az network watcher flow-log

Manage network security group flow logging.

For more information about configuring flow logs visit https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli.

Commands

az network watcher flow-log configure Configure flow logging on a network security group.
az network watcher flow-log show Get the flow log configuration of a network security group.

az network watcher flow-log configure

Configure flow logging on a network security group.

az network watcher flow-log configure --nsg
[--enabled {false, true}]
[--format {JSON}]
[--interval]
[--log-version]
[--resource-group]
[--retention]
[--storage-account]
[--subscription]
[--traffic-analytics {false, true}]
[--workspace]

Examples

Enable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled true --nsg MyNsg --storage-account MyStorageAccount

Disable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled false --nsg MyNsg

Required Parameters

--nsg

Name or ID of the Network Security Group to target.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true
--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

--log-version

Version (revision) of the flow log.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace.

az network watcher flow-log show

Get the flow log configuration of a network security group.

az network watcher flow-log show --nsg
[--resource-group]
[--subscription]

Examples

Show NSG flow logs.

az network watcher flow-log show -g MyResourceGroup --nsg MyNsg

Required Parameters

--nsg

Name or ID of the network security group.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.