You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/frequently-asked-questions.yml
+11-3Lines changed: 11 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -166,7 +166,7 @@ sections:
166
166
- name: Flow logs
167
167
questions:
168
168
- question: |
169
-
What does NSG flow logs do?
169
+
What does flow logging do?
170
170
answer: |
171
171
Flow logs enable you to log 5-tuple flow information about your Azure IP traffic that passes through a network security group or Azure virtual network. The raw flow logs are written to an Azure storage account. From there, you can further process, analyze, query, or export them as needed.
172
172
@@ -185,10 +185,18 @@ sections:
185
185
answer: |
186
186
No. NSG flow logs and VNet flow logs don't support ICMP protocol.
187
187
188
+
Can I delete a network security group that has flow logging enabled?
189
+
answer: |
190
+
Yes. The associated flow log resource will be deleted too. Flow log data is retained in the storage account for the retention period configured in the flow log.
191
+
192
+
Can I move a network security group that has flow logging enabled to a different resource group or subscription?
193
+
answer: |
194
+
Yes, but you you must delete the associated flow log resource. After you migrate the network security group, you can re-create the flow logs to enable flow logging on it.
195
+
188
196
- question: |
189
197
Can I use a storage account in a different subscription than the network security group or virtual network that the flow log is enabled for?
190
198
answer: |
191
-
Yes, you can use a storage account from a different subscription as long as this subscription is associated with the same Microsoft Entra tenant of the network security group or virtual network's subscription.
199
+
Yes, you can use a storage account from a different subscription as long as this subscription is in the same region of the network security group and associated with the same Microsoft Entra tenant of the network security group or virtual network's subscription.
192
200
193
201
- question: |
194
202
How do I use NSG flow logs with a storage account behind a firewall?
@@ -208,7 +216,7 @@ sections:
208
216
Network Watcher has a built-in fallback mechanism that it uses when connecting to a storage account behind a firewall (firewall enabled). It tries to connect to the storage account using a key, and if that fails, it switches to a token. In this case, a 403 error is logged in the storage account activity log.
209
217
210
218
- question: |
211
-
Can NSG flow logs send data to a storage account using an Azure Private Endpoint?
219
+
Can Network Watcher send NSG flow logs data to a storage account enabled with Private Endpoint?
212
220
answer: |
213
221
Yes, Network Watcher supports sending NSG flow logs data to a storage account enabled with a private endpoint.
0 commit comments