Azure: Enable NSG Flow Logs
To enable Azure VPC flow logs, follow the below steps.
Procedure
Step 1 | In the Security Cloud Control platform menu, choose . |
Step 2 | Go to the Resource Groups section in Azure portal. |
Step 3 | Click the Create button. |
Step 4 | Choose the subscription and provide a name for this new resource group. |
Step 5 | Select a Region. (example: (US) East US). |
Step 6 | Click the Review + create button. |
Step 7 | Go to the storage accounts section and click the Create button. |
Step 8 | Select the Subscription and Resource group that was just created. |
Step 9 | Select the same region as the resource group. |
Step 10 | Provide a name for the storage account. Note that Redundancy cannot be locally-redundant storage(LRS) |
Step 11 | Click the Review + create button. This creates a storage account where NSG flow logs are stored. |
Step 12 | Go to the Subscription section and find the subscription that was recently created. |
Step 13 | Navigate to Resource Providers. |
Step 14 | Ensure that the |
Step 15 | Go to the Network Watcher section. |
Step 16 | Click Add and add the regions that you want NSG flow logs to be enabled for. |
Step 17 | Go to . |
Step 18 | Create flow logs for the NSG where you want to enable NSG flow log. Provide the storage account created above. Set the Retention days as 30. |
Step 19 | Navigate to the storage account created and click on Events. |
Step 20 | Click Event Subscription. |
Step 21 | Provide a name for this event subscription. |
Step 22 | Select the resource group that was created above. |
Step 23 | Provide a System Topic Name. |
Step 24 | For Filter to Event Types, the default value is Blob Created and Blob Deleted. |
Step 25 | For Endpoint Type, select Web Hook. |
Step 26 | Click the Select an endpoint link. The Subscriber Endpoint is |