Azure NSG Setup (Resource Manager method)
This document provides instructions for configuring the collection of Azure NSG Flow Logs. There are three methods shown. The first being in the Azure Portal, second Azure CLI, and third Azure Resource Manager (ARM) template.
Requirements
Before you begin configuring NSG Flow Log collection, make sure the following environment prerequisites are met:
- Your Storage Account must be of type General-purpose v2 or Blob storage.
- Your Network Security Group and Storage Account should be in the same region.
- NSG Flow Logs do not work with storage accounts that have hierarchical namespace enabled.
ARM Template Steps
- Register Insights provider
- Configure Network Security Group
- Run ARM Template
Register Insights provider
NSG flow logging requires the Microsoft.Insights provider. To register the provider, complete the following steps:
- In the top, left corner of the portal, select All services. In the Filter box, type Subscriptions. When Subscriptions appear in the search results, select it.
- From the list of subscriptions, select the subscription you want to enable the provider for.
- Select Resource providers, under Settings.
- Confirm that the Status for the microsoft.insights provider is Registered, as shown in the picture that follows. If the status is Unregistered, then select Register, at the top of the table.
Configure Azure storage account
To create a general-purpose v2 storage account in the Azure portal, follow these steps:
- On the Azure portal menu, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
- On the Storage Accounts window that appears, choose Add.
- Select the subscription in which to create the storage account.
- Under the Resource group field, select the resource group that you want to create storage on.
- Next, enter a name for your storage account. The name you choose must be unique across Azure. The name also must be between 3 and 24 characters in length, and can include numbers and lowercase letters only.
- Select a location for your storage account.
- Leave these fields set to their default values:
| Deployment mode | Resource Manager |
| Performance | Standard |
| Account kind | StorageV2 (general-purpose v2) |
| Replication | Read-access geo-redundant storage (RA-GRS) |
| Access tier | Hot |
- Select Review + Create to review your storage account settings and create the account.
- Select Create.
Run ARM Template
https://neto-downloads.s3.amazonaws.com/azure/vpc-flow-logs/netography_azure_flowlogs.json
Follow this URL to open the template in the Azure portal (Sign-in required)
- Select the Subscription the resource is in.
- Select the Resource Group the resource is in.
- Select the Location the resource is in.
- Enter the Network Watcher Name Prefix or leave the default value.
- Enter the Flow Log Name or leave the default value.
- Select if NSG is to be created by the template or already exists. The NSG must be in the same resource group and location.
- Enter the NSG Name of the existing or new NSG.
- Review and agree to Azure's terms
- Click Purchase
Netography Portal Steps
Navigate to Flow Sources, and click "Add Flow Source", then select Azure NSG
Configuration
The following fields are specific to the Azure configuration.
| Field | Required | Description |
|---|---|---|
Region | yes | Location of the flow source |
Container Name | yes | Storage Account's Container Name |
Subscription ID | yes | Network Security Group's subscription ID |
Resource Group | yes | Network Security Group's Resource Group |
Network Security Group | yes | Network Security Group's Name |
Authentication
AThe following fields are necessary for the integration to authenticate with Azure NSG.
Account Name | yes | The account name to use for this stream |
|---|---|---|
Account Name | yes | The Storage Account's Access Name to use for this stream |
Account Key | yes | Storage Account's Access Key for authenticating to this stream |
Updated 20 days ago