Update faq.yml

cozhang8 · web-flow · commit 520d9460eb9e · 2024-08-28T16:55:44.000-04:00
updating NSG flow logs to VNet flow logs.
diff --git a/articles/nat-gateway/faq.yml b/articles/nat-gateway/faq.yml
@@ -41,9 +41,12 @@ sections:
 
       - question: How can I obtain logs for my NAT gateway resource?
         answer: |
-          Network security group (NSG) flow logs can be used to monitor traffic flow from a resource in a subnet/virtual network by using a NAT gateway to go outbound.
+          [Virtual network (VNet) flow logs](../network-watcher/vnet-flow-logs-overview.md) are a feature of Azure Network Watcher that logs information about IP traffic flowing through a virtual network. Flow data from virtual network flow logs is sent to Azure Storage. From there, you can access the data and export it to any visualization tool, security information and event management (SIEM) solution, or intrusion detection system (IDS).
+
+          VNet flow logs provide connection information for your virtual machines. The connection information contains the source IP and port and the destination IP and port and the state of the connection. The traffic flow direction and the size of the traffic in number of packets and bytes sent is also logged. The source IP and port specified in the VNet flow log is for the virtual machine and not the NAT gateway.
           
-          Use Azure Security Center and follow the network protection recommendations to help secure your Azure network resources. Enable NSG flow logs and send the logs to an Azure Storage account for auditing. You can also send the flow logs to a Log Analytics workspace and then use Traffic Analytics to provide insights into traffic patterns in your Azure cloud. Some advantages of Traffic Analytics are the ability to visualize network activity, identify hot spots and security threats, understand traffic flow patterns, and pinpoint network misconfigurations.
+          For general guidance to create and manage virtual network flow logs, see [Manage virtual network flow logs](../network-watcher/vnet-flow-logs-portal.md). Once you have created your virtual network flow log, you can access the data on [Log Analytics workspaces](../azure-monitor/logs/logs-analytics-overview.md) where you can also query and filter the data to identify traffic flow through your NAT Gateway. See [Traffic analytics schema and data aggregation](../network-watcher/traffic-analytics-schema.md) for more details on the virtual network flow logs schema. 
+          You can also enable [Traffic Analytics](../network-watcher/traffic-analytics.md) when you are creating your virtual network flow logs to provide insights into traffic patterns in your Azure cloud. Some advantages of Traffic Analytics are the ability to visualize network activity, identify hot spots and security threats, understand traffic flow patterns, and pinpoint network misconfigurations.
 
       - question: How do I delete a NAT gateway resource?
         answer: |
