azure-networkwatcher-flow-logs

Download Network Watcher flow logs for a specified time range from Azure Storage account.

Syntax

azure-networkwatcher-flow-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]

profile=PROFILE: Optional. Azure Network Watcher flow logs connect profile code
duration=NUM{mon|w|d|h|m|s}: Optional. Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss: Optional. Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss: Optional. End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.

Field	Type	Name	Description
_time	Date	Event time
profile	String	Connect profile	Azure Network Watcher flow logs connect profile code.
cloud_resource_group	String	Cloud resource group	Resource group name
cloud_resource_name	String	Cloud resource name	Resource name
direction	String	Direction	e.g. outbound, inbound
src_ip	IP address	Source IP
src_port	Integer	Source port
dst_ip	IP address	Destination IP
dst_port	Integer	Destination port
protocol	String	Protocol	e.g. TCP, UDP
policy	String	Policy	Security rule name
action	String	Action	e.g. PERMIT, DENY
state	String	State	e.g. start, end, continue, deny
total_bytes	Long	Total bytes	Sum of sent_bytes and rcvd_bytes.
sent_bytes	Long	Sent bytes	Bytes from client to server.
rcvd_bytes	Long	Received bytes	Bytes from server to client.
total_pkts	Long	Total packets	Sum of sent_pkts and rcvd_pkts.
sent_pkts	Long	Sent packets	Packets from client to server.
rcvd_pkts	Long	Received packets	Packets from server to client.
cloud_resource	String	Cloud resource	Full qualified Azure resource name
blob_path	String	Blob path	Origin blob
acl_id	String	ACL ID
mac	String	MAC address
encryption	String	Encryption	e.g. X, NX, NX_HW_NOT_SUPPORTED ...