Set-AzNetworkWatcherConfigFlowLog
Configures flow logging for a target resource.
Syntax
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-Workspace <IOperationalInsightWorkspace>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-Workspace <IOperationalInsightWorkspace>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-Workspace <IOperationalInsightWorkspace>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-AzNetworkWatcherConfigFlowLog configures flow logging for a target resource. Properties to configure include: whether or not flow logging is enabled for the resource provided, the configured storage account to send logs, the flow logging format, and the retention policy for the logs. Currently Network Security Groups are supported for flow logging.
Examples
Example 1: Configure Flow Logging for a Specified NSG
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}In this example we configure flow logging status for a Network Security Group. In the response, we see the specified NSG has flow logging enabled, default format, and no retention policy set.
Example 2: Configure Flow Logging for a Specified NSG and set the version of flow logging to 2.
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -FormatVersion 2
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 2
}In this example, we configure flow logging on a Network Security Group (NSG) with version 2 logs specified. In the response, we see the specified NSG has flow logging enabled, the format is set, and there is no retention policy configured. If the region does not support version you specified, Network Watcher will write the default supported version in the region.
Example 3: Configure Flow Logging and Traffic Analytics for a Specified NSG
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
$workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": true,
"workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"workspaceRegion": "WorkspaceLocation",
"workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/WorkspaceRg/providers/microsoft.operationalinsights/workspaces/WorkspaceName",
"TrafficAnalyticsInterval": 60
}
}In this example we configure flow logging status and Traffic Analytics for a Network Security Group. In the response, we see the specified NSG has flow logging and Traffic Analytics enabled, default format, and no retention policy set.
Example 4: Disable Traffic Analytics for a Specified NSG with Flow Logging and Traffic Analytics configured
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
$workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics:$false -Workspace $workspace
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": false,
"workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"workspaceRegion": "WorkspaceLocation",
"workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/WorkspaceRg/providers/microsoft.operationalinsights/workspaces/WorkspaceName",
"TrafficAnalyticsInterval": 60
}
}In this example we disable Traffic Analytics for a Network Security Group which has flow logging and Traffic Analytics configured earlier. In the response, we see the specified NSG has flow logging enabled but Traffic Analytics disabled.
Parameters
-AsJob
Run cmdlet in the background
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableFlowLog
Flag to enable/disable flow logging.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EnableRetention
Flag to enable/disable retention.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EnableTrafficAnalytics
Flag to enable/disable retention.
| Type: | SwitchParameter |
| Aliases: | EnableTA |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FormatType
Type of flow log format.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-FormatVersion
Version of flow log format.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Location
Location of the network watcher.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-NetworkWatcher
The network watcher resource.
| Type: | PSNetworkWatcher |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-NetworkWatcherName
The name of network watcher.
| Type: | String |
| Aliases: | Name |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
The name of the network watcher resource group.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RetentionInDays
Number of days to retain flow log records.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-StorageAccountId
ID of the storage account which is used to store the flow log.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-TargetResourceId
The target resource ID.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-TrafficAnalyticsInterval
Gets or sets the interval (in minutes) which would decide how frequently TA service should do flow analytics. Supported values are 10 and 60 minutes.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Workspace
The WS object which is used to store the traffic analytics data.
| Type: | IOperationalInsightWorkspace |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WorkspaceGUID
GUID of the WS which is used to store the traffic analytics data.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WorkspaceLocation
Azure Region of the WS which is used to store the traffic analytics data.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WorkspaceResourceId
Subscription of the WS which is used to store the traffic analytics data.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.Int32, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
Outputs
Notes
Keywords: azure, azurerm, arm, resource, management, manager, network, networking, watcher, flow, logs, flowlog, logging
Related Links
- New-AzNetworkWatcher
- Get-AzNetworkWatcher
- Remove-AzNetworkWatcher
- Get-AzNetworkWatcherNextHop
- Get-AzNetworkWatcherSecurityGroupView
- Get-AzNetworkWatcherTopology
- Start-AzNetworkWatcherResourceTroubleshooting
- New-AzNetworkWatcherPacketCapture
- New-AzPacketCaptureFilterConfig
- Get-AzNetworkWatcherPacketCapture
- Remove-AzNetworkWatcherPacketCapture
- Stop-AzNetworkWatcherPacketCapture
- New-AzNetworkWatcherProtocolConfiguration
- Test-AzNetworkWatcherIPFlow
- Test-AzNetworkWatcherConnectivity
- Stop-AzNetworkWatcherConnectionMonitor
- Start-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConfigFlowLog
- Remove-AzNetworkWatcherConnectionMonitor
- New-AzNetworkWatcherConnectionMonitor
- Get-AzNetworkWatcherTroubleshootingResult
- Get-AzNetworkWatcherReachabilityReport
- Get-AzNetworkWatcherReachabilityProvidersList
- Get-AzNetworkWatcherFlowLogStatus
- Get-AzNetworkWatcherConnectionMonitorReport
- Get-AzNetworkWatcherConnectionMonitor
الملاحظات
إرسال الملاحظات وعرضها المتعلقة بـ