Share via

How to push individual Azure storage account logs to centralized azure storage account

Maheswararaju P 11 Reputation points
2023-04-02T06:43:47.8633333+00:00

Hi Everyone,

We are planning to push any region Azure NSG flow logs to one centralized common storage account for stealwatch POC( Network security analytics tool).

For this requirement, we had deployed a azure policy that push individual nsg flow logs to individual storage accounts( Here nsg and storage location are same). So as next step, how we can configure to push all these accumulated individual flow logs of any storage accounts to one common storage account.

Thank you.

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,538 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 14,180 Reputation points MVP
    2023-04-02T20:34:34.9833333+00:00

    To aggregate the NSG flow logs from individual storage accounts into one centralized storage account, you can use Azure Functions to set up a serverless function that periodically copies the flow logs from each storage account to the centralized storage account.

    Please review the following

    https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview

    As a summary

    • Create a centralized storage account
    • Create an Azure Function App
    • Develop an Azure Function (Copy the flow logs from each container to a corresponding container)
    • Set up a timer trigger for your Azure Function
    • Deploy the Azure Function to the Azure Function App
    0 comments
  2. Sumarigo-MSFT 47,471 Reputation points Microsoft Employee Moderator
    2023-04-04T05:35:25.8966667+00:00

    @Maheswararaju P Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    To push all the accumulated individual flow logs of any storage accounts to one common storage account, you can follow the below steps: Create a new storage account that will be used as the centralized common storage account. Create a new Azure Function App that will be used to copy the NSG flow logs from the individual storage accounts to the centralized common storage account. Configure the Azure Function App to copy the NSG flow logs from the individual storage accounts to the centralized common storage account. Here are the detailed steps: Create a new storage account that will be used as the centralized common storage account. You can use the following command to create a new storage account:

    New-AzStorageAccount `
  -Location <location> `
  -<span class="active-doc-0" data-doc-items="0">Name <replace-with-your-unique-storage-account-name[1](#doc-pos=0)</span>> `
  -ResourceGroupName <resource-group-name> `
  -SkuName Standard_LRS `
  -Kind StorageV2

    Create a new Azure Function App that will be used to copy the NSG flow logs from the individual storage accounts to the centralized common storage account. You can use the following command to create a new Azure Function App:

    New-AzFunctionApp `
  -ResourceGroupName <resource-group-name> `
  -Name <function-app-name> `
  -StorageAccountName <storage-account-name> `
  -Runtime dotnet `
  -FunctionsVersion 3

    Configure the Azure Function App to copy the NSG flow logs from the individual storage accounts to the centralized common storage account2. You can use the following code as a starting point for your Azure Function:

    using System;
using System.IO;
using Microsoft.Azure.WebJobs;
using Microsoft.Extensions.Logging;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Blob;
public static void Run(TimerInfo myTimer, ILogger log)
{
    log.LogInformation($"C# Timer trigger function executed at: {DateTime.Now}");
    // Get the connection string for the centralized common storage account
    string centralizedStorageConnectionString = Environment.GetEnvironmentVariable("CentralizedStorageConnectionString");
    // <span class="active-doc-0" data-doc-items="0">Get the connection string for the individual storage accounts[1](#doc-pos=0)</span>
    string[] individualStorageConnectionStrings = Environment.GetEnvironmentVariable("IndividualStorageConnectionStrings").Split(';');
    // Get the name of the container that contains the NSG flow logs
    string containerName = Environment.GetEnvironmentVariable("ContainerName

    Reference link: Flow logs for network security groups Enable Azure Network Watcher Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments
  3. Maheswararaju P 11 Reputation points
    2023-04-11T07:13:21.41+00:00

    Hi @Sedat SALMAN / @Sumarigo-MSFT , Thanks for responding on my query. Please allow me to validate it from myside and get back to you. Thank you,

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.