@@ -6,7 +6,7 @@ author: halkazwini
66ms.author : halkazwini
77ms.service : network-watcher
88ms.topic : how-to
9- ms.date : 04/17 /2024
9+ ms.date : 04/18 /2024
1010ms.custom : devx-track-azurepowershell
1111
1212# CustomerIntent: As an Azure administrator, I want to read my flow logs using a PowerShell script so I can see the latest data.
@@ -22,7 +22,7 @@ In this article, you learn how to read portions of Azure Network Watcher flow lo
2222
2323- PowerShell. For more information, see [ Install PowerShell on Windows, Linux, and macOS] ( /powershell/scripting/install/installing-powershell ) . This article requires the Az PowerShell module. For more information, see [ How to install Azure PowerShell] ( /powershell/azure/install-azure-powershell ) . To find the installed version, run ` Get-Module -ListAvailable Az ` .
2424
25- - NSG flow logs in a region or more. For more information, see [ Create NSG flow logs] ( nsg-flow-logs-portal.md#create-a-flow-log ) .
25+ - Flow logs in a region or more. For more information, see [ Create NSG flow logs] ( nsg-flow-logs-portal.md#create-a-flow-log ) or [ Create VNet flow logs ] ( vnet -flow-logs-portal.md#create-a-flow-log) .
2626
2727- Necessary RBAC permissions for the subscriptions of flow logs and storage account. For more information, see [ Network Watcher RBAC permissions] ( required-rbac-permissions.md ) .
2828
@@ -273,23 +273,62 @@ The results of this value are shown in the following example:
273273# [ ** NSG flow logs** ] ( #tab/nsg )
274274
275275``` json
276+ {
277+ "records" : [
276278 {
277- "time" : " 2017-06-16T20:59:43.7340000Z"
278- "systemId" : " 5f4d02d3-a7d0-4ed4-9ce8-c0ae9377951c"
279- "category" : " NetworkSecurityGroupFlowEvent"
280- "resourceId" : " /SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/CONTOSORG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/CONTOSONSG"
281- "operationName" : " NetworkSecurityGroupFlowEvents"
282- "properties" : {"Version" :1 ,"flows" :[{"rule" :" DefaultRule_AllowInternetOutBound" "flows" :[{"mac" :" 000D3A18077E" "flowTuples" :[" 1497646722,10.0.0.4,168.62.32.14,44904,443,T,O,A" " 1497646722,10.0.0.4,52.240.48.24,45218,443,T,O,A" "1497646725,10.
283- 0.0 .4,168.62.32.14,44910,443,T,O,A","1497646725,10.0.0.4,52.240.48.24,45224,443,T,O,A","1497646728,10.0.0.4,168.62.32.14,44916,443,T,O,A","1497646728,10.0.0.4,52.240.48.24,45230,443,T,O,A","1497646732,10.0.0.4,168.62.32.14,44922,443,T,O,A","14976
284- 46732 ,10.0 .0.4,52.240.48.24,45236,443,T,O,A","1497646735,10.0.0.4,168.62.32.14,44928,443,T,O,A","1497646735,10.0.0.4,52.240.48.24,45242,443,T,O,A","1497646738,10.0.0.4,168.62.32.14,44934,443,T,O,A","1497646738,10.0.0.4,52.240.48.24,45248,443,T,O,
285- A","1497646742,10.0.0.4,168.62.32.14,44942,443,T,O,A","1497646742,10.0.0.4,52.240.48.24,45256,443,T,O,A","1497646745,10.0.0.4,168.62.32.14,44948,443,T,O,A","1497646745,10.0.0.4,52.240.48.24,45262,443,T,O,A","1497646749,10.0.0.4,168.62.32.14,44954
286- ,443 ,T,O,A","1497646749,10.0.0.4,52.240.48.24,45268,443,T,O,A","1497646753,10.0.0.4,168.62.32.14,44960,443,T,O,A","1497646753,10.0.0.4,52.240.48.24,45274,443,T,O,A","1497646756,10.0.0.4,168.62.32.14,44966,443,T,O,A","1497646756,10.0.0.4,52.240.48
287- .24,45280,443,T,O,A","1497646759,10.0.0.4,168.62.32.14,44972,443,T,O,A","1497646759,10.0.0.4,52.240.48.24,45286,443,T,O,A","1497646763,10.0.0.4,168.62.32.14,44978,443,T,O,A","1497646763,10.0.0.4,52.240.48.24,45292,443,T,O,A","1497646766,10.0.0.4,
288- 168.62 .32.14,44984,443,T,O,A","1497646766,10.0.0.4,52.240.48.24,45298,443,T,O,A","1497646769,10.0.0.4,168.62.32.14,44990,443,T,O,A","1497646769,10.0.0.4,52.240.48.24,45304,443,T,O,A","1497646773,10.0.0.4,168.62.32.14,44996,443,T,O,A","1497646773,
289- 10.0 .0.4,52.240.48.24,45310,443,T,O,A","1497646776,10.0.0.4,168.62.32.14,45002,443,T,O,A","1497646776,10.0.0.4,52.240.48.24,45316,443,T,O,A","1497646779,10.0.0.4,168.62.32.14,45008,443,T,O,A","1497646779,10.0.0.4,52.240.48.24,45322,443,T,O,A" ]}]}
290- ,{"rule" :" DefaultRule_DenyAllInBound" "flows" :[]},{"rule" :" UserRule_ssh-rule" "flows" :[]},{"rule" :" UserRule_web-rule" "flows" :[{"mac" :" 000D3A18077E" "flowTuples" :[" 1497646738,13.82.225.93,10.0.0.4,1180,80,T,I,A" "1497646750,13.82.225.93,10.0.0.4,
291- 1184 ,80 ,T,I,A","1497646768,13.82.225.93,10.0.0.4,1181,80,T,I,A","1497646780,13.82.225.93,10.0.0.4,1336,80,T,I,A" ]}]}]}
279+ "time" : " 2017-06-16T20:59:43.7340000Z"
280+ "systemId" : " abcdef01-2345-6789-0abc-def012345678"
281+ "category" : " NetworkSecurityGroupFlowEvent"
282+ "resourceId" : " /SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/MYRESOURCEGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/MYNSG"
283+ "operationName" : " NetworkSecurityGroupFlowEvents"
284+ "properties" : {
285+ "Version" : 1 ,
286+ "flows" : [
287+ {
288+ "rule" : " DefaultRule_AllowInternetOutBound"
289+ "flows" : [
290+ {
291+ "mac" : " 000D3A18077E"
292+ "flowTuples" : [
293+ " 1497646722,10.0.0.4,168.62.32.14,44904,443,T,O,A"
294+ " 1497646722,10.0.0.4,52.240.48.24,45218,443,T,O,A"
295+ " 1497646725,10.0.0.4,168.62.32.14,44910,443,T,O,A"
296+ " 1497646725,10.0.0.4,52.240.48.24,45224,443,T,O,A"
297+ " 1497646728,10.0.0.4,168.62.32.14,44916,443,T,O,A"
298+ " 1497646728,10.0.0.4,52.240.48.24,45230,443,T,O,A"
299+ " 1497646732,10.0.0.4,168.62.32.14,44922,443,T,O,A"
300+ " 1497646732,10.0.0.4,52.240.48.24,45236,443,T,O,A"
301+ ]
302+ }
303+ ]
304+ },
305+ {
306+ "rule" : " DefaultRule_DenyAllInBound"
307+ "flows" : []
308+ },
309+ {
310+ "rule" : " UserRule_ssh-rule"
311+ "flows" : []
312+ },
313+ {
314+ "rule" : " UserRule_web-rule"
315+ "flows" : [
316+ {
317+ "mac" : " 000D3A18077E"
318+ "flowTuples" : [
319+ " 1497646738,13.82.225.93,10.0.0.4,1180,80,T,I,A"
320+ " 1497646750,13.82.225.93,10.0.0.4,1184,80,T,I,A"
321+ " 1497646768,13.82.225.93,10.0.0.4,1181,80,T,I,A"
322+ " 1497646780,13.82.225.93,10.0.0.4,1336,80,T,I,A"
323+ ]
324+ }
325+ ]
326+ }
327+ ]
328+ }
292329 }
330+ ]
331+ }
293332```
294333
295334# [ ** VNet flow logs (preview)** ] ( #tab/vnet )
@@ -298,25 +337,25 @@ A","1497646742,10.0.0.4,168.62.32.14,44942,443,T,O,A","1497646742,10.0.0.4,52.24
298337{
299338 "time" : " 2023-07-09T03:59:30.2837112Z"
300339 "flowLogVersion" : 4 ,
301- "flowLogGUID" : " c4de7bdb-291a-4315-84c2-ba1ecd0296dd "
340+ "flowLogGUID" : " abcdef01-2345-6789-0abc-def012345678 "
302341 "macAddress" : " 0022485D8CF8"
303342 "category" : " FlowLogFlowEvent"
304- "flowLogResourceID" : " /SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_WESTCENTRALUS /FLOWLOGS/CONTOSOVNETWCUSFLOWLOG "
305- "targetResourceID" : " /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Contoso-westcentralus-RG /providers/Microsoft.Network/virtualNetworks/ContosoVnetWcus "
343+ "flowLogResourceID" : " /SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_EASTUS /FLOWLOGS/MYVNET-MYRESOURCEGROUP-FLOWLOG "
344+ "targetResourceID" : " /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup /providers/Microsoft.Network/virtualNetworks/myVNet "
306345 "operationName" : " FlowLogFlowEvent"
307346 "flowRecords" : {
308347 "flows" : [
309348 {
310- "aclID" : " db903ae8-908e-491b-b12b-afaafab9d9ed "
349+ "aclID" : " 00000000-1234-abcd-ef00-c1c2c3c4c5c6 "
311350 "flowGroups" : [
312351 {
313- "rule" : " BlockHighRiskTCPPortsFromInternet_456b4993-6e57-4e46-aa4d-81767afff09c "
352+ "rule" : " BlockHighRiskTCPPortsFromInternet "
314353 "flowTuples" : [
315354 " 1688875131557,45.119.212.87,192.168.0.4,53018,3389,6,I,D,NX,0,0,0,0"
316355 ]
317356 },
318357 {
319- "rule" : " Internet_4b9ac3d8-dc7b-4b9e-8702-9e9c25b52451 "
358+ "rule" : " Internet "
320359 "flowTuples" : [
321360 " 1688875103311,35.203.210.145,192.168.0.4,56688,52113,6,I,D,NX,0,0,0,0"
322361 " 1688875119073,162.216.150.87,192.168.0.4,50111,9920,6,I,D,NX,0,0,0,0"
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments