Install Guide
Configure NSG Flow Logs
In the Azure portal, navigate to the Network Watcher service, then click Logs > Flow Logs from the menu.
If flow logs are already configured, click the existing configuration to check the Storage Account name. If not, create a new flow log of the Network Security Group type. Set a proper retention period (days) so logs are deleted automatically after that period.
Get Azure Storage Account Access Key
Navigate to the Storage Accounts service and select the storage account where Network Watcher stores the flow logs. From the menu, go to Security + Networking > Access Keys.
In the Access Keys screen, click the Show button next to Connection string, then click the clipboard icon to copy it.
Configure Connection Profile
See this document to add a connect profile.
The following fields are required:
- Name: A unique name to identify the connect profile
- Identifier: A unique identifier for the connect profile to use in Logpresso queries, etc.
- Type:
Azure NSG Flow - Storage Connection String: The connection string you copied to the clipboard in the previous step
- Container Name: The container where NSG flow logs (blob objects starting with
resourceId=/SUBSCRIPTIONS/) are stored
Configure Logger
See this document to add a logger. The dashboards and datasets installed by default refer to tables whose names start with AZURE_NSG.
Required fields are highlighted in light blue:
- Name: Unique name to identify the logger
- Interval: 60 seconds
- Storage/Data Source: Select the appropriate node based on your Logpresso platform configuration.
- Logger Model:
Azure NSG Flow (Storage Account) - Table: Enter a table name that starts with
AZURE_NSG. - Connect Profile: The identifier you specified when setting up the connect profile