Network watcher log is disabled but provisioning state shows as failed. I can still see the logs being written to storage account whereas ideally it should be disabled.

Question

I've configured the logs to be written to storage account whereas ideally it should be disabled.

Even though status on Network Watcher states its disabled, the logs are being written continually.

Can you help as to what changes are to be carried out to disable this permanently?

Answer 1

@Venkata Subrahmanian, Kumara Vikraman (Cognizant) ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I am afraid I did not quite understand what logs you are speaking of.

• Is it NSG Flow Logs?
  • If so, you can follow the steps mentioned here : Disable a flow log
  • Note : If traffic analytics is enabled for a flow log, it must disabled before you can disable the flow log. To disable traffic analytics, see Change a flow log.
• Can you please share the screenshot where the Flow Logs status shows disabled?
• If the provisioning state is "Failed" - it means the goal state did not properly update in the backend
  • You can consider enabling and disabling the flow log once again, and see if that helps.
  • In case this results in an error, please let me know what the error message says
• Also, try using the powershell commands

To disable

# Place the network security group properties into a variable.
$nsg = Get-AzNetworkSecurityGroup -Name 'myNSG' -ResourceGroupName 'myResourceGroup'

# Place the storage account properties into a variable.
$sa = Get-AzStorageAccount -Name 'myStorageAccount' -ResourceGroupName 'myResourceGroup'

# Update the NSG flow log.
Set-AzNetworkWatcherFlowLog -Enabled $false -Name 'myFlowLog' -Location 'eastus' -TargetResourceId $nsg.Id -StorageId $sa.Id

Or is this a different log you are speaking of?

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil