As we speak one of my customers is looking into using Azure Network Watcher for its network auditing and packet logging capabilities. Network Security Group flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through a Network Security Group. While flow logs target Network Security Groups, they are not displayed in the same way as the other logs. Flow logs are stored only within a storage account.
The big challenge to enable NSG flow logging is that you have to do it one by one in the Azure portal. A step-by-step guide on how to do this is described here. You need to select the NSG, tick the box to enable NSG flow logging, specify a storage account etc. This is going to take ages to enable for all my NSG’s! For my customer, this wasn’t going to work as they have a lot of NSG’s defined in their environment.
This blog post will cover how you can enable NSG flow logs for all your NSG’s at once with a PowerShell Script.
This scenario assumes you have already followed the steps in Create a Network Watcher to create a Network Watcher. The scenario also assumes that a Resource Group with a storage account has been pre-created.
The following PowerShell script will enable NSG Flow logging for all my NSG’s. The script will do the following:
NSG flow logging needs to be enabled per Azure Region and per subscription, so the script will loop through all the different regions where Network watcher is enabled. If the script finds an NSG in that region, it will enable NSG flow logging
Once we find a region where Network Watcher is enabled, we will look for NSGs and enable flow logging:
That’s it! We just enabled NSG flow logging with one press of a button! You can find the PowerShell script below:
View the code on Gist.
In the next blogpost I will cover how to visualize this data with PowerBi.
Hope this helps,