How to Configure NSG Flow Logs in Azure for Network Monitoring?

on

Network Security Group (NSG):

Security groups are the set of rules or virtual firewall that controls the inbound and outbound traffic in Azure. These rules either whitelist (allow) or blacklist (deny) requests based on the rule set. By creating inbound and outbound rules on NSG can fully secure your azure resource.

Types of Network Security Groups:

  • Ingress: Inbound request from services inside the service perimeter made to service inside the service perimeter.
  • Egress: Outbound request from services inside the service perimeter made to service outside the service perimeter.

Azure NSG Flow Logs:

Azure NSG Flow logs allow you to view information about ingress and egress IP traffic through a Network Security Group(NSG). Also helps in troubleshooting various networking issues.

What is Azure Network Watcher?

Network watcher is a tool to monitor, diagnose, view metrics, and to enable or disable logs for resources in an Azure virtual network. 

Network watcher is mainly designed to monitor and repair the network health of Azure Infrastructure.

Note: Network watcher is also called as Azure watcher.

Network Watcher is a regional azure service that enables monitoring and to diagnose conditions at a network scenario level by enabling NSG Flow Logs. Enabling Traffic Analytics in Azure NSG Flow Logs provides rich analytics and visualization of network flow logs of Azure resources. With Traffic Analytics geo-map you can easily figure out traffic hotspots and you can also get insights into optimization possibilities.

Task 1: Create a Storage account in Azure to store NSG flow logs.

Step to setup azure storage account to configure NSG flow logs.

Step 1: Login to Azure Portal >> access Storage accounts

Step 2: From Storage accounts click on the "+Create" >> configure the Azure Storage account as mentioned below.
  • Subscription: select your target azure subscription.
  • Resource Group: select your target azure resource group
  • Name: add storage account name (Note: the Storage Account name must be unique across Azure.)
  • Region: select your azure region 
  • Performance: Standard
  • Redundancy: Locally-redundant storage (LRS)
  • Require secure transfer for REST API operations: true
  • Enable blob public access: false
  • Enable storage account key access: true
  • Minimum TLS version: Version 1.2
  • Blob storage access tier: Hot
  • Connectivity method: Public endpoint (all networks)
  • Routing preference: Microsoft network routing
  • Enable point-in-time restore for containers: false
  • Enable soft delete for blobs: true (keep the default configuration)
  • Enable soft delete for containers: false
  • Enable soft delete for file shares: false
Step 3: Validate the configuration details >> Click on the "Review + Create" >> click on the "Create"

Task 2: Configure NSG flow logs for Network Monitoring in Azure.

Purpose of use: To verify the IP traffic flowing through the Network Security Groups through Network Watcher NSG flow logs.

Steps to configure NSG flow logs in azure with Network Watcher from Azure Porta.

Step 1: Login to Azure Portal and access Network Watcher resource from Azure global search

Step 2: From Network Watcher >> from page left menu access Logs >> NSG flow logs
Azure Network Watcher NSG Flow Logs
Step 3: Create and configure NSG Flog logs in Azure Network Watcher.

Click on "+ Create" and select the following as mentioned below.
  • Select the target Subscription
  • Select the target Network Security Group (NSG)
  • Select the target Azure Storage Account
  • Retention days: 120 (you wish to mention your own choice based on project need)
  • Flow Logs Version: Version 2
  • Enable Traffic Analytics
  • Traffic analytics processing interval: Every 10 minutes.
  • Subscription: target Log Analytics Subscription
  • Log Analytics workspace: target Workspace
Step 4: Click on the "Review + Create" >> click on the "Create". That's it you are done enabling NSG Flow Logs.