az network watcher flow-log

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Manage network security group flow logging.

For more information about configuring flow logs visit https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli.

Commands

az network watcher flow-log configure	Configure flow logging on a network security group.
az network watcher flow-log create	Create a flow log on a network security group.
az network watcher flow-log delete	Delete the specified flow log resource.
az network watcher flow-log list	List all flow log resources for the specified Network Watcher.
az network watcher flow-log show	Get the flow log configuration of a network security group.
az network watcher flow-log update	Update the flow log configuration of a network security group.

az network watcher flow-log configure

Configure flow logging on a network security group.

az network watcher flow-log configure --nsg
                                      [--enabled {false, true}]
                                      [--format {JSON}]
                                      [--interval]
                                      [--log-version]
                                      [--resource-group]
                                      [--retention]
                                      [--storage-account]
                                      [--traffic-analytics {false, true}]
                                      [--workspace]

Examples

Enable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled true --nsg MyNsg --storage-account MyStorageAccount

Disable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled false --nsg MyNsg

Required Parameters

--nsg

Name or ID of the Network Security Group to target.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true

default value: true

--format

File type of the flow log.

accepted values: JSON

--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

--log-version

Version (revision) of the flow log.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true

--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log create

Create a flow log on a network security group.

az network watcher flow-log create --location
                                   --name
                                   --nsg
                                   [--enabled {false, true}]
                                   [--format {JSON}]
                                   [--interval]
                                   [--log-version]
                                   [--resource-group]
                                   [--retention]
                                   [--storage-account]
                                   [--tags]
                                   [--traffic-analytics {false, true}]
                                   [--workspace]

Examples

Create a flow log with Network Security Group name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nsg MyNetworkSecurityGroupName --storage-account account

Create a flow log with Network Security Group ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --nsg MyNetworkSecurityGroupID --storage-account account

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true

default value: true

--format

File type of the flow log.

accepted values: JSON

--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60

--log-version

Version (revision) of the flow log.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true

--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log delete

Delete the specified flow log resource.

az network watcher flow-log delete --location
                                   --name

Examples

Delete the specified flow log resource. (autogenerated)

az network watcher flow-log delete --location westus2 --name MyFlowLogger

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log list

List all flow log resources for the specified Network Watcher.

az network watcher flow-log list --location

Examples

List all flow log resources for the specified Network Watcher. (autogenerated)

az network watcher flow-log list --location westus2

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log show

Get the flow log configuration of a network security group.

az network watcher flow-log show [--location]
                                 [--name]
                                 [--nsg]
                                 [--resource-group]

Examples

Show NSG flow logs. (Deprecated)

az network watcher flow-log show -g MyResourceGroup --nsg MyNsg

Show NSG flow logs with Azure Resource Management formatted.

az network watcher flow-log show --location MyNetworkWatcher --name MyFlowLog

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log update

Update the flow log configuration of a network security group.

az network watcher flow-log update --location
                                   --name
                                   [--add]
                                   [--enabled {false, true}]
                                   [--force-string]
                                   [--format {JSON}]
                                   [--interval]
                                   [--log-version]
                                   [--nsg]
                                   [--remove]
                                   [--resource-group]
                                   [--retention]
                                   [--set]
                                   [--storage-account]
                                   [--tags]
                                   [--traffic-analytics {false, true}]
                                   [--workspace]

Examples

Update storage account with name to let resource group identify the storage account and network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountname

Update storage account with ID to let location identify the network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountid

Update Network Security Group on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nsg MyNSG

Update Workspace on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --workspace MyAnotherLogAnalyticWorkspace

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enabled

Enable logging.

accepted values: false, true

default value: true

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--format

File type of the flow log.

accepted values: JSON

--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60

--log-version

Version (revision) of the flow log.

--nsg

Name or ID of the network security group.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true

--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.