At the moment, it's apparently not possible to use NSG Flow Logs with secured Storage Accounts, even if the exception "Allow trusted Microsoft services to access this storage account" is enabled on the Storage Account.
It would be really helpful if you could add the Network Watcher this list of trusted Microsoft servies, so we can use secured Storage Accounts to store our NSG Flow Logs on.127 votes
NSG Flow Logs are now compatible with Secured/Firewalled storage accounts.
With this update, Service Endpoints for Microsoft storage are also supported for NSG Flow Logs.
For details on enabling this, please see the FAQ: https://docs.microsoft.com/azure/network-watcher/frequently-asked-questions#how-do-i-use-nsg-flow-logs-on-a-storage-account-with-a-firewall-or-through-a-service-endpoints
Add support to configure NSG Flow logs using Azure Resource Manager template.
The goal is to have Azure Policy to deploy NSG Flow Log configuration.122 votes
Great news! ARM Template support for NSG Flow Logs and Traffic Analytics is now available in all regions.
1. Documentation: https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager
2. Template Reference: https://docs.microsoft.com/azure/templates/microsoft.network/2019-11-01/networkwatchers/flowlogs
3. Quickstart Template: https://azure.microsoft.com/en-in/resources/templates/101-networkwatcher-flowlogs-create/
We will soon be releasing a QuickStart template to make using this feature easier. Stay tuned.
Thanks for your patience and keep your feedback on the forums coming.
Add ability to monitor and store latency between Azure VNet and On-Premises network.
We have an ExpressRoute circuit and would like to know how latency changes throughout a day, allowing us to possibly correlate it with other traffic.
For example, to record a 15 second ICMP Ping round trip every 5 minutes would be a very good start.
Bonus points: Tracking throughput would be nice too - think PsPing.exe41 votes
[Viny N] Please try Express Route Monitor – https://docs.microsoft.com/en-us/azure/expressroute/how-to-npm
Currently you can only send flow logs to a storage account. Add support for sending them to OMS.40 votes
Try out Traffic Analytics and let us know what you think!
I would like Traffic Analytics available in Canadian Regions as we have a requirement of data sovereignty. Thus our networks and log analytics workspaces must remain in Canada25 votes
Need to collect all network traffic related operation happening on a VM or at VPC. Following network details are expected to be fetched using Azure RM log analytics.
1. Source IP
2. Source Port
3. Destination IP
4. Destination Port
5. Traffic Direction
7. Action taken23 votes
This capability is available in the Network Watcher with Network Security Group Flow Logs. Network Watcher is currently in Public Preview.
Adding packet and byte count to NSG flow logs would give it parity with a number of netFlow analysis tools. Analyzing flows by data transferred is much more useful than counting flows and provides much better insight into the network.
While WireData may provide this additional data it is (1) not available everywhere, (2) provides data redundant to NSG Flow, and (3) requires agent to get the necessary data.13 votes
I have a scenario where 8 VNETs, from 8 different subscriptions are connected to a single ER Circuit. Today, NPM needs that I create 8 different OMS Workspaces to be able to monitor each VNET individually. I wish that we could add VNETs from different Subscription in the same OMS Workspace/NPM Solution, and have a single pane to monitor them all.10 votes
The current implementation of IP flow verify in network watcher shows the name of the rule that is matched for allowing/denying traffic. It doesn't show the name of the effective NSG itself (only the rule in an NSG). A useful addition would be to show the name of the NSG in additional to the matched rule. A click through to the NSG for instant changes would help as well.7 votes
Feature complete. IPFlowVerify shows the name of the NSG matched and also links to it.
It shows the rule that blocked the request but doesn't show any details around the person trying to hit your resource.
It shows the IP address of the Azure resource that they were trying to hit as well.
It would be nice to see how much blocked traffic we're getting from a specific client for troubleshooting or for ensuring we don't have anyone trying to breach the network on that endpoint.7 votes
Scheduled connectivity check
Check functionality is fine. I want to get email when check is completed and failed. So we need recurring checks.6 votes
Try out Connection Monitor and let us know what you think!
Connection monitor enables scenarios like monitoring connectivity from a VM in a virtual network to a VM running SQL server in the same or different virtual network, over port 1433. Connection monitor provides you connection latency as an Azure Monitor metric, recorded every 60 seconds. It also provides you a hop-by-hop topology, and identifies configuration issues impacting your connection.
The vNet/Monitor/Diagram blade is great.
However it would be better if it also included vNet peerings.
Currently those are not shown on the diagram.
Also it would be good to select multiple RGs (in case they have connected resources.4 votes
Thanks for your feedback, this is available.
When will the service be available in Asia Pacific regions?1 vote
I enabled traffic analytics dashboard to get insights from NSGs and after one hour, I still don't see any data on the dashboard.
when I open the dashboard, it doesn't show my log analytics workspace:
"Looks like you do not have any Log Analytics workspace under the selected Log Anaytics subscriptions. Try changing the Log Analytics subscriptions selection."
Is there anything I can try to fix it?1 vote
It would be useful if there is an option to trigger an Alert directly from the Network Watcher Connection Monitor when the result of a Monitor is UnReachable.1 vote
[Viny N] Traffic Analytics is now avaialble in France Central – https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#supported-regions
- Don't see your idea?