flow log that's saved into the storage account created previously in the tutorial. 1. In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results. 2. Under Logs, select Flow logs. 3. In Network Watcher | Flow logs, select + Create or Create flow log blue button. 4. Enter or select the following values in Create a flow log: Expand table Setting Value Project details Subscription Select the Azure subscription of your network security group that you want to log. Network security group Select + Select resource. In Select network security group, select myVM-nsg. Then, select Confirm selection. Flow Log Name Leave the default of myVM-nsg-myResourceGroup-flowlog. Instance details Subscription Select the Azure subscription of your storage account. Storage Accounts Select the storage account you created in the previous steps. This tutorial uses mynwstorageaccount. Retention (days) Enter 0 to retain the flow logs data in the storage account forever (until you delete it from the storage account). To apply a retention policy, enter the retention time in days. For information about storage pricing, see Azure Storage pricing. Note The Azure portal creates NSG flow logs in the NetworkWatcherRG resource group. 5. Select Review + create. 6. Review the settings, and then select Create. 7. Once the deployment is complete, select Go to resource to confirm the flow log created and listed in the Flow logs page. 8. Go back to your RDP session with myVM virtual machine. 9. Open Microsoft Edge and go to www.bing.com. DOWNLOAD THE FLOW LOG In this section, you go to the storage account you previously selected and download the NSG flow log created in the previous section. 1. In the search box at the top of the portal, enter storage accounts. Select Storage accounts from the search results. 2. Select mynwstorageaccount or the storage account you previously created and selected to store the logs. 3. Under Data storage, select Containers. 4. Select the insights-logs-networksecuritygroupflowevent container. 5. In the container, navigate the folder hierarchy until you get to the PT1H.json file. NSG log files are written to a folder hierarchy that follows the following naming convention: Copy https://{storageAccountName}.blob.core.windows.net/insights-logs-networksecuritygroupflowevent/resourceId=/SUBSCRIPTIONS/{subscriptionID}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/{networSecurityGroupName}/y={year}/m={month}/d={day}/h={hour}/m=00/macAddress={acAddress}/PT1H.json 6. Select the ellipsis ... to the right of the PT1H.json file, then select Download. Note You can use Azure Storage Explorer to access and download flow logs from your storage account. Fore more information, see Get started with Storage Explorer. VIEW THE FLOW LOG Open the downloaded PT1H.json file using a text editor of your choice. The following example is a section taken from the downloaded PT1H.json file, which shows a flow processed by the rule DefaultRule_AllowInternetOutBound. JSON Copy { "time": "2023-02-26T23:45:44.1503927Z", "systemId": "00000000-0000-0000-0000-000000000000", "macAddress": "112233445566", "category": "NetworkSecurityGroupFlowEvent", "resourceId": "/SUBSCRIPTIONS/abcdef01-2345-6789-0abc-def012345678/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/MYVM-NSG", "operationName": "NetworkSecurityGroupFlowEvents", "properties": { "Version": 2, "flows": [ { "rule": "DefaultRule_AllowInternetOutBound", "flows": [ { "mac": "112233445566", "flowTuples": [ "1677455097,10.0.0.4,13.107.21.200,49982,443,T,O,A,C,7,1158,12,8143" ] } ] } ] } } The comma-separated information for flowTuples is as follows: Expand table Example data What data represents Explanation 1677455097 Time stamp The time stamp of when the flow occurred in UNIX EPOCH format. In the previous example, the date converts to February 26, 2023 11:44:57 PM UTC/GMT. 10.0.0.4 Source IP address The source IP address that the flow originated from. 10.0.0.4 is the private IP address of the VM you previously created. 13.107.21.200 Destination IP address The destination IP address that the flow was destined to. 13.107.21.200 is the IP address of www.bing.com. Since the traffic is destined outside Azure, the security rule DefaultRule_AllowInternetOutBound processed the flow. 49982 Source port The source port that the flow originated from. 443 Destination port The destination port that the flow was destined to. T Protocol The protocol of the flow. T: TCP. O Direction The direction of the flow. O: Outbound. A Decision The decision made by the security rule. A: Allowed. C Flow State Version 2 only The state of the flow. C: Continuing for an ongoing flow. 7 Packets sent Version 2 only The total number of TCP packets sent to destination since the last update. 1158 Bytes sent Version 2 only The total number of TCP packet bytes sent from source to destination since the last update. Packet bytes include the packet header and payload. 12 Packets received Version 2 only The total number of TCP packets received from destination since the last update. 8143 Bytes received Version 2 only The total number of TCP packet bytes received from destination since the last update. Packet bytes include packet header and payload. CLEAN UP RESOURCES When no longer needed, delete myResourceGroup resource group and all of the resources it contains: 1. In the search box at the top of the portal, enter myResourceGroup. Select myResourceGroup from the search results. 2. Select Delete resource group. 3. In Delete a resource group, enter myResourceGroup, and then select Delete. 4. Select Delete to confirm the deletion of the resource group and all its resources. Note The myVM-nsg-myResourceGroup-flowlog flow log is in the NetworkWatcherRG resource group, but it'll be deleted after deleting the myVM-nsg network security group (by deleting the myResourceGroup resource group). RELATED CONTENT * To learn more about NSG flow logs, see Flow logging for network security groups. * To learn how to create, change, enable, disable, or delete NSG flow logs, see Manage NSG flow logs. * To learn about Traffic analytics, see Traffic analytics overview. -------------------------------------------------------------------------------- FEEDBACK Was this page helpful? Yes No Provide product feedback | Get help at Microsoft Q&A FEEDBACK Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback. Submit and view feedback for This product This page View all page feedback -------------------------------------------------------------------------------- ADDITIONAL RESOURCES -------------------------------------------------------------------------------- Training Module Filter network traffic with a network security group using the Azure portal - Training Learn to regulate network traffic to your Azure resources by configuring and applying network security groups in the Azure portal, improving your network's security posture. Certification Microsoft Certified: Azure Network Engineer Associate - Certifications Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more. English (United States) California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices Theme * Light * Dark * High contrast * Manage cookies * Previous Versions * Blog * Contribute * Privacy * Terms of Use * Trademarks * © Microsoft 2024 ADDITIONAL RESOURCES -------------------------------------------------------------------------------- Training Module Filter network traffic with a network security group using the Azure portal - Training Learn to regulate network traffic to your Azure resources by configuring and applying network security groups in the Azure portal, improving your network's security posture. Certification Microsoft Certified: Azure Network Engineer Associate - Certifications Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more. IN THIS ARTICLE English (United States) California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices Theme * Light * Dark * High contrast * Manage cookies * Previous Versions * Blog * Contribute * Privacy * Terms of Use * Trademarks * © Microsoft 2024