Azure: Enable VNet Flow Logs
To enable Azure VPC/VNet flow logs, follow the below steps.
Procedure
Step 1 | Go to the Resource Groups section in Azure portal. |
Step 2 | Click the Create button. |
Step 3 | Choose the subscription and provide a name for this new resource group. |
Step 4 | Select a Region. (example: (US) East US). |
Step 5 | Click the Review + create button. |
Step 6 | Go to the storage accounts section and click the Create button. |
Step 7 | Select the Subscription and Resource group that was just created. |
Step 8 | Select the same region as the resource group. |
Step 9 | Provide a name for the storage account. Note that Redundancy cannot be locally-redundant storage(LRS) |
Step 10 | Click the Review + create button. This creates a storage account where VNet flow logs are stored. |
Step 11 | Go to the Subscription section and find the subscription that was recently created. |
Step 12 | Navigate to Resource Providers. |
Step 13 | Ensure that the |
Step 14 | Go to the Network Watcher section. |
Step 15 | Click Add and add the regions that you want VNet flow logs to be enabled for. |
Step 16 | Go to . |
Step 17 | Create flow logs for the VNet where you want to enable VNet flow log. Provide the storage account created above. Set the Retention days as 30. |
Step 18 | Navigate to the storage account created and click Events. |
Step 19 | Click Event Subscription. |
Step 20 | Provide a name for this event subscription. |
Step 21 | Select the resource group that was created above. |
Step 22 | Provide a System Topic Name. |
Step 23 | For Filter to Event Types, the default value is Blob Created and Blob Deleted. |
Step 24 | For Endpoint Type, select Web Hook. |
Step 25 | Click the Select an endpoint link. The Subscriber Endpoint is |