แก้ไข

แชร์ผ่าน


Create, change, enable, disable, or delete virtual network flow logs using the Azure CLI

Virtual network flow logging is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an Azure virtual network. For more information about virtual network flow logging, see Virtual network flow logs overview.

In this article, you learn how to create, change, enable, disable, or delete a virtual network flow log using the Azure CLI. You can learn how to manage a virtual network flow log using the Azure portal or PowerShell.

Prerequisites

Register insights provider

Microsoft.Insights provider must be registered to successfully log traffic in a virtual network. If you aren't sure if the Microsoft.Insights provider is registered, use az provider register to register it.

# Register Microsoft.Insights provider.
az provider register --namespace Microsoft.Insights

Enable virtual network flow logs

Use az network watcher flow-log create to create a virtual network flow log.

# Create a VNet flow log.
az network watcher flow-log create --location eastus --resource-group myResourceGroup --name myVNetFlowLog --vnet myVNet --storage-account myStorageAccount

Enable virtual network flow logs and traffic analytics

Use az monitor log-analytics workspace create to create a traffic analytics workspace, and then use az network watcher flow-log create to create a virtual network flow log that uses it.

# Create a traffic analytics workspace.
az monitor log-analytics workspace create --name myWorkspace --resource-group myResourceGroup --location eastus

# Create a VNet flow log.
az network watcher flow-log create --location eastus --name myVNetFlowLog --resource-group myResourceGroup --vnet myVNet --storage-account myStorageAccount --workspace myWorkspace --interval 10 --traffic-analytics true

List all flow logs in a region

Use az network watcher flow-log list to list all flow log resources in a particular region in your subscription.

# Get all flow logs in East US region.
az network watcher flow-log list --location eastus --out table

View virtual network flow log resource

Use az network watcher flow-log show to see details of a flow log resource.

# Get the flow log details.
az network watcher flow-log show --name myVNetFlowLog --resource-group NetworkWatcherRG --location eastus

Download a flow log

To download virtual network flow logs from your storage account, use the az storage blob download command.

Virtual network flow log files are saved to the storage account at the following path:

https://{storageAccountName}.blob.core.windows.net/insights-logs-flowlogflowevent/flowLogResourceID=/SUBSCRIPTIONS/{subscriptionID}/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_{Region}/FLOWLOGS/{FlowlogResourceName}/y={year}/m={month}/d={day}/h={hour}/m=00/macAddress={macAddress}/PT1H.json

Note

You can also access and download VNet flow logs files from the storage account container using the Azure Storage Explorer. Storage Explorer is a standalone app that you can conveniently use to access and work with Azure Storage data. For more information, see Get started with Storage Explorer.

Disable traffic analytics on flow log resource

To disable traffic analytics on the flow log resource and continue to generate and save virtual network flow logs to a storage account, use az network watcher flow-log update.

# Update the VNet flow log.
az network watcher flow-log update --location eastus --name myVNetFlowLog --resource-group myResourceGroup --vnet myVNet --storage-account myStorageAccount --traffic-analytics false

Delete a virtual network flow log resource

To delete a virtual network flow log resource, use az network watcher flow-log delete.

# Delete the VNet flow log.
az network watcher flow-log delete --name myVNetFlowLog --location eastus

Next steps