Set-AzNetworkWatcherConfigFlowLog
Configures flow logging for a target resource.
Syntax
SetFlowlogByResourceWithoutTA (Default)
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByResourceWithTAByResource
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-Workspace <IOperationalInsightWorkspace>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByResourceWithTAByDetails
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcher <PSNetworkWatcher>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByNameWithTAByResource
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-Workspace <IOperationalInsightWorkspace>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByNameWithTAByDetails
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByNameWithoutTA
Set-AzNetworkWatcherConfigFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByLocationWithTAByResource
Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-Workspace <IOperationalInsightWorkspace>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByLocationWithTAByDetails
Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
-WorkspaceResourceId <String>
-WorkspaceGUID <String>
-WorkspaceLocation <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsInterval <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetFlowlogByLocationWithoutTA
Set-AzNetworkWatcherConfigFlowLog
-Location <String>
-TargetResourceId <String>
-EnableFlowLog <Boolean>
-StorageAccountId <String>
[-EnableRetention <Boolean>]
[-RetentionInDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AzNetworkWatcherConfigFlowLog configures flow logging for a target resource.
Properties to configure include: whether or not flow logging is enabled for the resource provided, the configured storage account to send logs, the flow logging format, and the retention policy for the logs.
Currently Network Security Groups are supported for flow logging.
Examples
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}
In this example we configure flow logging status for a Network Security Group. In the response, we see the specified NSG has flow logging enabled, default format, and no retention policy set.
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -FormatVersion 2
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 2
}
In this example, we configure flow logging on a Network Security Group (NSG) with version 2 logs specified. In the response, we see the specified NSG has flow logging enabled, the format is set, and there is no retention policy configured. If the region does not support version you specified, Network Watcher will write the default supported version in the region.
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
$workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": true,
"workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"workspaceRegion": "WorkspaceLocation",
"workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/WorkspaceRg/providers/microsoft.operationalinsights/workspaces/WorkspaceName",
"TrafficAnalyticsInterval": 60
}
}
In this example we configure flow logging status and Traffic Analytics for a Network Security Group. In the response, we see the specified NSG has flow logging and Traffic Analytics enabled, default format, and no retention policy set.
$NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG
$storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123"
$workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics:$false -Workspace $workspace
TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG
StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123
Enabled : True
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type ": "Json",
"Version": 1
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": false,
"workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"workspaceRegion": "WorkspaceLocation",
"workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/WorkspaceRg/providers/microsoft.operationalinsights/workspaces/WorkspaceName",
"TrafficAnalyticsInterval": 60
}
}
In this example we disable Traffic Analytics for a Network Security Group which has flow logging and Traffic Analytics configured earlier. In the response, we see the specified NSG has flow logging enabled but Traffic Analytics disabled.
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableFlowLog
Flag to enable/disable flow logging.
Parameter properties
Type: Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-EnableRetention
Flag to enable/disable retention.
Parameter properties
Type: Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-EnableTrafficAnalytics
Flag to enable/disable retention.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: EnableTA
Parameter sets
SetFlowlogByResourceWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByLocationWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Type of flow log format.
Type: String
Default value: None Supports wildcards: False DontShow: False
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
Version of flow log format.
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Location
Location of the network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByLocationWithTAByResource
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByLocationWithoutTA
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-NetworkWatcher
The network watcher resource.
Parameter properties
Type: PSNetworkWatcher
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByResourceWithoutTA
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByResourceWithTAByResource
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-NetworkWatcherName
The name of network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Name
Parameter sets
SetFlowlogByNameWithTAByResource
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithoutTA
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the network watcher resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByNameWithTAByResource
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByNameWithoutTA
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-RetentionInDays
Number of days to retain flow log records.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-StorageAccountId
ID of the storage account which is used to store the flow log.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TargetResourceId
The target resource ID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TrafficAnalyticsInterval
Gets or sets the interval (in minutes) which would decide how frequently TA service should do flow analytics. Supported values are 10 and 60 minutes.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByResourceWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByLocationWithTAByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Workspace
The WS object which is used to store the traffic analytics data.
Parameter properties
Parameter sets
SetFlowlogByResourceWithTAByResource
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WorkspaceGUID
GUID of the WS which is used to store the traffic analytics data.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WorkspaceLocation
Azure Region of the WS which is used to store the traffic analytics data.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WorkspaceResourceId
Subscription of the WS which is used to store the traffic analytics data.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetFlowlogByResourceWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByNameWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SetFlowlogByLocationWithTAByDetails
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes
Keywords: azure, azurerm, arm, resource, management, manager, network, networking, watcher, flow, logs, flowlog, logging
