Troubleshooting Azure Networking - Setting up Flow Logs Monitoring on Network Security Groups (NSGs)

@20aman    Feb 03, 2020

To be able to troubleshoot traffic being allowed or blocked on the Network Security Group (NSGs), Flow Logs should be enabled and should be sent to a Storage Account and Log Analytics, etc. Setting this up is very easy. This needs to be set up on each of the NSG in your environment.

Note that the Network Watcher is a pre-requisite for this. It will be auto-enabled for the region of the NSG when the Flow Logs is set up.

To start, navigate to the Network Security Groups in the Azure Portal. Select the NSG for which you want to enable the Flow Logs. Scroll all the way down in the settings and select the "NSG Flow Logs" setting. Click on the Flow Logs in the middle area to open up the settings for it.

NSG Flow Logs optoin

Flow logs status should be turned On to be able to log all the flow logs. Version 2 has more information for throughput etc. Click on the Storage option to configure the storage account to be used to export the flow logs.

Enabling logging to storage

Scroll down further to check the Log Analytics workspace settings. Turn on the traffic analysis status. For better and detailed logging set the "Traffic Analysis processing interval" to "Every 10 mins" instead of every 1 hour. Finally, select the Log Analytics workspace where you want the logs to be sent. Try to be uniform and select the same workspace for all NSG flow logs.

Enabling logging to Log Analytics workspace

Now the flow logs will automatically capture and you are ready to start troubleshooting the traffic. We will check how to do this and common queries that you can reuse in the next few blog posts.





Comments powered by Disqus