az network watcher flow-log

Manage network security group flow logging.

For more information about configuring flow logs visit https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli.

Commands

az network watcher flow-log configure

Configure flow logging on a network security group.

az network watcher flow-log create

Create a flow log on a network security group.

az network watcher flow-log delete

Delete the specified flow log resource.

az network watcher flow-log list

List all flow log resources for the specified Network Watcher.

az network watcher flow-log show

Get the flow log configuration of a network security group.

az network watcher flow-log update

Update the flow log configuration of a network security group.

az network watcher flow-log configure

Configure flow logging on a network security group.

az network watcher flow-log configure --nsg
                                      [--enabled {false, true}]
                                      [--format {JSON}]
                                      [--interval]
                                      [--log-version]
                                      [--resource-group]
                                      [--retention]
                                      [--storage-account]
                                      [--subscription]
                                      [--traffic-analytics {false, true}]
                                      [--workspace]

Examples

Enable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled true --nsg MyNsg --storage-account MyStorageAccount

Disable NSG flow logs.

az network watcher flow-log configure -g MyResourceGroup --enabled false --nsg MyNsg

Required Parameters

--nsg

Name or ID of the Network Security Group to target.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true
default value: true
--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

--log-version

Version (revision) of the flow log.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

az network watcher flow-log create

Create a flow log on a network security group.

az network watcher flow-log create --location
                                   --name
                                   --nsg
                                   [--enabled {false, true}]
                                   [--format {JSON}]
                                   [--interval]
                                   [--log-version]
                                   [--resource-group]
                                   [--retention]
                                   [--storage-account]
                                   [--subscription]
                                   [--tags]
                                   [--traffic-analytics {false, true}]
                                   [--workspace]

Examples

Create a flow log with Network Security Group name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nsg MyNetworkSecurityGroupName --storage-account account

Create a flow log with Network Security Group ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --nsg MyNetworkSecurityGroupID --storage-account account

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

Optional Parameters

--enabled

Enable logging.

accepted values: false, true
default value: true
--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60
--log-version

Version (revision) of the flow log.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

az network watcher flow-log delete

Delete the specified flow log resource.

az network watcher flow-log delete --location
                                   --name
                                   [--subscription]

Examples

Delete the specified flow log resource. (autogenerated)

az network watcher flow-log delete --location westus2 --name MyFlowLogger --subscription MySubscription

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log list

List all flow log resources for the specified Network Watcher.

az network watcher flow-log list --location
                                 [--query-examples]
                                 [--subscription]

Examples

List all flow log resources for the specified Network Watcher. (autogenerated)

az network watcher flow-log list --location westus2

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log show

Get the flow log configuration of a network security group.

az network watcher flow-log show [--location]
                                 [--name]
                                 [--nsg]
                                 [--query-examples]
                                 [--resource-group]
                                 [--subscription]

Examples

Show NSG flow logs. (Deprecated)

az network watcher flow-log show -g MyResourceGroup --nsg MyNsg

Show NSG flow logs with Azure Resource Management formatted.

az network watcher flow-log show --location MyNetworkWatcher --name MyFlowLog

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg

Name or ID of the network security group.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher flow-log update

Update the flow log configuration of a network security group.

az network watcher flow-log update --location
                                   --name
                                   [--add]
                                   [--enabled {false, true}]
                                   [--force-string]
                                   [--format {JSON}]
                                   [--interval]
                                   [--log-version]
                                   [--nsg]
                                   [--remove]
                                   [--resource-group]
                                   [--retention]
                                   [--set]
                                   [--storage-account]
                                   [--subscription]
                                   [--tags]
                                   [--traffic-analytics {false, true}]
                                   [--workspace]

Examples

Update storage account with name to let resource group identify the storage account and network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountname

Update storage account with ID to let location identify the network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountid

Update Network Security Group on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nsg MyNSG

Update Workspace on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --workspace MyAnotherLogAnalyticWorkspace

Required Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enabled

Enable logging.

accepted values: false, true
default value: true
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--format

File type of the flow log.

accepted values: JSON
--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

default value: 60
--log-version

Version (revision) of the flow log.

--nsg

Name or ID of the network security group.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

accepted values: false, true
--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.