Install Guide
Azure Network Watcher Flow Log Configuration
In the Azure portal, navigate to the Network Watcher service, then click Logs > Flow Logs from the menu.
If flow logs are already configured, click the existing flow log settings to check the storage account. If flow logs are not configured, you need to create a new flow log of the Network Security Group type. Set an appropriate retention period, as flow logs will automatically be deleted from the storage account after the specified retention period.
Azure Storage Account Access Key
Navigate to the Storage Accounts service and select the storage account where Network Watcher stores the flow logs. From the menu, click Security + Networking > Access Keys.
In the Access Keys screen, click the Show button next to Connection string, then click the clipboard icon to copy the connection string.
Connect Profile Setup
See this document to add a connect profile.
The following fields are required:
- Name: A unique name to identify the connect profile
- Identifier: A unique identifier for the connect profile to use in Logpresso queries, etc.
- Type:
Azure NSG Flow - Storage Connection String: The connection string you copied to the clipboard in the previous step
- Container Name: The container where NSG flow logs (blob objects starting with
resourceId=/SUBSCRIPTIONS/) are stored
Logger Setup
To add a logger, see this document. The dashboards and datasets installed by default refer to tables whose names start with AZURE_NSG.
The following fields are required:
- Name: A unique name to identify the logger
- Interval: 60 seconds
- Storage/Data Source: Select the appropriate node based on your Logpresso platform configuration
- Logger Model:
Azure NSG Flow (Storage Account) - Table: Enter a table name that starts with
AZURE_NSG - Connect Profile: The identifier you specified when setting up the connect profile