View Azure NSG Flow Logs In Powershell

PowerShell on Arch Linux – pikedom.com

Azure can be chatty at the best of time and NSG flow logs are no exception. With this large volume comes cost and ingesting them into your SIEM may add to the pocket. Because of this, I created a simple script to display the NSG logs in a standard format. The reason being is reading this can be tiresome, especially when working in quantity:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview

Instead you can use something like Azure_NSGLogger to make life easier.
https://github.com/securethelogs/Powershell/blob/master/Azure/Azure_NSGLogger.ps1

All you need to do is download your JSON file within your storage account which hosts your NSG logs (Help) . Once you have the file, run the script, give the location of file (Full path) and read …. simple.

Azure_NSGLogger gives multiple options, such as the GUI option for those not wanting console view:

This method allows you to dynamically filter and search through the logs. Alternative options would be to either display all within Powershell or to filter by IP or Port.

Hopefully you find this useful and for similar scripts, please visit my GitHub: https://github.com/securethelogs 🙂

4 thoughts on “View Azure NSG Flow Logs In Powershell

    1. Because unless I’m wrong there is a pre-req to have Log analytics enable which comes at a cost? All I’ve heard about LA is be very careful enabling as it’s where all the money goes.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s