Viewing Traffic to Azure VMs using NSG Flow Logs

Setting up NSG flow logs allows for viewing the traffic coming in through a network security group. This can be useful for a few things:

You’ll need the following to get started with this guide:


Go into Network Watcher and click on ‘NSG Flow Logs’:

Turn on Flow logs, and select the storage account to store logs in. A few notes here:

Accessing Logs

For viewing the logs, you can either use the Azure Portal or use the Microsoft Azure Storage Explorer.

View the insights-logs-networksecuritygroupflowevent container in the configured storage account.

Access the PT1H.json file.

The number associates to the following:

  1. Timestamp
  2. Inbound IP (coming in from Internet)
  3. Outbound IP (going through the NSG)
  4. Inbound Port
  5. Outbound Port
  6. Protocol
  7. Traffic Flow (I – Inbound, O – Outbound)
  8. Acceptance (A – Allowed, D – Denied)