Manage network security group flow logs in the Azure portal

Network security group flow logs are a feature of Network Watcher that enables you to view information about ingress and egress IP traffic through a network security group. These flow logs are written in JSON format and provide important information, including:

  • Outbound and inbound flows on a per-rule basis.
  • The NIC that the flow applies to.
  • 5-tuple information about the flow (source/destination IP, source/destination port, protocol).
  • Information about whether traffic was allowed or denied.

Before you begin

This scenario assumes you have already followed the steps in Create a Network Watcher instance. The scenario also assumes that a you have a resource group with a valid virtual machine.

Register Insights provider

For flow logging to work successfully, the Microsoft.Insights provider must be registered. To register the provider, take the following steps:

  1. Go to Subscriptions, and then select the subscription for which you want to enable flow logs.
  2. On the Subscription blade, select Resource Providers.
  3. Look at the list of providers, and verify that the microsoft.insights provider is registered. If not, then select Register.

View providers

Enable flow logs

These steps take you through the process of enabling flow logs on a network security group.

Step 1

Go to a Network Watcher instance, and then select NSG Flow logs.

Flow logs overview

Step 2

Select a network security group from the list.

Flow logs overview

Step 3

On the Flow logs settings blade, set the status to On, and then configure a storage account. When you're done, select OK. Then select Save.

Flow logs overview

Download flow logs

Flow logs are saved in a storage account. Download your flow logs to view them.

Step 1

To download flow logs, select You can download flow logs from configured storage accounts. This step takes you to a storage account view where you can choose which logs to download.

Flow logs settings

Step 2

Go to the correct storage account. Then select Containers > insights-log-networksecuritygroupflowevent.

Flow logs settings

Step 3

Go to the location of the flow log, select it, and then select Download.

Flow logs settings

For information about the structure of the log, visit Network security group flow log overview.

Next steps

Learn how to visualize your NSG flow logs with PowerBI.