Microsoft Azure Traffic Log Configuration
Có thể bạn quan tâm
FortiCWP consolidates Azure cloud traffic logs of all virtual private cloud resources and present in a graphical user interface. By enabling traffic log, FortiCWP lets you be able to monitor all inbound and outbound traffic visually, and remediate suspicious activities on Azure Cloud. To activate Traffic feature on FortiCWP, Azure flow logs needs to be enabled.
Prerequisites
An active Azure Cloud account installed on FortiCWP is required to enable Traffic logging.
To utilize traffic log from Azure Cloud, an active virtual machine with network watcher is required to activate this feature on FortiCWP. Network Security Group flow logging also requires Microsoft Insights to create flow logs.
Enable Network Watcher
- In Azure Portal, in the top search field, search and click on Network Watcher
- Select Regions to expand it, and select ... to the right of the targeted region.
- Select Enable Network Watcher.
Register Insights Provider
- In Azure Portal, search and click on Subscriptions.
- Select the subscription you want to enable the provider.
- Select Resource providers under Settings.
- Make sure microsoft.insights provider is Registered. If it is Unregistered, select Register.
Enable NSG flow log
- NSG flow log requires an Azure Storage account to store the flow logs. To create an Azure Storage account, select +Create a resource at the top left corner of the portal.
- Select Storage, and then select Storage account.
- Enter Storage account name, Location, and select a Resource group, then select Create.
- Search and click on Network Watcher in the top of Azure portal.
- Select NSG flow logs under LOGS.
- From the list of NSG flow logs, select (virtual machine name)-nsg.
- Under Flow logs settings, select On.
- Select flow logging version. Version 2 contains flow session statistics.
- Select the storage account created earlier in step 3.
- Set Retention(days) to 5 and then select Save.
The storage account may take around a few minutes to create. If you are using an existing storage account, make sure that the storage account has All networks(default) selected for Firewalls and virtual networks, under Setting in storage account.
Download/View flow log
- From Network Watcher portal, select NSG flow logs under LOGS.
- Select "You can download flow logs from configured storage accounts", as shown in the following:
- Select the storage account from step 2 of Enable NSG flow log.
- Under Blob service, select Blobs, and then select the insights-logs-networksecuritygroupflowevent container.
- In the container navigate the folder hierachy until you get to a PT1H.json file. Log files are in the following naming convention:
- Select ... to the right of the JSON file and select download to view the JSON file.
https://{storageAccountName}.blob.core.windows.net/insights-logs-networksecuritygroupflowevent/resourceId=/SUBSCRIPTIONS/{subscriptionID}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/{nsgName}/y={year}/m={month}/d={day}/h={hour}/m=00/macAddress={macAddress}/PT1H.json
After verifying you can download and view the JSON file, the setting on Azure Cloud is completed. Now FortiCWP is able to capture traffic flow logs and present in Traffic.
Reference
Log network traffic to and from a virtual machine using the Azure portal.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal#enable-nsg-flow-log
Từ khóa » View Nsg Flow Logs In Log Analytics
-
Checking Allowed And Denied Traffic In Network Security Groups ...
-
Read NSG Flow Logs | Microsoft Docs
-
Introduction To Flow Logging For NSGs - Azure Network Watcher
-
Viewing Traffic To Azure VMs Using NSG Flow Logs - Dave Farinelli
-
Understanding Azure Logs From A Security Perspective — Part 2
-
NSG Flow Logging And Accessing - Stack Overflow
-
Azure Networking – Identifying Flows Blocked By NSGs Using Traffic ...
-
Azure Network Insights With Traffic Analytics
-
Azure Network Monitoring - Azure NSG Flow Logs - YouTube
-
NSG Traffic Analytics With An Azure Monitor Workbook
-
Ingest Network Flow Logs From Microsoft Azure Network Watcher
-
Erjosito/get_nsg_logs: How To Retrieve NSG Logs Via Python - GitHub
-
Azure-docs/virtual-network-nsg-manage- At Main - GitHub
-
Azure NSG Flow Logs Analysis With The ELK Stack