Microsoft.Network networkWatchers/flowLogs

• Latest
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-08-01
• 2021-05-01
• 2021-03-01
• 2021-02-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2019-12-01
• 2019-11-01

Bicep resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2024-03-01' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    enabled: bool
    enabledFilteringCriteria: 'string'
    flowAnalyticsConfiguration: {
      networkWatcherFlowAnalyticsConfiguration: {
        enabled: bool
        trafficAnalyticsInterval: int
        workspaceId: 'string'
        workspaceRegion: 'string'
        workspaceResourceId: 'string'
      }
    }
    format: {
      type: 'string'
      version: int
    }
    retentionPolicy: {
      days: int
      enabled: bool
    }
    storageId: 'string'
    targetResourceId: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

FlowLogFormatParameters

Name	Description	Value
type	The file type of flow log.	'JSON'
version	The version (revision) of the flow log.	int

FlowLogPropertiesFormat

Name	Description	Value
enabled	Flag to enable/disable flow logging.	bool
enabledFilteringCriteria	Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged.	string
flowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsProperties
format	Parameters that define the flow log format.	FlowLogFormatParameters
retentionPolicy	Parameters that define the retention policy for flow log.	RetentionPolicyParameters
storageId	ID of the storage account which is used to store the flow log.	string (required)
targetResourceId	ID of network security group to which flow log will be applied.	string (required)

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/networkWatchers/flowLogs

Name	Description	Value
identity	FlowLog resource Managed Identity	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
parent	In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource.	Symbolic name for resource of type: networkWatchers
properties	Properties of the flow log.	FlowLogPropertiesFormat
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

ResourceTags

Name	Description	Value

RetentionPolicyParameters

Name	Description	Value
days	Number of days to retain flow log records.	int
enabled	Flag to enable/disable retention.	bool

TrafficAnalyticsConfigurationProperties

Name	Description	Value
enabled	Flag to enable/disable traffic analytics.	bool
trafficAnalyticsInterval	The interval in minutes which would decide how frequently TA service should do flow analytics.	int
workspaceId	The resource guid of the attached workspace.	string
workspaceRegion	The location of the attached workspace.	string
workspaceResourceId	Resource Id of the attached workspace.	string

TrafficAnalyticsProperties

Name	Description	Value
networkWatcherFlowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsConfigurationProperties

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File	Description
Enable NSG Flow Logs	This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics	This template creates a NSG Flow log on an existing NSG with traffic analytics

ARM template resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkWatchers/flowLogs",
  "apiVersion": "2024-03-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "enabled": "bool",
    "enabledFilteringCriteria": "string",
    "flowAnalyticsConfiguration": {
      "networkWatcherFlowAnalyticsConfiguration": {
        "enabled": "bool",
        "trafficAnalyticsInterval": "int",
        "workspaceId": "string",
        "workspaceRegion": "string",
        "workspaceResourceId": "string"
      }
    },
    "format": {
      "type": "string",
      "version": "int"
    },
    "retentionPolicy": {
      "days": "int",
      "enabled": "bool"
    },
    "storageId": "string",
    "targetResourceId": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

FlowLogFormatParameters

Name	Description	Value
type	The file type of flow log.	'JSON'
version	The version (revision) of the flow log.	int

FlowLogPropertiesFormat

Name	Description	Value
enabled	Flag to enable/disable flow logging.	bool
enabledFilteringCriteria	Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged.	string
flowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsProperties
format	Parameters that define the flow log format.	FlowLogFormatParameters
retentionPolicy	Parameters that define the retention policy for flow log.	RetentionPolicyParameters
storageId	ID of the storage account which is used to store the flow log.	string (required)
targetResourceId	ID of network security group to which flow log will be applied.	string (required)

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/networkWatchers/flowLogs

Name	Description	Value
apiVersion	The api version	'2024-03-01'
identity	FlowLog resource Managed Identity	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the flow log.	FlowLogPropertiesFormat
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Network/networkWatchers/flowLogs'

ResourceTags

Name	Description	Value

RetentionPolicyParameters

Name	Description	Value
days	Number of days to retain flow log records.	int
enabled	Flag to enable/disable retention.	bool

TrafficAnalyticsConfigurationProperties

Name	Description	Value
enabled	Flag to enable/disable traffic analytics.	bool
trafficAnalyticsInterval	The interval in minutes which would decide how frequently TA service should do flow analytics.	int
workspaceId	The resource guid of the attached workspace.	string
workspaceRegion	The location of the attached workspace.	string
workspaceResourceId	Resource Id of the attached workspace.	string

TrafficAnalyticsProperties

Name	Description	Value
networkWatcherFlowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsConfigurationProperties

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
Enable NSG Flow Logs	This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics	This template creates a NSG Flow log on an existing NSG with traffic analytics

Terraform (AzAPI provider) resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

• Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/flowLogs@2024-03-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  body = jsonencode({
    properties = {
      enabled = bool
      enabledFilteringCriteria = "string"
      flowAnalyticsConfiguration = {
        networkWatcherFlowAnalyticsConfiguration = {
          enabled = bool
          trafficAnalyticsInterval = int
          workspaceId = "string"
          workspaceRegion = "string"
          workspaceResourceId = "string"
        }
      }
      format = {
        type = "string"
        version = int
      }
      retentionPolicy = {
        days = int
        enabled = bool
      }
      storageId = "string"
      targetResourceId = "string"
    }
  })
  tags = {
    {customized property} = "string"
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

FlowLogFormatParameters

Name	Description	Value
type	The file type of flow log.	'JSON'
version	The version (revision) of the flow log.	int

FlowLogPropertiesFormat

Name	Description	Value
enabled	Flag to enable/disable flow logging.	bool
enabledFilteringCriteria	Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged.	string
flowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsProperties
format	Parameters that define the flow log format.	FlowLogFormatParameters
retentionPolicy	Parameters that define the retention policy for flow log.	RetentionPolicyParameters
storageId	ID of the storage account which is used to store the flow log.	string (required)
targetResourceId	ID of network security group to which flow log will be applied.	string (required)

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/networkWatchers/flowLogs

Name	Description	Value
identity	FlowLog resource Managed Identity	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
parent_id	The ID of the resource that is the parent for this resource.	ID for resource of type: networkWatchers
properties	Properties of the flow log.	FlowLogPropertiesFormat
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Network/networkWatchers/flowLogs@2024-03-01"

ResourceTags

Name	Description	Value

RetentionPolicyParameters

Name	Description	Value
days	Number of days to retain flow log records.	int
enabled	Flag to enable/disable retention.	bool

TrafficAnalyticsConfigurationProperties

Name	Description	Value
enabled	Flag to enable/disable traffic analytics.	bool
trafficAnalyticsInterval	The interval in minutes which would decide how frequently TA service should do flow analytics.	int
workspaceId	The resource guid of the attached workspace.	string
workspaceRegion	The location of the attached workspace.	string
workspaceResourceId	Resource Id of the attached workspace.	string

TrafficAnalyticsProperties

Name	Description	Value
networkWatcherFlowAnalyticsConfiguration	Parameters that define the configuration of traffic analytics.	TrafficAnalyticsConfigurationProperties