You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Logs are collected at 1-minute intervals through the Azure platform. They don't affect your Azure resources or network performance in any way.
54
54
- Logs are written in JSON format and show outbound and inbound flows per network security group rule.
55
55
- Each log record contains the network interface (NIC) that the flow applies to, 5-tuple information, the traffic decision, and (for version 2 only) throughput information.
56
-
- NSG Flow logs have a retention feature that allows deleting the logs automatically up to a year after their creation.
56
+
- NSG flow logs have a retention feature that allows deleting the logs automatically up to a year after their creation.
57
57
58
58
> [!NOTE]
59
59
> Retention is available only if you use [general-purpose v2 storage accounts](../storage/common/storage-account-overview.md#types-of-storage-accounts).
@@ -63,15 +63,15 @@ Core concepts for flow logs include:
63
63
- Software-defined networks are organized around virtual networks and subnets. You can manage the security of these virtual networks and subnets by using network security groups.
64
64
- A network security group contains *security rules* that allow or deny network traffic to or from the Azure resources that the network security group is connected to. A network security group can be associated with a subnet or a network interface of a virtual machine (VM). For more information, see [Network security group overview](../virtual-network/network-security-groups-overview.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
65
65
- All traffic flows in your network are evaluated through the rules in the applicable network security group. The result of these evaluations is NSG flow logs.
66
-
- NSG Flow logs are collected through the Azure platform and don't require any change to your Azure resources.
66
+
- NSG flow logs are collected through the Azure platform and don't require any change to your Azure resources.
67
67
- There are two types of network security group rules: terminating and non-terminating. Each has different logging behaviors:
68
68
-*Deny* rules are terminating. The network security group that's denying the traffic will log it in the flow logs. Processing in this case stops after any NSG denies traffic.
69
69
-*Allow* rules are non-terminating. If the network security group allows the traffic, processing continues to the next network security group. The last network security group that allows traffic will log the traffic to the flow logs.
70
70
- NSG flow logs are written to storage accounts. You can export, process, analyze, and visualize NSG flow logs by using tools like Network Watcher traffic analytics, Splunk, Grafana, and Stealthwatch.
71
71
72
72
## Log format
73
73
74
-
NSG Flow logs include the following properties:
74
+
NSG flow logs include the following properties:
75
75
76
76
*`time`: Time when the event was logged.
77
77
*`systemId`: System ID of the network security group.
@@ -342,7 +342,7 @@ To update parameters via command-line tools, use the same command that you used
342
342
- [Read flow logs by using PowerShell functions](./network-watcher-read-nsg-flow-logs.md)
343
343
- [Export NSG flow logs to Splunk](https://www.splunk.com/en_us/blog/platform/splunking-azure-nsg-flow-logs.html)
344
344
345
-
NSG flow logs target network security groups and aren't displayed the same way as the other logs. NSG Flow logs are stored only in a storage account and follow the logging path shown in the following example:
345
+
NSG flow logs target network security groups and aren't displayed the same way as the other logs. NSG flow logs are stored only in a storage account and follow the logging path shown in the following example:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments