CloudAcademy
  1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Managing Connectivity with Azure Network Watcher

Logs

The course is part of these learning paths

AZ-103 Exam Preparation: Microsoft Azure Administrator
course-steps 15 certification 6 lab-steps 6
AZ-101 Exam Preparation: Microsoft Azure Integration and Security
course-steps 11 certification 4 lab-steps 5

Contents

keyboard_tab
Introduction
Troubleshooting Connections
3
Next Hop1m 56s
Summary
10
Summary2m 31s
play-arrow
Start course
Overview
DifficultyAdvanced
Duration38m
Students175

Description

When you have network connections that are critical to your business, it’s important to monitor them at all times. Azure Network Watcher is a collection of network monitoring and troubleshooting tools. Not only does it allow you to set up automated monitoring, but it also gives you a suite of tools that will allow you to diagnose almost any network issue.

In this course, you’ll learn about both troubleshooting and monitoring. We’ll start with the troubleshooting tools: IP Flow Verify, Security Group View, Next Hop, Connection Troubleshoot, and VPN Troubleshoot. Then you’ll see how to use the monitoring and analysis tools: Connection Monitor, Logs, Traffic Analytics, and Network Performance Monitor.

Learning Objectives

  • Use Network Watcher’s troubleshooting tools to diagnose Azure networking issues
  • Configure Network Watcher’s monitoring tools to alert you when there are critical network issues
  • Use Network Watcher’s analysis tools to get a more comprehensive view of networking issues

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 or AZ-300 exam

Prerequisites

  • Basic knowledge of Azure virtual networks

 

To see the full range of Microsoft Azure Content, visit the Azure Training Library.

Transcript

The Connection Monitor is very useful, but if you have intermittent networking issues, or if you have a large number of connections to keep track of, you'll need to get more detailed information. That's where logs come in. Network Watcher has two kinds of logs. NSG flow logs and Diagnostic Logs. An NSG flow log keeps track of what traffic was allowed through an NSG and what was denied on a per rule basis. In some regions, it also records throughput information. Diagnostic logs track both NSGs and network interfaces, but they don't record as much information about NSG events as flow logs do, so I'm not going to go through the diagnostic logs. When you click on NSG flow logs, it comes back with a list of network security groups. You can filter them by selecting a resource group. To enable logging on an NSG, click on it, and then change the status to On. Next, select a storage account. The retention is how long you want to keep log records. By default, it's set to zero, which actually means keep them forever, so if you want to reduce your storage costs, you can set it to something between one and 365 days. I'll set it to 30. 

You should also turn Traffic Analytics on. This is a really cool feature that I'll show you later. Then you have to select an OMS workspace. If you don't already have one, you can create one here. When you're done, click Save. It takes a while before the logs are available, so I'll show you one that I enabled earlier. Go to Storage Accounts, click on the one where you said you wanted to store it, and then click Blobs. The container is called insights-logs-networksecuritygroupflowevent. The log file is buried in a deep hierarchy of folders, so I'm just going to keep clicking for a while. At this point, there will be a separate folder for every NSG. Now, all of the folders are date or time related. I'll click through them until we get to the most recent one. The final folder is the MAC address of the network interface for the flow. The log is in JSON format. Download the file to have a look at it. First, it lists a rule. In this case, it's the DenyAllInBound rule. Then it lists the flows that went through that rule. For each flow, it shows the time stamp, the source IP, the destination IP, the source port, the destination port, whether it was TCP or UDP, whether it was inbound or outbound, and whether it was allowed or denied. If this were a Version Two flow log, then it would also contain throughput data. This fine-grained data could be really useful if you're trying to track down a difficult security filtering issue. But in most cases, you'd probably rather look at a high-level overview of what's happening with your networks. To find out how, go to the next lesson.

About the Author

Students12792
Courses41
Learning paths20

Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).