Network Watchers - Set Flow Log Configuration

Service:: Network Watcher

API Version:: 2025-05-01

Configures flow log and traffic analytics (optional) on a specified resource.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}/configureFlowLog?api-version=2025-05-01

URI Parameters

Name	In	Required	Type	Description
networkWatcherName	path	True	string	The name of the network watcher.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Body

Name	Required	Type	Description
properties.enabled	True	boolean	Flag to enable/disable flow logging.
properties.storageId	True	string	ID of the storage account which is used to store the flow log.
targetResourceId	True	string	The ID of the resource to configure for flow log and traffic analytics (optional) .
flowAnalyticsConfiguration		Common.TrafficAnalyticsProperties	Parameters that define the configuration of traffic analytics.
identity		Common.ManagedServiceIdentity	FlowLog resource Managed Identity
properties.enabledFilteringCriteria		string	Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged.
properties.format		Common.FlowLogFormatParameters	Parameters that define the flow log format.
properties.recordTypes		string	Optional field to filter network traffic logs based on flow states. Value of this field could be any comma separated combination string of letters B,C,E or D. B represents Begin, when a flow is created. C represents Continue for an ongoing flow generated at every five-minute interval. E represents End, when a flow is terminated. D represents Deny, when a flow is denied. If not specified, all network traffic will be logged.
properties.retentionPolicy		Common.RetentionPolicyParameters	Parameters that define the retention policy for flow log.

Responses

Name	Type	Description
200 OK	FlowLogInformation	Azure operation completed successfully.
202 Accepted	FlowLogInformation	The request has been accepted for processing, but processing has not yet completed. Headers Location: string Retry-After: integer
Other Status Codes	ErrorResponse	An unexpected error response.

Name

Type

Description

200 OK

FlowLogInformation

Azure operation completed successfully.

202 Accepted

FlowLogInformation

The request has been accepted for processing, but processing has not yet completed.

Headers

Location: string
Retry-After: integer

Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Configure flow log

POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/configureFlowLog?api-version=2025-05-01

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {}
    }
  },
  "properties": {
    "enabled": true,
    "storageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"
  },
  "targetResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"
}

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Configures flow log and traffic analytics (optional) on a specified resource.
 *
 * @summary Configures flow log and traffic analytics (optional) on a specified resource.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/Network/stable/2025-05-01/examples/NetworkWatcherFlowLogConfigure.json
 */
async function configureFlowLog() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkWatcherName = "nw1";
  const parameters = {
    enabled: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid/resourceGroups/rg1/providers/MicrosoftManagedIdentity/userAssignedIdentities/id1":
          {},
      },
    },
    storageId:
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
    targetResourceId:
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkWatchers.beginSetFlowLogConfigurationAndWait(
    resourceGroupName,
    networkWatcherName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
        "clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
        "principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
      }
    }
  },
  "properties": {
    "enabled": true,
    "storageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"
  },
  "targetResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"
}

Status code:: 202

Location: https:/management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/configureFlowLog?api-version=2025-05-01

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
        "clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
        "principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
      }
    }
  },
  "properties": {
    "enabled": true,
    "storageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"
  },
  "targetResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"
}

Definitions

Name	Description
Common.FlowLogFormatParameters	Parameters that define the flow log format.
Common.ManagedServiceIdentity	Identity for the resource.
Common.RetentionPolicyParameters	Parameters that define the retention policy for flow log.
Common.TrafficAnalyticsConfigurationProperties	Parameters that define the configuration of traffic analytics.
Common.TrafficAnalyticsProperties	Parameters that define the configuration of traffic analytics.
ErrorDetails	Common error details representation.
ErrorResponse	The error object.
FlowLogFormatType	The file type of flow log.
FlowLogInformation	Information on the configuration of flow log and traffic analytics (optional) .
ManagedServiceIdentityUserAssignedIdentities
ResourceIdentityType	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

Common.FlowLogFormatParameters

Object

Parameters that define the flow log format.

Name	Type	Default value	Description
type	FlowLogFormatType		The file type of flow log.
version	integer (int32)	0	The version (revision) of the flow log.

Common.ManagedServiceIdentity

Object

Identity for the resource.

Name	Type	Description
principalId	string	The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
tenantId	string	The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
type	ResourceIdentityType	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
userAssignedIdentities	<string, ManagedServiceIdentityUserAssignedIdentities>	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

Common.RetentionPolicyParameters

Object

Parameters that define the retention policy for flow log.

Name	Type	Default value	Description
days	integer (int32)	0	Number of days to retain flow log records.
enabled	boolean	False	Flag to enable/disable retention.

Common.TrafficAnalyticsConfigurationProperties

Object

Parameters that define the configuration of traffic analytics.

Name	Type	Description
enabled	boolean	Flag to enable/disable traffic analytics.
trafficAnalyticsInterval	integer (int32)	The interval in minutes which would decide how frequently TA service should do flow analytics.
workspaceId	string	The resource guid of the attached workspace.
workspaceRegion	string	The location of the attached workspace.
workspaceResourceId	string	Resource Id of the attached workspace.

Common.TrafficAnalyticsProperties

Object

Parameters that define the configuration of traffic analytics.

Name	Type	Description
networkWatcherFlowAnalyticsConfiguration	Common.TrafficAnalyticsConfigurationProperties	Parameters that define the configuration of traffic analytics.

ErrorDetails

Object

Common error details representation.

Name	Type	Description
code	string	Error code.
message	string	Error message.
target	string	Error target.

ErrorResponse

Object

The error object.

Name	Type	Description
error	ErrorDetails	Error The error details object.

FlowLogFormatType

Enumeration

The file type of flow log.

Value	Description
JSON	JSON

FlowLogInformation

Object

Information on the configuration of flow log and traffic analytics (optional) .

Name	Type	Description
flowAnalyticsConfiguration	Common.TrafficAnalyticsProperties	Parameters that define the configuration of traffic analytics.
identity	Common.ManagedServiceIdentity	FlowLog resource Managed Identity
properties.enabled	boolean	Flag to enable/disable flow logging.
properties.enabledFilteringCriteria	string	Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged.
properties.format	Common.FlowLogFormatParameters	Parameters that define the flow log format.
properties.recordTypes	string	Optional field to filter network traffic logs based on flow states. Value of this field could be any comma separated combination string of letters B,C,E or D. B represents Begin, when a flow is created. C represents Continue for an ongoing flow generated at every five-minute interval. E represents End, when a flow is terminated. D represents Deny, when a flow is denied. If not specified, all network traffic will be logged.
properties.retentionPolicy	Common.RetentionPolicyParameters	Parameters that define the retention policy for flow log.
properties.storageId	string	ID of the storage account which is used to store the flow log.
targetResourceId	string	The ID of the resource to configure for flow log and traffic analytics (optional) .

ManagedServiceIdentityUserAssignedIdentities

Object

Name	Type	Description
clientId	string	The client id of user assigned identity.
principalId	string	The principal id of user assigned identity.

ResourceIdentityType

Enumeration

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

Value	Description
SystemAssigned	SystemAssigned
UserAssigned	UserAssigned
SystemAssigned, UserAssigned	SystemAssigned, UserAssigned
None	None