Del via

az network watcher flow-log

  • Reference

Manage network security group flow logging.

For more information about configuring flow logs visit https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli.

Commands

Name Description Type Status
az network watcher flow-log create

Create a flow log on a network security group.

 Core GA
az network watcher flow-log delete

Delete the specified flow log resource.

 Core GA
az network watcher flow-log list

List all flow log resources for the specified Network Watcher.

 Core GA
az network watcher flow-log show

Get the flow log configuration of a network security group.

 Core GA
az network watcher flow-log update

Update the flow log configuration of a network security group.

 Core GA
az network watcher flow-log wait

Place the CLI in a waiting state until a condition is met.

 Core GA

az network watcher flow-log create

Edit

Create a flow log on a network security group.

az network watcher flow-log create --name
                                   [--enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--format {JSON}]
                                   [--identity]
                                   [--interval]
                                   [--location]
                                   [--log-version]
                                   [--nic]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--nsg]
                                   [--resource-group]
                                   [--retention]
                                   [--storage-account]
                                   [--subnet]
                                   [--tags]
                                   [--traffic-analytics {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--user-assigned-identity]
                                   [--vnet]
                                   [--workspace]

Examples

Create a flow log with Network Security Group name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nsg MyNetworkSecurityGroupName --storage-account account

Create a flow log with VNet name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --vnet MyVNetName --storage-account account

Create a flow log with Subnet name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --vnet MyVNetName --subnet MySubnetName --storage-account account

Create a flow log with NIC name

az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nic MyNICName --storage-account account

Create a flow log with Network Security Group ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --nsg MyNetworkSecurityGroupID --storage-account account

Create a flow log with Virtual Network ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --vnet MyVNetID --storage-account account

Create a flow log with Subnet ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --subnet SubnetID --storage-account account

Create a flow log with Network Interface ID (could be in other resource group)

az network watcher flow-log create --location westus --name MyFlowLog --nic MyNetworkInterfaceID --storage-account account

Required Parameters

--name -n

The name of the flow logger.

Optional Parameters

--enabled

Enable logging. Default: true.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--format

File type of the flow log.

Accepted values: JSON
--identity

FlowLog resource Managed Identity Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

Default value: 60
--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.

--log-version

Version (revision) of the flow log.

Default value: 0
--nic

Name or ID of the Network Interface (NIC) Resource.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--nsg

Name or ID of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subnet

Name or ID of Subnet.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--user-assigned-identity

Name or ID of the ManagedIdentity Resource.

--vnet

Name or ID of the Virtual Network Resource.

--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log delete

Edit

Delete the specified flow log resource.

az network watcher flow-log delete --name
                                   [--location]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Delete the specified flow log resource.

az network watcher flow-log delete --location westus2 --name MyFlowLogger

Required Parameters

--name -n

The name of the flow logger.

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log list

Edit

List all flow log resources for the specified Network Watcher.

az network watcher flow-log list [--location]

Examples

List all flow log resources for the specified Network Watcher.

az network watcher flow-log list --location westus2

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log show

Edit

Get the flow log configuration of a network security group.

az network watcher flow-log show [--location]
                                 [--name]
                                 [--nsg]
                                 [--resource-group]

Examples

Show NSG flow logs. (Deprecated)

az network watcher flow-log show -g MyResourceGroup --nsg MyNsg

Show NSG flow logs with Azure Resource Management formatted.

az network watcher flow-log show --location MyNetworkWatcher --name MyFlowLog

Optional Parameters

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.

--name -n

The name of the flow logger.

--nsg
Deprecated

Argument 'nsg' has been deprecated and will be removed in a future release. Use '--location and --name combination' instead.

Name or ID of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log update

Edit

Update the flow log configuration of a network security group.

az network watcher flow-log update --name
                                   [--add]
                                   [--enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--format {JSON}]
                                   [--identity]
                                   [--interval]
                                   [--location]
                                   [--log-version]
                                   [--nic]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--nsg]
                                   [--remove]
                                   [--resource-group]
                                   [--retention]
                                   [--set]
                                   [--storage-account]
                                   [--subnet]
                                   [--tags]
                                   [--traffic-analytics {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--user-assigned-identity]
                                   [--vnet]
                                   [--workspace]

Examples

Update storage account with name to let resource group identify the storage account and network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountname

Update storage account with ID to let location identify the network watcher

az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountid

Update Network Security Group on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nsg MyNSG

Update Virtual Network on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --vnet MyVNet

Update Subnet on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --vnet MyVNet --subnet MySubnet

Update Network Interface on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nic MyNIC

Update Workspace on another resource group

az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --workspace MyAnotherLogAnalyticWorkspace

Required Parameters

--name -n

The name of the flow logger.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enabled

Enable logging.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--format

File type of the flow log.

Accepted values: JSON
--identity

FlowLog resource Managed Identity Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--interval

Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.

--location -l

Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.

--log-version

Version (revision) of the flow log.

--nic

Name or ID of the Network Interface (NIC) Resource.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--nsg

Name or ID of the network security group.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention

Number of days to retain logs.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--storage-account

Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.

--subnet

Name or ID of Subnet.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--traffic-analytics

Enable traffic analytics. Defaults to true if --workspace is provided.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--user-assigned-identity

Name or ID of the ManagedIdentity Resource.

--vnet

Name or ID of the Virtual Network Resource.

--workspace

Name or ID of a Log Analytics workspace. Must be in the same region of flow log.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher flow-log wait

Edit

Place the CLI in a waiting state until a condition is met.

az network watcher flow-log wait [--created]
                                 [--custom]
                                 [--deleted]
                                 [--exists]
                                 [--ids]
                                 [--interval]
                                 [--name]
                                 [--network-watcher-name]
                                 [--resource-group]
                                 [--subscription]
                                 [--timeout]
                                 [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

The name of the flow logger.

--network-watcher-name

The name of the network watcher.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.