We usually allow, block network flow using NSG in Azure.
So, it’s very important to search NSG flow log.
Today, we search NSG using Log analytics and Network Watcher in Azure portal.
Before start, you ready one storage account to store NSG flow log.
Firstly, move the NSG panel, and click the NSG Flow logs
we know status means log collect status.
And traffic Analytics means sending log data to log analytics
Then, click the row, and enable Status.
I prefer version2, and select storage account to store log data before you crated.
Retention 0 means permanent.
Scroll down, you can see Traffic Analytis Status.
Turn on Status also.
And select interval. i think 1 hour is too long.
And then select log analytics workspace.
You don’t have it, you can create in here. don’t worry about it.
Then save the settings.
Oops. i have a problem like this.
I have to solve this problem for save the settings.
Open additional page in azure portal. then go to the Subscription > Resource Providers.
And search Microsoft.insights. it’s not registered… Click Register.
Check the change the status. good well.!
And try save flow log settings again. it’s good working well.
So, it’s turn to search the log. move the network watcher > Traffic Analytics.
Initial settings spend about 20,30 minunte like under picture.
After about 20 min, you can check flow dashboard following picture.
it divided inbound, outbound.
and divided allow, block.
if you wanna search about this, click the bar. then move the query editor.
This is query editor. default query is setted automatically for search all row data.
I recommend just two additional code under the picture.
1, where condition - you can search specific Ip, Port.
2, summarized - you can aggregated data easily.
Thanks