Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format. The reason being is reading this can be tiresome, especially when working in quantity:
Instead you can use something like Azure_NSGLogger to make life easier.
All you need to do is download your JSON file within your storage account which hosts your NSG logs (Help) . Once you have the file, run the script, give the location of file (Full path) and read …. simple.
Azure_NSGLogger gives multiple options, such as the GUI option for those not wanting console view:
This method allows you to dynamically filter and search through the logs. Alternative options would be to either display all within Powershell or to filter by IP or Port.
Hopefully you find this useful and for similar scripts, please visit my GitHub: https://github.com/securethelogs 🙂