az network watcher flow-log

Manage network security group flow logging.

For more information about configuring flow logs visit https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli.

Commands

az network watcher flow-log configure Configure flow logging on a network security group.
az network watcher flow-log create Create a flow log on a network security group.
az network watcher flow-log delete Delete the specified flow log resource.
az network watcher flow-log list List all flow log resources for the specified Network Watcher.
az network watcher flow-log show Get the flow log configuration of a network security group.
az network watcher flow-log update Update the flow log configuration of a network security group.

az network watcher flow-log configure

Configure flow logging on a network security group.

az network watcher flow-log configure --nsg
[--enabled {false, true}]
[--format {JSON}]
[--interval]
[--log-version]
[--only-show-errors]
[--resource-group]
[--retention]
[--storage-account]
[--subscription]
[--traffic-analytics {false, true}]
[--workspace]

Examples

Enable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled true --nsg MyNsg --storage-account MyStorageAccount

Disable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled false --nsg MyNsg

Required Parameters

--nsg

Name or ID of the Network Security Group to target.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true
default value: true
--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

--log-version

Version (revision) of the flow log.

--only-show-errors

Only show errors, suppressing warnings.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

az network watcher flow-log create

Create a flow log on a network security group.

az network watcher flow-log create --location
--name
--nsg
[--enabled {false, true}]
[--format {JSON}]
[--interval]
[--log-version]
[--only-show-errors]
[--resource-group]
[--retention]
[--storage-account]
[--subscription]
[--tags]
[--traffic-analytics {false, true}]
[--workspace]

Examples

Create a flow log with Network Security Group name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nsg MyNetworkSecurityGroupName --storage-account account

Create a flow log with Network Security Group ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --nsg MyNetworkSecurityGroupID --storage-account account

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true
default value: true
--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60
--log-version

Version (revision) of the flow log.

--only-show-errors

Only show errors, suppressing warnings.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

az network watcher flow-log delete

Delete the specified flow log resource.

az network watcher flow-log delete --location
--name
[--only-show-errors]
[--subscription]

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Optional Parameters

--only-show-errors

Only show errors, suppressing warnings.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log list

List all flow log resources for the specified Network Watcher.

az network watcher flow-log list --location
[--only-show-errors]
[--subscription]

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

Optional Parameters

--only-show-errors

Only show errors, suppressing warnings.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log show

Get the flow log configuration of a network security group.

az network watcher flow-log show [--location]
[--name]
[--nsg]
[--only-show-errors]
[--resource-group]
[--subscription]

Examples

Show NSG flow logs. (Deprecated)

az network watcher flow-log show -g MyResourceGroup --nsg MyNsg

Show NSG flow logs with Azure Resource Management formatted.

az network watcher flow-log show --location MyNetworkWatcher --name MyFlowLog

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

--only-show-errors

Only show errors, suppressing warnings.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log update

Update the flow log configuration of a network security group.

az network watcher flow-log update --location
--name
[--add]
[--enabled {false, true}]
[--force-string]
[--format {JSON}]
[--interval]
[--log-version]
[--nsg]
[--only-show-errors]
[--remove]
[--resource-group]
[--retention]
[--set]
[--storage-account]
[--subscription]
[--tags]
[--traffic-analytics {false, true}]
[--workspace]

Examples

Update storage account with name to let resource group identify the storage account and network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountname

Update storage account with ID to let location identify the network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountid

Update Network Security Group on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nsg MyNSG

Update Workspace on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --workspace MyAnotherLogAnalyticWorkspace

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enabled

Enable logging.

accepted values: false, true
default value: true
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60
--log-version

Version (revision) of the flow log.

--nsg

Name or ID of the network security group.

--only-show-errors

Only show errors, suppressing warnings.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.