|
| 1 | +--- |
| 2 | +title: Manage NSG flow logs |
| 3 | +titleSuffix: Azure Network Watcher |
| 4 | +description: Learn how to create, change, enable, disable, or delete Azure Network Watcher network security group (NSG) flow logs. |
| 5 | +author: halkazwini |
| 6 | +ms.author: halkazwini |
| 7 | +ms.service: azure-network-watcher |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 03/17/2025 |
| 10 | + |
| 11 | +#CustomerIntent: As an Azure administrator, I want to log my virtual network IP traffic using Network Watcher NSG flow logs so that I can analyze it later. |
| 12 | +--- |
| 13 | + |
| 14 | +# Create, change, enable, disable, or delete NSG flow logs |
| 15 | + |
| 16 | +[!INCLUDE [NSG flow logs retirement](../../includes/network-watcher-nsg-flow-logs-retirement.md)] |
| 17 | + |
| 18 | +Network security group flow logging is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through a network security group. For more information about network security group flow logging, see [NSG flow logs overview](nsg-flow-logs-overview.md). |
| 19 | + |
| 20 | +In this article, you learn how to create, change, enable, disable, or delete a network security group flow log using the Azure portal, PowerShell, and Azure CLI. |
| 21 | + |
| 22 | +## Prerequisites |
| 23 | + |
| 24 | +# [**Portal**](#tab/portal) |
| 25 | + |
| 26 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 27 | + |
| 28 | +- Insights provider. For more information, see [Register Insights provider](#register-insights-provider). |
| 29 | + |
| 30 | +- A network security group. If you need to create a network security group, see [Create, change, or delete a network security group](../virtual-network/manage-network-security-group.md?tabs=network-security-group-portal&toc=/azure/network-watcher/toc.json). |
| 31 | + |
| 32 | +- An Azure storage account. If you need to create a storage account, see [Create a storage account using the Azure portal](../storage/common/storage-account-create.md?tabs=azure-portal&toc=/azure/network-watcher/toc.json). |
| 33 | + |
| 34 | +# [**PowerShell**](#tab/powershell) |
| 35 | + |
| 36 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 37 | + |
| 38 | +- Insights provider. For more information, see [Register Insights provider](#register-insights-provider). |
| 39 | + |
| 40 | +- A virtual network. If you need to create a virtual network, see [Create a virtual network using PowerShell](../virtual-network/quick-create-powershell.md). |
| 41 | + |
| 42 | +- An Azure storage account. If you need to create a storage account, see [Create a storage account using PowerShell](../storage/common/storage-account-create.md?tabs=azure-powershell&toc=/azure/network-watcher/toc.json). |
| 43 | + |
| 44 | +- Azure Cloud Shell or Azure PowerShell. |
| 45 | + |
| 46 | + The steps in this article run the Azure PowerShell cmdlets interactively in [Azure Cloud Shell](/azure/cloud-shell/overview). To run the cmdlets in the Cloud Shell, select **Open Cloud Shell** at the upper-right corner of a code block. Select **Copy** to copy the code and then paste it into Cloud Shell to run it. You can also run the Cloud Shell from within the Azure portal. |
| 47 | + |
| 48 | + You can also [install Azure PowerShell locally](/powershell/azure/install-azure-powershell) to run the cmdlets. This article requires the Azure PowerShell module. If you run PowerShell locally, sign in to Azure using the [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet. |
| 49 | + |
| 50 | +# [**Azure CLI**](#tab/cli) |
| 51 | + |
| 52 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 53 | + |
| 54 | +- Insights provider. For more information, see [Register Insights provider](#register-insights-provider). |
| 55 | + |
| 56 | +- A virtual network. If you need to create a virtual network, see [Create a virtual network using the Azure CLI](../virtual-network/quick-create-cli.md). |
| 57 | + |
| 58 | +- An Azure storage account. If you need to create a storage account, see [Create a storage account using the Azure CLI](../storage/common/storage-account-create.md?tabs=azure-cli). |
| 59 | + |
| 60 | +- Azure Cloud Shell or Azure CLI. |
| 61 | + |
| 62 | + The steps in this article run the Azure CLI commands interactively in [Azure Cloud Shell](/azure/cloud-shell/overview). To run the commands in the Cloud Shell, select **Open Cloud Shell** at the upper-right corner of a code block. Select **Copy** to copy the code, and paste it into Cloud Shell to run it. You can also run the Cloud Shell from within the Azure portal. |
| 63 | + |
| 64 | + You can also [install Azure CLI locally](/cli/azure/install-azure-cli) to run the commands. If you run Azure CLI locally, sign in to Azure using the [az login](/cli/azure/reference-index#az-login) command. |
| 65 | + |
| 66 | +--- |
| 67 | + |
| 68 | +## Register Insights provider |
| 69 | + |
| 70 | +# [**Portal**](#tab/portal) |
| 71 | + |
| 72 | +*Microsoft.Insights* provider must be registered to successfully log traffic flowing through a virtual network. If you aren't sure if the *Microsoft.Insights* provider is registered, check its status in the Azure portal by following these steps: |
| 73 | + |
| 74 | +1. In the search box at the top of the portal, enter *subscriptions*. Select **Subscriptions** from the search results. |
| 75 | + |
| 76 | + :::image type="content" source="./media/subscriptions-portal-search.png" alt-text="Screenshot that shows how to search for Subscriptions in the Azure portal." lightbox="./media/subscriptions-portal-search.png"::: |
| 77 | + |
| 78 | +1. Select the Azure subscription that you want to enable the provider for in **Subscriptions**. |
| 79 | + |
| 80 | +1. Under **Settings**, select **Resource providers**. |
| 81 | + |
| 82 | +1. Enter *insight* in the filter box. |
| 83 | + |
| 84 | +1. Confirm the status of the provider displayed is **Registered**. If the status is **NotRegistered**, select the **Microsoft.Insights** provider then select **Register**. |
| 85 | + |
| 86 | + :::image type="content" source="./media/nsg-flow-logs-portal/register-microsoft-insights.png" alt-text="Screenshot that shows how to register Microsoft Insights provider in the Azure portal." lightbox="./media/nsg-flow-logs-portal/register-microsoft-insights.png"::: |
| 87 | + |
| 88 | +# [**PowerShell**](#tab/powershell) |
| 89 | + |
| 90 | +*Microsoft.Insights* provider must be registered to successfully log traffic in a virtual network. If you aren't sure if the *Microsoft.Insights* provider is registered, use [Register-AzResourceProvider](/powershell/module/az.resources/register-azresourceprovider) to register it. |
| 91 | + |
| 92 | +```azurepowershell-interactive |
| 93 | +# Register Microsoft.Insights provider. |
| 94 | +Register-AzResourceProvider -ProviderNamespace 'Microsoft.Insights' |
| 95 | +``` |
| 96 | + |
| 97 | +# [**Azure CLI**](#tab/cli) |
| 98 | + |
| 99 | +*Microsoft.Insights* provider must be registered to successfully log traffic in a virtual network. If you aren't sure if the *Microsoft.Insights* provider is registered, use [az provider register](/cli/azure/provider#az-provider-register) to register it. |
| 100 | + |
| 101 | +```azurecli-interactive |
| 102 | +# Register Microsoft.Insights provider. |
| 103 | +az provider register --namespace 'Microsoft.Insights' |
| 104 | +``` |
| 105 | + |
| 106 | +--- |
| 107 | + |
| 108 | +## Related content |
| 109 | + |
| 110 | +- [Audit and deploy NSG flow logs using Azure Policy](nsg-flow-logs-policy-portal.md) |
| 111 | +- [NSG flow logs](nsg-flow-logs-overview.md) |
| 112 | +- [Traffic analytics](traffic-analytics.md) |
0 commit comments