You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/nsg-flow-logs-migrate.md
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: halkazwini
6
6
ms.author: halkazwini
7
7
ms.service: network-watcher
8
8
ms.topic: how-to
9
-
ms.date: 05/09/2024
9
+
ms.date: 05/10/2024
10
10
ms.custom: devx-track-azurepowershell
11
11
12
12
#CustomerIntent: As an Azure administrator, I want to migrate my network security group flow logs to the new virtual network flow logs so that I can use all the benefits of virtual network flow logs, which overcome some of the network security group flow logs limitations.
@@ -18,10 +18,15 @@ In this article, you learn how to migrate your existing network security group f
18
18
19
19
> [!NOTE]
20
20
> Use the migration script:
21
-
> - when you don't have flow logging enabled on all network interfaces or subnets in a virtual network and you don't want to enable virtual network flow logging on all of them.
22
-
> - when your network security group flow logs in a virtual network have different configurations.
21
+
> - when you don't have flow logging enabled on all network interfaces or subnets in a virtual network and you don't want to enable virtual network flow logging on all of them, or
22
+
> - when your network security group flow logs in a virtual network have different configurations, and you want to create virtual network flow logs with those different configurations as the network security group flow logs.
23
23
>
24
-
> If you have the same network security group applied to all network interfaces or subnets in a virtual network, you can use Azure Policy to create virtual network flow logs. For more information, see [Deploy and configure virtual network flow logs using a built-in policy](vnet-flow-logs-policy.md#deploy-and-configure-virtual-network-flow-logs-using-a-built-in-policy).
24
+
> Use Azure Policy:
25
+
> - when you have the same network security group applied to all network interfaces or subnets in a virtual network,
26
+
> - when you have the same network security group flow log configurations for all network interfaces or subnets in a virtual network, or
27
+
> - when you want to enable virtual network flow logging on the virtual network level.
28
+
>
29
+
> For more information, see [Deploy and configure virtual network flow logs using a built-in policy](vnet-flow-logs-policy.md#deploy-and-configure-virtual-network-flow-logs-using-a-built-in-policy).
25
30
26
31
## Prerequisites
27
32
@@ -136,7 +141,7 @@ In this section, you learn how to use the script file that you downloaded in the
136
141
> [!NOTE]
137
142
> If network security group flow logging is not enabled on all network interfaces of the scale set, or the network interfaces don't share the same network security group flow log, then a virtual network flow log is created on the subnet with the same configurations as one of the network interfaces of the scale set.
138
143
139
-
- **PaaS**: The migration script doesn't support environments with PaaS solutions that point to resources in different subscriptions. For such environments, you should manually enable virtual network flow logging on the virtual network or subnet of the PaaS solution.
144
+
- **PaaS**: The migration script doesn't support environments with PaaS solutions that have network security group flow logs in a user's subscription but target resources are in different subscriptions. For such environments, you should manually enable virtual network flow logging on the virtual network or subnet of the PaaS solution.
0 commit comments