Skip to content

Enable NSG Flow Logs

Steps

  1. Go to Resource Groups section in Azure portal
  2. Click on create button.
  3. Select the subscription and provide a name for this new resource group.
  4. Select a region. (example: (US) East US)
  5. Click "Review + create" button.
  6. Go to storage accounts section.
  7. Click on Create button.
  8. Select subscription and resource group that was just created.
  9. Select the same region as the resource group.
  10. Provide a name for the storage account.
  11. Click "Review + create" button. This will create a storage account where nsg flow log will be stored.
  12. Go to subscription section and find your subscription.
  13. Navigate to resource providers.
  14. Ensure that microsoft.insights provider is registered. If it is not registered, click on Register button.
  15. Go to Network Watcher section.
  16. Click on Add and add the regions that you want nsg flow logs to be enabled.
  17. Go to Network Watcher -> NSG flow logs.
  18. Create flow logs for the NSG where you want to enable NSG flow log. Provide the storage account created above and retention days as 30.
  19. Navigate to the storage account created and click on Events.
  20. Click on Event Subscription
  21. Provide a name for this event subscription.
  22. Select the resource group that was created above.
  23. Provide a System Topic Name.
  24. For Filter to Event Types, default is "Blob Created" and "Blob Deleted".
  25. For Endpoint Type, select "Web Hook".
  26. Click on the "Select an endpoint" link.
  27. Subscriber Endpoint is https://prod1-webhook.vtxsecurityservices.com:8093/webhook/<tenant_name>/azure. Tenant name is assigned by Valtix.