You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/network-watcher-alert-triggered-packet-capture.md
+29-24Lines changed: 29 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,9 +5,10 @@ author: halkazwini
5
5
ms.author: halkazwini
6
6
ms.service: network-watcher
7
7
ms.topic: how-to
8
-
ms.date: 01/31/2024
8
+
ms.date: 02/14/2024
9
9
ms.custom: devx-track-azurepowershell
10
10
---
11
+
11
12
# Monitor networks proactively with alerts and Azure Functions using Packet Capture
12
13
13
14
Network Watcher packet capture creates capture sessions to track traffic in and out of virtual machines. The capture file can have a filter that is defined to track only the traffic that you want to monitor. This data is stored in a storage blob or locally on the guest machine.
@@ -22,13 +23,13 @@ By using Network Watcher alerting and functions from within the Azure ecosystem,
22
23
23
24
## Prerequisites
24
25
25
-
* The latest version of [Azure PowerShell](/powershell/azure/install-azure-powershell).
26
-
* An existing instance of Network Watcher. If you don't already have one, [create an instance of Network Watcher](network-watcher-create.md).
27
-
* An existing virtual machine in the same region as Network Watcher with the [Windows extension](../virtual-machines/extensions/network-watcher-windows.md) or [Linux virtual machine extension](../virtual-machines/extensions/network-watcher-linux.md).
26
+
- The latest version of [Azure PowerShell](/powershell/azure/install-azure-powershell).
27
+
- An existing instance of Network Watcher. If you don't already have one, [create an instance of Network Watcher](network-watcher-create.md).
28
+
- An existing virtual machine in the same region as Network Watcher with the [Windows extension](../virtual-machines/extensions/network-watcher-windows.md) or [Linux virtual machine extension](../virtual-machines/extensions/network-watcher-linux.md).
28
29
29
30
## Scenario
30
31
31
-
In this example, your VM has more outgoing traffic than usual and you want to be alerted. Similarly, you can create alerts for any condition.
32
+
In this example, a virtual machine (VM) has more outgoing traffic than usual and you want to be alerted. Similarly, you can create alerts for any condition.
32
33
33
34
When an alert is triggered, the packet-level data helps to analyze why the outgoing traffic has increased. You can take steps to return the virtual machine to its original state.
34
35
@@ -53,29 +54,33 @@ This scenario does the following:
53
54
54
55
To create an Azure function to process the alert and create a packet capture, follow these steps:
55
56
56
-
1. In the [Azure portal](https://portal.azure.com), search for *function app* in **All services** and select it.
57
+
1. Sign in to the [Azure portal](https://portal.azure.com).
58
+
59
+
1. In the search box at the top of the portal, enter *function app*. Select **Function App** from the search results
57
60
58
-
:::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/search-result.png" alt-text="Screenshot of finding the function app in Azure portal.":::
61
+
:::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/function-app-portal-search.png" alt-text="Screenshot shows how to search for the function app in Azure portal." lightbox="./media/network-watcher-alert-triggered-packet-capture/function-app-portal-search.png":::
59
62
60
-
2. Select **Create** to open the **Create Function App** screen.
63
+
1. Select **+ Create**.
61
64
62
-
:::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/create-function-app.png" alt-text="Screenshot of the Create function app screen.":::
65
+
1. In the **Basics** tab of **Create Function App**, enter or select values for the following settings:
63
66
64
-
2. In the **Basics** tab, enter the following values:
65
-
1. Under **Project Details**, select the **Subscription** for which you want to create the Function app and the **Resource Group** to contain the app.
66
-
2. Under **Instance details**, do the following:
67
-
1. Enter the name of the Function app. This name will be appended by *.azurewebsites.net*.
68
-
2. In **Publish**, select the mode of publishing, either *Code* or *Docker Container*.
69
-
3. Select a **Runtime stack**.
70
-
4. Select the version of the Runtime stack in **Version**.
71
-
5. Select the **Region** in which you want to create the function app.
72
-
3. Select **OK** to create the app.
73
-
3. Under **Operating System**, select the type of Operating system that you're currently using. Azure recommends the type of Operating system based on your runtime stack selection.
74
-
4. Under **Plan**, select the type of plan that you want to use for the function app. Choose from the following options:
67
+
- Under **Project Details**, select the **Subscription** for which you want to create the Function app and the **Resource Group** to contain the app.
68
+
- Under **Instance details**, do the following:
69
+
- Enter the name of the Function app. This name will be appended by *.azurewebsites.net*.
70
+
- In **Publish**, select the mode of publishing, either *Code* or *Docker Container*.
71
+
- Select a **Runtime stack**.
72
+
- Select the version of the Runtime stack in **Version**.
73
+
- Select the **Region** in which you want to create the function app.
74
+
- Select **OK** to create the app.
75
+
- Under **Operating System**, select the type of Operating system that you're currently using. Azure recommends the type of Operating system based on your runtime stack selection.
76
+
- Under **Plan**, select the type of plan that you want to use for the function app. Choose from the following options:
75
77
- Consumption (Serverless) - For event-driven scaling for the most minimum cost.
76
78
- Functions Premium - For enterprise-level, serverless applications with event-based scaling and network isolation.
77
79
- App Service Plan - For reusing compute from an existing app service plan.
78
-
3. Select **Review + create** to create the app.
80
+
81
+
:::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/create-function-app-basics.png" alt-text="Screenshot of the Create function app page in the Azure portal." lightbox="./media/network-watcher-alert-triggered-packet-capture/create-function-app-basics.png":::
82
+
83
+
1. Select **Review + create** to create the app.
79
84
80
85
### Create an Azure function
81
86
@@ -85,9 +90,9 @@ To create an Azure function to process the alert and create a packet capture, fo
85
90
86
91
2. Select **Develop in portal** from the **Development environment** drop-down.
87
92
3. Under **Select a template**, select **HTTP Trigger**.
88
-
4. In the **Template details** section, do the following:
89
-
1. Enter the name of the function in the **New function** field.
90
-
2. Select **Function** as the **Authorization level** and select **Create**.
93
+
4. In the **Template details** section:
94
+
- Enter the name of the function in the **New function** field.
95
+
- Select **Function** as the **Authorization level** and select **Create**.
91
96
5. After the function is created, go to the function and select **Code + Test**.
92
97
93
98
:::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/code-test.png" alt-text="Screenshot of the Code + Test screen.":::
0 commit comments