使用 VNet 流量記錄監視 Azure 虛擬網絡 管理員 (預覽)
監視流量對於瞭解網路執行方式以及疑難解答問題非常重要。 系統管理員可以利用 VNet 流量記錄 (預覽) 來顯示流量是透過 [安全性系統管理員規則] 在 VNet 上流經或封鎖。 VNet 流量記錄 (預覽) 是 網路監看員 的功能。
深入瞭解 VNet 流量記錄 (預覽) ,包括使用量和如何啟用。
重要
VNet 流量記錄目前為預覽狀態。 此預覽版本是在沒有服務等級協定的情況下提供,不建議用於生產工作負載。 可能不支援特定功能,或可能已經限制功能。 請參閱 Microsoft Azure 預覽版增補使用規定,以了解適用於 Azure 功能 (搶鮮版 (Beta)、預覽版,或尚未正式發行的版本) 的法律條款。
開啟 VNet 流量記錄 (預覽)
目前,您必須在您想要監視的每個 VNet 上啟用 虛擬網絡 流量記錄(預覽)。 您可以使用 PowerShell 或 Azure CLI 在 VNet 上啟用 虛擬網絡 流量記錄。
以下是流程記錄的範例
{
"records": [
{
"time": "2022-09-14T09:00:52.5625085Z",
"flowLogVersion": 4,
"flowLogGUID": "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6",
"macAddress": "00224871C205",
"category": "FlowLogFlowEvent",
"flowLogResourceID": "/SUBSCRIPTIONS/1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p7/RESOURCEGROUPS/NETWORKWATCHERRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKWATCHERS/NETWORKWATCHER_EASTUS2EUAP/FLOWLOGS/VNETFLOWLOG",
"targetResourceID": "/subscriptions/1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p7/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet01",
"operationName": "FlowLogFlowEvent",
"flowRecords": {
"flows": [
{
"aclID": "9a8b7c6d-5e4f-3g2h-1i0j-9k8l7m6n5o4p3",
"flowGroups": [
{
"rule": "DefaultRule_AllowInternetOutBound",
"flowTuples": [
"1663146003599,10.0.0.6,52.239.184.180,23956,443,6,O,B,NX,0,0,0,0",
"1663146003606,10.0.0.6,52.239.184.180,23956,443,6,O,E,NX,3,767,2,1580",
"1663146003637,10.0.0.6,40.74.146.17,22730,443,6,O,B,NX,0,0,0,0",
"1663146003640,10.0.0.6,40.74.146.17,22730,443,6,O,E,NX,3,705,4,4569",
"1663146004251,10.0.0.6,40.74.146.17,22732,443,6,O,B,NX,0,0,0,0",
"1663146004251,10.0.0.6,40.74.146.17,22732,443,6,O,E,NX,3,705,4,4569",
"1663146004622,10.0.0.6,40.74.146.17,22734,443,6,O,B,NX,0,0,0,0",
"1663146004622,10.0.0.6,40.74.146.17,22734,443,6,O,E,NX,2,134,1,108",
"1663146017343,10.0.0.6,104.16.218.84,36776,443,6,O,B,NX,0,0,0,0",
"1663146022793,10.0.0.6,104.16.218.84,36776,443,6,O,E,NX,22,2217,33,32466"
]
}
]
},
{
"aclID": "b1c2d3e4-f5g6-h7i8-j9k0-l1m2n3o4p5q6",
"flowGroups": [
{
"rule": "BlockHighRiskTCPPortsFromInternet",
"flowTuples": [
"1663145998065,101.33.218.153,10.0.0.6,55188,22,6,I,D,NX,0,0,0,0",
"1663146005503,192.241.200.164,10.0.0.6,35276,119,6,I,D,NX,0,0,0,0"
]
},
{
"rule": "Internet",
"flowTuples": [
"1663145989563,20.106.221.10,10.0.0.6,50557,44357,6,I,D,NX,0,0,0,0",
"1663145989679,20.55.117.81,10.0.0.6,62797,35945,6,I,D,NX,0,0,0,0",
"1663145989709,20.55.113.5,10.0.0.6,51961,65515,6,I,D,NX,0,0,0,0",
"1663145990049,13.65.224.51,10.0.0.6,40497,40129,6,I,D,NX,0,0,0,0",
"1663145990145,20.55.117.81,10.0.0.6,62797,30472,6,I,D,NX,0,0,0,0",
"1663145990175,20.55.113.5,10.0.0.6,51961,28184,6,I,D,NX,0,0,0,0",
"1663146015545,20.106.221.10,10.0.0.6,50557,31244,6,I,D,NX,0,0,0,0"
]
}
]
}
]
}
}
]
}
下一步
深入瞭解 VNet 流量記錄 及其使用方式。 深入瞭解 Azure 虛擬網絡 Manager 的事件記錄選項。