The Virtual Network (VNet) Flow Logs event is a feature of Microsoft Azure Network Watcher. You can use the flow logs to
log information about the IP traffic that is flowing through a virtual network.
Before you begin
To configure the VNet flow logs in the Microsoft Azure, complete the
below prerequisites.
- Configure Event Hub, Consumer Group and
Storage Account.
Attention: If these tools are already created in
your azure portal, you can skip the create process and gather the name of the tool.
- Create a Resource Group for the same Region as
that of the VNet flow logs. For more information, see Create resource groups.
- Create a new Event Hubs namespace and enter the Resource
Group and Region. For more information, see Create an Event Hubs namespace.
- Create an Event Hub under the Event Hub namespace.
For more information, see Create an event hub.
- Create a shared access policy under the Event Hub. Assign
Send and Listen access and configure the
Event Hub Connection String.
- Create a consumer group under the Event Hub.
- From the Storage Account's Access Key, fetch the Storage Account Connection
String.
Procedure
- Create a Virtual Network with data traffic before you enable the
VNet flow logs. For more information, see Create a virtual network and an Azure Bastion
host.
- Create a Log Analytics Workspace by entering the
Resource Group and Region. For more information, see
Create a Log Analytics workspace.
- Enable Network Watcher and add the Region
for which you are configuring the VNet flow logs. For more information, see
Enable Network Watcher for your region.
- Enable VNet flow log.
- Gather the Region, the Virtual Network,
the Storage Account, and the Log Analytics
Workspace.
- Enter the information in the below command. For more information, see Create, change, enable, disable, or delete VNet flow logs using the Azure
CLI.
az network watcher flow-log create --location <region> --name <myVNetFlowLog> --resource-group <myResourceGroup> --vnet <myVNet> --storage-account <myStorageAccount> --workspace <myWorkspace> --interval 10 --traffic-analytics true
- Create Traffic Analytics.
- Navigate to the Log Analytics Workspace.
- Select Data Export and click Create Export
Rule.
- Enter the rule Name and select the table name
NTANetAnalytics.
- Select Event Hub as the Destination
name.
- Enter a Subscription.
- Enter the Event Hub Workspace name and Event Hub name.
- Click Create.
- After completing the above steps, add the Event Hub Connection String, Consumer
Group name and Storage Account String to the Log Source. The
events are now recorded as per the configurations.