az network watcher

(PREVIEW) Manage the Azure Network Watcher.

Commands

az network watcher configure Configure the Network Watcher service for different regions.
az network watcher flow-log (PREVIEW) Manage network security group flow logging.
az network watcher flow-log configure Configure flow logging on a network security group.
az network watcher flow-log show Get the flow log configuration for a network security group.
az network watcher list List Network Watchers.
az network watcher packet-capture (PREVIEW) Manage packet capture sessions on VMs.
az network watcher packet-capture create Create and start a packet capture session.
az network watcher packet-capture delete Deletes the specified packet capture session.
az network watcher packet-capture list Lists all packet capture sessions within the specified resource group.
az network watcher packet-capture show Gets a packet capture session by name.
az network watcher packet-capture show-status Query the status of a running packet capture session.
az network watcher packet-capture stop Stops a specified packet capture session.
az network watcher show-next-hop Get information on the 'next hop' for a VM.
az network watcher show-security-group-view Get detailed security information on a VM for the currently configured network security group.
az network watcher show-topology Get the network topology of a resource group.
az network watcher test-connectivity Test if a direct TCP connection can be established between a Virtual Machine and a given endpoint.
az network watcher test-ip-flow Test IP flow to/from a VM given the currently configured network security group rules.
az network watcher troubleshooting (PREVIEW) Manage Network Watcher troubleshooting sessions.
az network watcher troubleshooting show Get the results of the last troubleshooting operation.
az network watcher troubleshooting start Troubleshoot issues with VPN connections or gateway connectivity.

az network watcher configure

Configure the Network Watcher service for different regions.

az network watcher configure --locations
[--enabled {false, true}]
[--resource-group]
[--tags]

Required Parameters

--locations -l
Space separated list of locations to configure.

Optional Parameters

--enabled
Enabled status of Network Watch in the specified regions.
accepted values: false, true
--resource-group -g
Name of resource group. Required when enabling new regions.
--tags
Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

az network watcher list

List Network Watchers.

az network watcher list

az network watcher show-next-hop

Get information on the 'next hop' for a VM.

az network watcher show-next-hop --dest-ip
--resource-group
--source-ip
--vm
[--nic]

Required Parameters

--dest-ip
Destination IPv4 address.
--resource-group -g
Name of the resource group the target VM is in. Do not use when supplying VM ID.
--source-ip
Source IPv4 address.
--vm
Name or ID of the VM to target.

Optional Parameters

--nic
Name or ID of the NIC resource to test. If the VM has multiple NICs and IP forwarding is enabled on any of them, this parameter is required.

az network watcher show-security-group-view

Get detailed security information on a VM for the currently configured network security group.

az network watcher show-security-group-view --resource-group
--vm

Required Parameters

--resource-group -g
Name of the resource group the target VM is in. Do not use when supplying VM ID.
--vm
Name or ID of the VM to target.

az network watcher show-topology

Get the network topology of a resource group.

az network watcher show-topology --resource-group
[--location]

Required Parameters

--resource-group -g
The name of the target resource group to perform topology on.

Optional Parameters

--location -l
Location. Defaults to the location of the target resource group.

az network watcher test-connectivity

Test if a direct TCP connection can be established between a Virtual Machine and a given endpoint.

az network watcher test-connectivity --source-resource
[--dest-address]
[--dest-port]
[--dest-resource]
[--resource-group]
[--source-port]

Required Parameters

--source-resource
Name or ID of the resource from which to originate traffic.

Optional Parameters

--dest-address
The IP address or URI at which to receive traffic.
--dest-port
Port number on which to receive traffic.
--dest-resource
Name or ID of the resource to receive traffic.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.
--source-port
Port number from which to originate traffic.

az network watcher test-ip-flow

Test IP flow to/from a VM given the currently configured network security group rules.

az network watcher test-ip-flow --direction {Inbound, Outbound}
--local
--protocol {TCP, UDP}
--remote
--vm
[--nic]
[--resource-group]

Required Parameters

--direction
Direction of the packet relative to the VM.
accepted values: Inbound, Outbound
--local
The private IPv4 address for the VM's NIC and the port of the packet in X.X.X.X:PORT format. '*' can be used for port when direction is outbound.
--protocol
Protocol to test.
accepted values: TCP, UDP
--remote
The IPv4 address and port for the remote side of the packet X.X.X.X:PORT format. '*' can be used for port when direction is inbound.
--vm
Name or ID of the VM to target.

Optional Parameters

--nic
Name or ID of the NIC resource to test. If the VM has multiple NICs and IP forwarding is enabled on any of them, this parameter is required.
--resource-group -g
Name of the resource group the target VM is in. Do not use when supplying VM ID.