# Azure NSG Flow Logs Setup

This document provides instructions for configuring the collection of Azure Network Security Group (NSG) Flow Logs.

The 3 methods covered are:

* Micrsoft Azure Portal
* Microsoft Azure Command Line Interface (CLI)
* Microsoft Azure Resource Manager template

### Requirements <a href="#requirements" id="requirements"></a>

Before you begin configuring NSG Flow Log collection, make sure the following environment prerequisites are met:

* Your Storage Account must be of type General-purpose v2 or Blob storage.
* Your Network Security Group and Storage Account should be in the same region.
* NSG Flow Logs do not work with storage accounts that have hierarchical namespace enabled.

### Azure Steps <a href="#azure-steps" id="azure-steps"></a>

1. Register Insights provider
2. Configure Network Security Group
3. Configure Storage account
4. Configure Network Watcher
5. Enable NSG flow logs

#### Register Insights provider <a href="#register-insights-provider" id="register-insights-provider"></a>

NSG flow logging requires the Microsoft.Insights provider. To register the provider, complete the following steps:

1. In the top, left corner of the portal, select All services. In the Filter box, type Subscriptions. When Subscriptions appear in the search results, select it.
2. From the list of subscriptions, select the subscription you want to enable the provider for.
3. Select *Resource providers*, under *Settings*.
4. Confirm that the *Status* for the microsoft.insights provider is *Registered*, as shown in the picture that follows. If the status is Unregistered, then select *Register*, at the top of the table.

   ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-e4dca9b3976de05f9e678b561ef3b4b6bc4b9842%2Fb7e0ab12752c08758959796cb58078115c00e1a1b2b436430050e5a6788be89f.png?alt=media)

#### Create Network Security Group <a href="#create-network-security-group" id="create-network-security-group"></a>

1. In the top, left corner of the portal, select *All services*. In the Filter box, type *Network security groups*. When Network security groups appear in the search results, select it.
2. On the Network security groups window that appears, choose *Create.*
3. Select the subscription in which to create the storage account.
4. Under the *Resource group* field, select the resource group that you want to create the NSG on.
5. Next, enter a name for your network security group. The name you choose must be unique across Azure.
6. Select a region for your network security group to match the resource group

   ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-b32618cdf254bdbf19afc240b38f1a7d985315cc%2Fb4e60a997951e670bbbbbef53ef092596292349e4ce41b0e630a7b39e3f20b40.png?alt=media)
7. Select Review + Create to review your network security group settings and create the nsg.
8. Select Create.

#### Configure Azure storage account <a href="#configure-azure-storage-account" id="configure-azure-storage-account"></a>

To create a general-purpose v2 storage account in the Azure portal, follow these steps:

1. On the Azure portal menu, select *All services*. In the list of resources, type *Storage Accounts*. As you begin typing, the list filters based on your input. Select *Storage Accounts*.
2. On the Storage Accounts window that appears, choose *Add.*
3. Select the subscription in which to create the storage account.
4. Under the Resource group field, select the resource group that you want to create storage on.
5. Next, enter a name for your storage account. The name you choose must be unique across Azure. The name also must be between 3 and 24 characters in length, and can include numbers and lowercase letters only.
6. Select a location for your storage account.
7. Leave these fields set to their default values:

| Field           | Value                                      |
| --------------- | ------------------------------------------ |
| Deployment mode | Resource Manager                           |
| Performance     | Standard                                   |
| Account kind    | StorageV2 (general-purpose v2)             |
| Redundancy      | Read-access geo-redundant storage (RA-GRS) |
| Access tier     | Hot                                        |

1. Select Review + Create to review your storage account settings and create the account.
2. Select Create.

#### Configure Network Watcher <a href="#configure-network-watcher" id="configure-network-watcher"></a>

1. In the portal, select *All services*. In the Filter box, enter *Network Watcher*. When Network Watcher appears in the results, select it.
2. Select *Regions*, to expand it, and then select ... to the right of your desired region.
3. Select Enable Network Watcher.

#### Enable NSG flow logs <a href="#enable-nsg-flow-logs" id="enable-nsg-flow-logs"></a>

1. In the top, left corner of the portal, select *All services*. In the Filter box, type *Network Watcher*. When Network Watcher appears in the search results, select it.
2. Under Logs, select *Flow logs*
3. From the list of NSGs, select the NSG you created in step 2.
4. Under Flow logs settings, select On.
5. Select the Flow Logs Version. Version 2 contains flow-session statistics (Bytes and Packets)
6. Select the storage account that you created in step 3.
7. Set Retention (days) to 1, and then select Save.

### Netography Portal Steps <a href="#netography-portal-steps" id="netography-portal-steps"></a>

1. Navigate to "Traffic Sources"
2. Click "Add Traffic Source".
3. Click the "Show Advanced" button at the top of the page.
4. Click "Azure NSG".

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-67297209079f33a1faf20607f10dd04b671158ed%2F57d8618e8fc385289051943ef2d83e88aac7e32a7082c2ee682d25237b123390.png?alt=media)

#### Configuration <a href="#configuration" id="configuration"></a>

The following fields are specific to the Azure configuration.

| Field                    | Required | Description                              |
| ------------------------ | -------- | ---------------------------------------- |
| `Region`                 | yes      | Location of the flow source              |
| `Container Name`         | yes      | Storage Account's Container Name         |
| `Subscription ID`        | yes      | Network Security Group's subscription ID |
| `Resource Group`         | yes      | Network Security Group's Resource Group  |
| `Network Security Group` | yes      | Network Security Group's Name            |

#### Authentication <a href="#authentication" id="authentication"></a>

The following fields are necessary for the integration to authenticate with Azure NSG.

| `Account Name` | yes | The account name to use for this stream                        |
| -------------- | --- | -------------------------------------------------------------- |
| `Account Name` | yes | The Storage Account's Access Name to use for this stream       |
| `Account Key`  | yes | Storage Account's Access Key for authenticating to this stream |