Manage network security group flow logs in the Azure portal
Network security group flow logs are a feature of Network Watcher that enables you to view information about ingress and egress IP traffic through a network security group. These flow logs are written in JSON format and provide important information, including:
- Outbound and inbound flows on a per-rule basis.
- The NIC that the flow applies to.
- 5-tuple information about the flow (source/destination IP, source/destination port, protocol).
- Information about whether traffic was allowed or denied.
Before you begin
This scenario assumes you have already followed the steps in Create a Network Watcher instance. The scenario also assumes that a you have a resource group with a valid virtual machine.
Register Insights provider
For flow logging to work successfully, the Microsoft.Insights provider must be registered. To register the provider, take the following steps:
- Go to Subscriptions, and then select the subscription for which you want to enable flow logs.
- On the Subscription blade, select Resource Providers.
- Look at the list of providers, and verify that the microsoft.insights provider is registered. If not, then select Register.
Enable flow logs
These steps take you through the process of enabling flow logs on a network security group.
Go to a Network Watcher instance, and then select NSG Flow logs.
Select a network security group from the list.
On the Flow logs settings blade, set the status to On, and then configure a storage account. When you're done, select OK. Then select Save.
Download flow logs
Flow logs are saved in a storage account. Download your flow logs to view them.
To download flow logs, select You can download flow logs from configured storage accounts. This step takes you to a storage account view where you can choose which logs to download.
Go to the correct storage account. Then select Containers > insights-log-networksecuritygroupflowevent.
Go to the location of the flow log, select it, and then select Download.
For information about the structure of the log, visit Network security group flow log overview.
Learn how to visualize your NSG flow logs with PowerBI.