Flow Logs - Create Or Update
Create or update a flow log for the specified network security group.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}/flowLogs/{flowLogName}?api-version=2024-05-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
flow
|
path | True |
string |
The name of the flow log. |
network
|
path | True |
string |
The name of the network watcher. |
resource
|
path | True |
string |
The name of the resource group. |
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client API version. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.storageId | True |
string |
ID of the storage account which is used to store the flow log. |
properties.targetResourceId | True |
string |
ID of network security group to which flow log will be applied. |
id |
string |
Resource ID. |
|
identity |
FlowLog resource Managed Identity |
||
location |
string |
Resource location. |
|
properties.enabled |
boolean |
Flag to enable/disable flow logging. |
|
properties.enabledFilteringCriteria |
string |
Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. |
|
properties.flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
||
properties.format |
Parameters that define the flow log format. |
||
properties.retentionPolicy |
Parameters that define the retention policy for flow log. |
||
tags |
object |
Resource tags. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Update successful. The operation returns the resulting flow log resource. |
|
201 Created |
Request successful. The operation returns the resulting flow log resource. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create or update flow log
Sample request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/flowLogs/fl?api-version=2024-05-01
{
"location": "centraluseuap",
"properties": {
"targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/desmondcentral-nsg",
"storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/nwtest1mgvbfmqsigdxe",
"enabledFilteringCriteria": "srcIP=158.255.7.8 || dstPort=56891",
"enabled": true,
"format": {
"type": "JSON",
"version": 1
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {}
}
}
}
Sample response
{
"name": "Microsoft.Networkdesmond-rgdesmondcentral-nsg",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw/FlowLogs/fl",
"etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"properties": {
"provisioningState": "Updating",
"targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/desmondcentral-nsg",
"targetResourceGuid": "00000000-0000-0000-0000-000000000000",
"storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/nwtest1mgvbfmqsigdxe",
"enabledFilteringCriteria": "srcIP=158.255.7.8 || dstPort=56891",
"enabled": true,
"flowAnalyticsConfiguration": {},
"retentionPolicy": {
"days": 0,
"enabled": false
},
"format": {
"type": "JSON",
"version": 1
}
},
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
"clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
"principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
}
}
},
"location": "centraluseuap"
}
{
"name": "Microsoft.Networkdesmond-rgdesmondcentral-nsg",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw/FlowLogs/fl",
"etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"properties": {
"provisioningState": "Succeeded",
"targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/desmondcentral-nsg",
"targetResourceGuid": "00000000-0000-0000-0000-000000000000",
"storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/nwtest1mgvbfmqsigdxe",
"enabledFilteringCriteria": "srcIP=158.255.7.8 || dstPort=56891",
"enabled": true,
"flowAnalyticsConfiguration": {},
"retentionPolicy": {
"days": 0,
"enabled": false
},
"format": {
"type": "JSON",
"version": 1
}
},
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
"clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
"principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
}
}
},
"location": "centraluseuap"
}
Definitions
Name | Description |
---|---|
Error |
Common error details representation. |
Error |
The error object. |
Flow |
A flow log resource. |
Flow |
Parameters that define the flow log format. |
Flow |
The file type of flow log. |
Managed |
Identity for the resource. |
Provisioning |
The current provisioning state. |
Resource |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. |
Retention |
Parameters that define the retention policy for flow log. |
Traffic |
Parameters that define the configuration of traffic analytics. |
Traffic |
Parameters that define the configuration of traffic analytics. |
User |
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
ErrorDetails
Common error details representation.
Name | Type | Description |
---|---|---|
code |
string |
Error code. |
message |
string |
Error message. |
target |
string |
Error target. |
ErrorResponse
The error object.
Name | Type | Description |
---|---|---|
error |
Error |
FlowLog
A flow log resource.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
identity |
FlowLog resource Managed Identity |
|
location |
string |
Resource location. |
name |
string |
Resource name. |
properties.enabled |
boolean |
Flag to enable/disable flow logging. |
properties.enabledFilteringCriteria |
string |
Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. |
properties.flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
|
properties.format |
Parameters that define the flow log format. |
|
properties.provisioningState |
The provisioning state of the flow log. |
|
properties.retentionPolicy |
Parameters that define the retention policy for flow log. |
|
properties.storageId |
string |
ID of the storage account which is used to store the flow log. |
properties.targetResourceGuid |
string |
Guid of network security group to which flow log will be applied. |
properties.targetResourceId |
string |
ID of network security group to which flow log will be applied. |
tags |
object |
Resource tags. |
type |
string |
Resource type. |
FlowLogFormatParameters
Parameters that define the flow log format.
Name | Type | Default value | Description |
---|---|---|---|
type |
The file type of flow log. |
||
version |
integer |
0 |
The version (revision) of the flow log. |
FlowLogFormatType
The file type of flow log.
Name | Type | Description |
---|---|---|
JSON |
string |
ManagedServiceIdentity
Identity for the resource.
Name | Type | Description |
---|---|---|
principalId |
string |
The principal id of the system assigned identity. This property will only be provided for a system assigned identity. |
tenantId |
string |
The tenant id of the system assigned identity. This property will only be provided for a system assigned identity. |
type |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. |
|
userAssignedIdentities |
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
ProvisioningState
The current provisioning state.
Name | Type | Description |
---|---|---|
Deleting |
string |
|
Failed |
string |
|
Succeeded |
string |
|
Updating |
string |
ResourceIdentityType
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
Name | Type | Description |
---|---|---|
None |
string |
|
SystemAssigned |
string |
|
SystemAssigned, UserAssigned |
string |
|
UserAssigned |
string |
RetentionPolicyParameters
Parameters that define the retention policy for flow log.
Name | Type | Default value | Description |
---|---|---|---|
days |
integer |
0 |
Number of days to retain flow log records. |
enabled |
boolean |
False |
Flag to enable/disable retention. |
TrafficAnalyticsConfigurationProperties
Parameters that define the configuration of traffic analytics.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Flag to enable/disable traffic analytics. |
trafficAnalyticsInterval |
integer |
The interval in minutes which would decide how frequently TA service should do flow analytics. |
workspaceId |
string |
The resource guid of the attached workspace. |
workspaceRegion |
string |
The location of the attached workspace. |
workspaceResourceId |
string |
Resource Id of the attached workspace. |
TrafficAnalyticsProperties
Parameters that define the configuration of traffic analytics.
Name | Type | Description |
---|---|---|
networkWatcherFlowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
UserAssignedIdentities
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
Name | Type | Description |
---|---|---|
|