az network watcher

(PREVIEW) Commands to manage Network Watcher.

Commands

az network watcher configure Configure the Network Watcher service for different regions.
az network watcher flow-log (PREVIEW) Commands to manage NSG flow logging.
az network watcher flow-log configure Configure flow logging on a Network Security Group (NSG).
az network watcher flow-log show Show flow log configuration for an NSG.
az network watcher list List Network Watchers.
az network watcher packet-capture (PREVIEW) Commands to manage packet capture sessions on VMs.
az network watcher packet-capture create Create and start a packet capture session.
az network watcher packet-capture delete Deletes the specified packet capture session.
az network watcher packet-capture list Lists all packet capture sessions within the specified resource group.
az network watcher packet-capture show Gets a packet capture session by name.
az network watcher packet-capture show-status Query the status of a running packet capture session.
az network watcher packet-capture stop Stops a specified packet capture session.
az network watcher show-next-hop Show information on the 'next hop' for a VM.
az network watcher show-security-group-view Show detailed security information on a VM given the currently configured NSG.
az network watcher show-topology Show the network topology for a resource group.
az network watcher test-connectivity Test whether a direct TCP connection can be established between a Virtual Machine and a given endpoint, such as another VM or an arbitrary remote server.
az network watcher test-ip-flow Test IP flow to/from a VM given the currently configured NSG rules.
az network watcher troubleshooting (PREVIEW) Commands to manage Network Watcher troubleshooting sessions.
az network watcher troubleshooting show Show results of the last troubleshooting operation.
az network watcher troubleshooting start Troubleshoot issues with VPN connections or gateway connectivity.

az network watcher configure

Configure the Network Watcher service for different regions.

az network watcher configure --locations
[--enabled {false, true}]
[--resource-group]
[--tags]

Required Parameters

--locations -l

Space separated list of locations to configure.

Optional Parameters

--enabled

Enabled status of Network Watch in the specified regions.

accepted values: false, true
--resource-group -g

Name of resource group. Required when enabling new regions.

When a previously disabled region is enabled to use Network Watcher, a Network Watcher resource will be created in this resource group.

--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

az network watcher list

List Network Watchers.

az network watcher list

az network watcher show-next-hop

Requires that Network Watcher is enabled for the region in which the VM is located.

az network watcher show-next-hop --dest-ip
--resource-group
--source-ip
--vm
[--nic]

Required Parameters

--dest-ip

Destination IPv4 address.

--resource-group -g

Name of the resource group the target VM is in. Do not use when supplying VM ID.

--source-ip

Source IPv4 address.

--vm

Name or ID of the VM to target.

Optional Parameters

--nic

Name or ID of the NIC resource to test. If the VM has multiple NICs and IP forwarding is enabled on any of them, this parameter is required.

az network watcher show-security-group-view

Show detailed security information on a VM given the currently configured NSG.

az network watcher show-security-group-view --resource-group
--vm

Required Parameters

--resource-group -g

Name of the resource group the target VM is in. Do not use when supplying VM ID.

--vm

Name or ID of the VM to target.

az network watcher show-topology

Show the network topology for a resource group.

az network watcher show-topology --resource-group
[--location]

Required Parameters

--resource-group -g

The name of the target resource group to perform topology on.

Optional Parameters

--location -l

Location. Defaults to the location of the target resource group.

Topology information is only shown for resources within the target resource group that are within the specified region.

az network watcher test-connectivity

Test whether a direct TCP connection can be established between a Virtual Machine and a given endpoint, such as another VM or an arbitrary remote server.

az network watcher test-connectivity --source-resource
[--dest-address]
[--dest-port]
[--dest-resource]
[--resource-group]
[--source-port]

Required Parameters

--source-resource

Name or ID of the resource from which to originate traffic.

Currently only Virtual Machines are supported.

Optional Parameters

--dest-address

The IP address or URI at which to receive traffic.

--dest-port

Port number on which to receive traffic.

--dest-resource

Name or ID of the resource to receive traffic.

Currently only Virtual Machines are supported.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

--source-port

Port number from which to originate traffic.

az network watcher test-ip-flow

Requires that Network Watcher is enabled for the region in which the VM is located.

az network watcher test-ip-flow --direction {Inbound, Outbound}
--local
--protocol {TCP, UDP}
--remote
--vm
[--nic]
[--resource-group]

Required Parameters

--direction

Direction of the packet relative to the VM.

accepted values: Inbound, Outbound
--local

The private IPv4 address for the VM's NIC and the port of the packet in X.X.X.X:PORT format. '*' can be used for port when direction is outbound.

--protocol

Protocol to test.

accepted values: TCP, UDP
--remote

The IPv4 address and port for the remote side of the packet X.X.X.X:PORT format. '*' can be used for port when direction is inbound.

--vm

Name or ID of the VM to target.

Optional Parameters

--nic

Name or ID of the NIC resource to test. If the VM has multiple NICs and IP forwarding is enabled on any of them, this parameter is required.

--resource-group -g

Name of the resource group the target VM is in. Do not use when supplying VM ID.