az network watcher flow-log
Manage network security group flow logging.
For more information about configuring flow logs visit https://free.blessedness.top/azure/network-watcher/network-watcher-nsg-flow-logging-cli.
Commands
| Name | Description | Type | Status | 
|---|---|---|---|
| az network watcher flow-log create | Create a flow log on a network security group. | Core | GA | 
| az network watcher flow-log delete | Delete the specified flow log resource. | Core | GA | 
| az network watcher flow-log list | List all flow log resources for the specified Network Watcher. | Core | GA | 
| az network watcher flow-log show | Get the flow log configuration of a network security group. | Core | GA | 
| az network watcher flow-log update | Update the flow log configuration of a network security group. | Core | GA | 
| az network watcher flow-log wait | Place the CLI in a waiting state until a condition is met. | Core | GA | 
az network watcher flow-log create
Create a flow log on a network security group.
az network watcher flow-log create --name
                                   [--enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--filtering-criteria]
                                   [--format {JSON}]
                                   [--identity]
                                   [--interval]
                                   [--location]
                                   [--log-version]
                                   [--nic]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--nsg]
                                   [--resource-group]
                                   [--retention]
                                   [--storage-account]
                                   [--subnet]
                                   [--tags]
                                   [--traffic-analytics {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--user-assigned-identity]
                                   [--vnet]
                                   [--workspace]Examples
Create a flow log with Network Security Group name
az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nsg MyNetworkSecurityGroupName --storage-account accountCreate a flow log with VNet name
az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --vnet MyVNetName --storage-account accountCreate a flow log with Subnet name
az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --vnet MyVNetName --subnet MySubnetName --storage-account accountCreate a flow log with NIC name
az network watcher flow-log create --location westus --resource-group MyResourceGroup --name MyFlowLog --nic MyNICName --storage-account accountCreate a flow log with Network Security Group ID (could be in other resource group)
az network watcher flow-log create --location westus --name MyFlowLog --nsg MyNetworkSecurityGroupID --storage-account accountCreate a flow log with Virtual Network ID (could be in other resource group)
az network watcher flow-log create --location westus --name MyFlowLog --vnet MyVNetID --storage-account accountCreate a flow log with Subnet ID (could be in other resource group)
az network watcher flow-log create --location westus --name MyFlowLog --subnet SubnetID --storage-account accountCreate a flow log with Network Interface ID (could be in other resource group)
az network watcher flow-log create --location westus --name MyFlowLog --nic MyNetworkInterfaceID --storage-account accountCreate or update flow log
az network watcher flow-log create --location westus --resource-group MtRGContainingVNet --name MyVNetName-flowlog --vnet MyVNetName --storage-account MyStorageAccountName  --filtering-criteria "dstip=20.252.145.59 || DstPort=443"Required Parameters
The name of the flow logger.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Enable logging. Default: true.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Optional field to filter flowlogs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all flowlogs will be logged.
| Property | Value | 
|---|---|
| Parameter group: | Properties Arguments | 
File type of the flow log.
| Property | Value | 
|---|---|
| Parameter group: | Format Arguments | 
| Accepted values: | JSON | 
FlowLog resource Managed Identity Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value | 
|---|---|
| Parameter group: | Parameters Arguments | 
Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
| Default value: | 60 | 
Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.
Version (revision) of the flow log.
| Property | Value | 
|---|---|
| Parameter group: | Format Arguments | 
| Default value: | 0 | 
Name or ID of the Network Interface (NIC) Resource.
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Name or ID of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Number of days to retain logs.
Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.
Name or ID of Subnet.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable traffic analytics. Defaults to true if --workspace is provided.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Name or ID of the ManagedIdentity Resource.
Name or ID of the Virtual Network Resource.
Name or ID of a Log Analytics workspace. Must be in the same region of flow log.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network watcher flow-log delete
Delete the specified flow log resource.
az network watcher flow-log delete --name
                                   [--location]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Delete the specified flow log resource.
az network watcher flow-log delete --location westus2 --name MyFlowLoggerRequired Parameters
The name of the flow logger.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network watcher flow-log list
List all flow log resources for the specified Network Watcher.
az network watcher flow-log list [--location]
                                 [--max-items]
                                 [--next-token]Examples
List all flow log resources for the specified Network Watcher.
az network watcher flow-log list --location westus2Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region. When not specified, the location of the resource group will be used.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value | 
|---|---|
| Parameter group: | Pagination Arguments | 
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value | 
|---|---|
| Parameter group: | Pagination Arguments | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network watcher flow-log show
Get the flow log configuration of a network security group.
az network watcher flow-log show [--location]
                                 [--name]
                                 [--nsg]
                                 [--resource-group]Examples
Show NSG flow logs. (Deprecated)
az network watcher flow-log show -g MyResourceGroup --nsg MyNsgShow NSG flow logs with Azure Resource Management formatted.
az network watcher flow-log show --location MyNetworkWatcher --name MyFlowLogOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.
The name of the flow logger.
Argument 'nsg' has been deprecated and will be removed in a future release. Use '--location and --name combination' instead.
Name or ID of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network watcher flow-log update
Update the flow log configuration of a network security group.
az network watcher flow-log update --location
                                   --name
                                   [--add]
                                   [--enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--filtering-criteria]
                                   [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--format {JSON}]
                                   [--identity]
                                   [--interval]
                                   [--log-version]
                                   [--nic]
                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--nsg]
                                   [--remove]
                                   [--resource-group]
                                   [--retention]
                                   [--set]
                                   [--storage-account]
                                   [--subnet]
                                   [--tags]
                                   [--traffic-analytics {0, 1, f, false, n, no, t, true, y, yes}]
                                   [--user-assigned-identity]
                                   [--vnet]
                                   [--workspace]Examples
Update storage account with name to let resource group identify the storage account and network watcher
az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountnameUpdate storage account with ID to let location identify the network watcher
az network watcher flow-log update --location westus --resource-group MyResourceGroup --name MyFlowLog --storage-account accountidUpdate Network Security Group on another resource group
az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nsg MyNSGUpdate Virtual Network on another resource group
az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --vnet MyVNetUpdate Subnet on another resource group
az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --vnet MyVNet --subnet MySubnetUpdate Network Interface on another resource group
az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --nic MyNICUpdate Workspace on another resource group
az network watcher flow-log update --location westus --resource-group MyAnotherResourceGroup --name MyFlowLog --workspace MyAnotherLogAnalyticWorkspaceRequired Parameters
Location to identify the exclusive Network Watcher under a region. Only one Network Watcher can be existed per subscription and region.
The name of the flow logger.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs.  Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
Enable logging.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Update condition to filter flowlogs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all flowlogs will be logged.
| Property | Value | 
|---|---|
| Parameter group: | Properties Arguments | 
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
File type of the flow log.
| Property | Value | 
|---|---|
| Parameter group: | Format Arguments | 
| Accepted values: | JSON | 
FlowLog resource Managed Identity Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value | 
|---|---|
| Parameter group: | Parameters Arguments | 
Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
Version (revision) of the flow log.
| Property | Value | 
|---|---|
| Parameter group: | Format Arguments | 
Name or ID of the Network Interface (NIC) Resource.
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Name or ID of the network security group.
Remove a property or an element from a list.  Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Number of days to retain logs.
Update an object by specifying a property path and value to set.  Example: --set property1.property2=<value>.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
Name or ID of the storage account in which to save the flow logs. Must be in the same region of flow log.
Name or ID of Subnet.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable traffic analytics. Defaults to true if --workspace is provided.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Name or ID of the ManagedIdentity Resource.
Name or ID of the Virtual Network Resource.
Name or ID of a Log Analytics workspace. Must be in the same region of flow log.
| Property | Value | 
|---|---|
| Parameter group: | Traffic Analytics Arguments | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network watcher flow-log wait
Place the CLI in a waiting state until a condition is met.
az network watcher flow-log wait [--created]
                                 [--custom]
                                 [--deleted]
                                 [--exists]
                                 [--ids]
                                 [--interval]
                                 [--name]
                                 [--network-watcher-name]
                                 [--resource-group]
                                 [--subscription]
                                 [--timeout]
                                 [--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
Wait until deleted.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Wait until the resource exists.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Polling interval in seconds.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | 30 | 
The name of the flow logger.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
The name of the network watcher.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Maximum wait in seconds.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | 3600 | 
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False |