你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
使用 VNet 流日志(预览版)监视 Azure Virtual Network Manager
监视流量对于了解网络的性能以及排查问题至关重要。 管理员可以利用 VNet 流日志(预览版)来显示流量是流经 VNet 还是由 [安全管理员规则] 阻止。 VNet 流日志(预览版)是网络观察程序的一项功能。
详细了解 VNet 流日志(预览版),包括使用方法以及如何启用。
重要
VNet 流日志目前处于预览状态。 此预览版在提供时没有附带服务级别协议,不建议将其用于生产工作负荷。 某些功能可能不受支持或者受限。 有关 beta 版本、预览版或尚未正式发布的版本的 Azure 功能所适用的法律条款,请参阅 Microsoft Azure 预览版的补充使用条款。
启用 VNet 流日志(预览版)
目前,你需要在要监视的每个 VNet 上启用虚拟网络流日志(预览版)。 可以使用 PowerShell 或 Azure CLI 在 VNet 上启用虚拟网络流日志。
下面是流日志的示例
{
"records": [
{
"time": "2022-09-14T09:00:52.5625085Z",
"flowLogVersion": 4,
"flowLogGUID": "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6",
"macAddress": "00224871C205",
"category": "FlowLogFlowEvent",
"flowLogResourceID": "/SUBSCRIPTIONS/1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p7/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_EASTUS2EUAP/FLOWLOGS/VNETFLOWLOG",
"targetResourceID": "/subscriptions/1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p7/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet01",
"operationName": "FlowLogFlowEvent",
"flowRecords": {
"flows": [
{
"aclID": "9a8b7c6d-5e4f-3g2h-1i0j-9k8l7m6n5o4p3",
"flowGroups": [
{
"rule": "DefaultRule_AllowInternetOutBound",
"flowTuples": [
"1663146003599,10.0.0.6,52.239.184.180,23956,443,6,O,B,NX,0,0,0,0",
"1663146003606,10.0.0.6,52.239.184.180,23956,443,6,O,E,NX,3,767,2,1580",
"1663146003637,10.0.0.6,40.74.146.17,22730,443,6,O,B,NX,0,0,0,0",
"1663146003640,10.0.0.6,40.74.146.17,22730,443,6,O,E,NX,3,705,4,4569",
"1663146004251,10.0.0.6,40.74.146.17,22732,443,6,O,B,NX,0,0,0,0",
"1663146004251,10.0.0.6,40.74.146.17,22732,443,6,O,E,NX,3,705,4,4569",
"1663146004622,10.0.0.6,40.74.146.17,22734,443,6,O,B,NX,0,0,0,0",
"1663146004622,10.0.0.6,40.74.146.17,22734,443,6,O,E,NX,2,134,1,108",
"1663146017343,10.0.0.6,104.16.218.84,36776,443,6,O,B,NX,0,0,0,0",
"1663146022793,10.0.0.6,104.16.218.84,36776,443,6,O,E,NX,22,2217,33,32466"
]
}
]
},
{
"aclID": "b1c2d3e4-f5g6-h7i8-j9k0-l1m2n3o4p5q6",
"flowGroups": [
{
"rule": "BlockHighRiskTCPPortsFromInternet",
"flowTuples": [
"1663145998065,101.33.218.153,10.0.0.6,55188,22,6,I,D,NX,0,0,0,0",
"1663146005503,192.241.200.164,10.0.0.6,35276,119,6,I,D,NX,0,0,0,0"
]
},
{
"rule": "Internet",
"flowTuples": [
"1663145989563,20.106.221.10,10.0.0.6,50557,44357,6,I,D,NX,0,0,0,0",
"1663145989679,20.55.117.81,10.0.0.6,62797,35945,6,I,D,NX,0,0,0,0",
"1663145989709,20.55.113.5,10.0.0.6,51961,65515,6,I,D,NX,0,0,0,0",
"1663145990049,13.65.224.51,10.0.0.6,40497,40129,6,I,D,NX,0,0,0,0",
"1663145990145,20.55.117.81,10.0.0.6,62797,30472,6,I,D,NX,0,0,0,0",
"1663145990175,20.55.113.5,10.0.0.6,51961,28184,6,I,D,NX,0,0,0,0",
"1663146015545,20.106.221.10,10.0.0.6,50557,31244,6,I,D,NX,0,0,0,0"
]
}
]
}
]
}
}
]
}
后续步骤
详细了解 VNet 流日志及其使用方法。 详细了解Azure Virtual Network Manager 的事件日志选项。