You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/openshift/howto-enable-nsg-flowlogs.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,6 @@ keywords: azure, openshift, aro, red hat, azure CLI
16
16
17
17
Flow logs allow you to analyze traffic for Network Security Groups in specific regions that have Azure Network Watcher configured.
18
18
19
-
20
19
## Prerequisites
21
20
22
21
You must have an existing Azure Red Hat OpenShift cluster. Follow this guide to [create a private Azure Red Hat OpenShift cluster](howto-create-private-cluster-4x.md).
@@ -34,8 +33,7 @@ Create a storage account for storing the actual flow logs. It must be in the sam
34
33
35
34
## Configure service principal
36
35
37
-
The service principal used by the cluster needs the [proper permissions](../network-watcher/required-rbac-permissions) in order to create necessary resources for the flow logs and to access the storage account.
38
-
The easiest way to achieve that is by assigning it the network administrator and storage account contributor role on subscription level. Alternatively, you can create a custom role containing the required actions from the page linked above and assign it to the service principal.
36
+
The service principal used by the cluster needs the [proper permissions](../network-watcher/required-rbac-permissions.md) in order to create necessary resources for the flow logs and to access the storage account. The easiest way to achieve that is by assigning it the network administrator and storage account contributor role on subscription level. Alternatively, you can create a custom role containing the required actions from the page linked above and assign it to the service principal.
39
37
40
38
To get the service principal ID, run the following command:
41
39
```
@@ -53,7 +51,7 @@ To assign storage account contributor, run the following command:
53
51
```
54
52
az role assignment create --role "17d1049b-9a84-46fb-8f53-869881c3d3ab" --assignee-object-id "{servicePrincipalObjectID}"
55
53
```
56
-
See [this page](../role-based-access-control/built-in-roles) for IDs of built-in roles.
54
+
See [Azure built-in roles](../role-based-access-control/built-in-roles.md) for IDs of built-in roles.
57
55
58
56
Create a spec as in the following example, or update the existing spec to contain `spec.nsgFlowLogs` in case you are already using another preview feature:
See [this page](../network-watcher/network-watcher-nsg-flow-logging-portal) for possible values for `version` and `retentionDays`.
73
+
See [Tutorial: Log network traffic to and from a virtual machine using the Azure portal](../network-watcher/network-watcher-nsg-flow-logging-portal.md) for possible values for `version` and `retentionDays`.
76
74
77
75
The cluster will create flow logs for each Network Security Group in the cluster resource group.
0 commit comments