Network Watchers - Set Flow Log Configuration

參考

服務:: Network Watcher

API 版本:: 2024-05-01

在指定的資源上設定流量記錄和使用分析（選擇性）。

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}/configureFlowLog?api-version=2024-05-01

URI 參數

名稱	位於	必要	類型	Description
networkWatcherName	path	True	string	網路監看員資源的名稱。
resourceGroupName	path	True	string	網路監看員資源群組的名稱。
subscriptionId	path	True	string	可唯一識別Microsoft Azure 訂用帳戶的訂用帳戶認證。訂用帳戶標識碼會形成每個服務呼叫 URI 的一部分。
api-version	query	True	string	用戶端 API 版本。

要求本文

名稱	必要	類型	Description
properties.enabled	True	boolean	啟用/停用流量記錄的旗標。
properties.storageId	True	string	用來儲存流量記錄的記憶體帳戶標識碼。
targetResourceId	True	string	要設定流量記錄和使用分析的資源識別碼（選擇性）。
flowAnalyticsConfiguration		TrafficAnalyticsProperties	定義使用分析組態的參數。
identity		ManagedServiceIdentity	FlowLog 資源受控識別
properties.enabledFilteringCriteria		string	選擇性欄位，可根據 SrcIP、SrcPort、DstIP、DstPort、通訊協定、加密、方向和動作來篩選網路流量記錄。如果未指定，則會記錄所有網路流量。
properties.format		FlowLogFormatParameters	定義流程記錄格式的參數。
properties.retentionPolicy		RetentionPolicyParameters	定義流量記錄保留原則的參數。

回應

名稱	類型	Description
200 OK	FlowLogInformation	設定流量記錄和使用分析（選擇性）組態的成功要求。
202 Accepted	FlowLogInformation	已接受，且作業會以異步方式完成。
Other Status Codes	ErrorResponse	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow。

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Configure flow log

範例要求

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/configureFlowLog?api-version=2024-05-01

{
  "targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
  "properties": {
    "storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
    "enabled": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {}
    }
  }
}


import com.azure.resourcemanager.network.fluent.models.FlowLogInformationInner;
import com.azure.resourcemanager.network.models.ManagedServiceIdentity;
import com.azure.resourcemanager.network.models.ManagedServiceIdentityUserAssignedIdentities;
import com.azure.resourcemanager.network.models.ResourceIdentityType;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for NetworkWatchers SetFlowLogConfiguration.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/
     * NetworkWatcherFlowLogConfigure.json
     */
    /**
     * Sample code: Configure flow log.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void configureFlowLog(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getNetworkWatchers().setFlowLogConfiguration("rg1", "nw1",
            new FlowLogInformationInner()
                .withTargetResourceId(
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1")
                .withIdentity(new ManagedServiceIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
                    .withUserAssignedIdentities(mapOf(
                        "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1",
                        new ManagedServiceIdentityUserAssignedIdentities())))
                .withStorageId(
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1")
                .withEnabled(true),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_watcher_flow_log_configure.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.network_watchers.begin_set_flow_log_configuration(
        resource_group_name="rg1",
        network_watcher_name="nw1",
        parameters={
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {}
                },
            },
            "properties": {
                "enabled": True,
                "storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
            },
            "targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkWatcherFlowLogConfigure.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/ab04533261eff228f28e08900445d0edef3eb70c/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkWatcherFlowLogConfigure.json
func ExampleWatchersClient_BeginSetFlowLogConfiguration() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewWatchersClient().BeginSetFlowLogConfiguration(ctx, "rg1", "nw1", armnetwork.FlowLogInformation{
		Identity: &armnetwork.ManagedServiceIdentity{
			Type: to.Ptr(armnetwork.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armnetwork.Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties{
				"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {},
			},
		},
		Properties: &armnetwork.FlowLogProperties{
			Enabled:   to.Ptr(true),
			StorageID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"),
		},
		TargetResourceID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FlowLogInformation = armnetwork.FlowLogInformation{
	// 	Identity: &armnetwork.ManagedServiceIdentity{
	// 		Type: to.Ptr(armnetwork.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armnetwork.Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties{
	// 			"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": &armnetwork.Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties{
	// 				ClientID: to.Ptr("c16d15e1-f60a-40e4-8a05-df3d3f655c14"),
	// 				PrincipalID: to.Ptr("e3858881-e40c-43bd-9cde-88da39c05023"),
	// 			},
	// 		},
	// 	},
	// 	Properties: &armnetwork.FlowLogProperties{
	// 		Enabled: to.Ptr(true),
	// 		StorageID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"),
	// 	},
	// 	TargetResourceID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"),
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Configures flow log and traffic analytics (optional) on a specified resource.
 *
 * @summary Configures flow log and traffic analytics (optional) on a specified resource.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkWatcherFlowLogConfigure.json
 */
async function configureFlowLog() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkWatcherName = "nw1";
  const parameters = {
    enabled: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid/resourceGroups/rg1/providers/MicrosoftManagedIdentity/userAssignedIdentities/id1":
          {},
      },
    },
    storageId:
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
    targetResourceId:
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkWatchers.beginSetFlowLogConfigurationAndWait(
    resourceGroupName,
    networkWatcherName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkWatcherFlowLogConfigure.json
// this example is just showing the usage of "NetworkWatchers_SetFlowLogConfiguration" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkWatcherResource created on azure
// for more information of creating NetworkWatcherResource, please refer to the document of NetworkWatcherResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string networkWatcherName = "nw1";
ResourceIdentifier networkWatcherResourceId = NetworkWatcherResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkWatcherName);
NetworkWatcherResource networkWatcher = client.GetNetworkWatcherResource(networkWatcherResourceId);

// invoke the operation
FlowLogInformation flowLogInformation = new FlowLogInformation(new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1"), new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1"), true)
{
    Identity = new ManagedServiceIdentity("UserAssigned")
    {
        UserAssignedIdentities =
        {
        [new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1")] = new UserAssignedIdentity()
        },
    },
};
ArmOperation<FlowLogInformation> lro = await networkWatcher.SetFlowLogConfigurationAsync(WaitUntil.Completed, flowLogInformation);
FlowLogInformation result = lro.Value;

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:: 200

{
  "targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
  "properties": {
    "storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
    "enabled": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
        "clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
        "principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
      }
    }
  }
}

狀態碼:: 202

Location: https:/management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/configureFlowLog?api-version=2024-05-01

{
  "targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/nsg1",
  "properties": {
    "storageId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/st1",
    "enabled": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
        "clientId": "c16d15e1-f60a-40e4-8a05-df3d3f655c14",
        "principalId": "e3858881-e40c-43bd-9cde-88da39c05023"
      }
    }
  }
}

定義

名稱	Description
ErrorDetails	常見的錯誤詳細數據表示。
ErrorResponse	error 物件。
FlowLogFormatParameters	定義流程記錄格式的參數。
FlowLogFormatType	流量記錄檔的文件類型。
FlowLogInformation	流量記錄與使用分析的組態資訊（選擇性）。
ManagedServiceIdentity	資源的身分識別。
ResourceIdentityType	用於資源的身分識別類型。類型 'SystemAssigned， UserAssigned' 包含隱含建立的身分識別和一組使用者指派的身分識別。類型『None』會從虛擬機中移除任何身分識別。
RetentionPolicyParameters	定義流量記錄保留原則的參數。
TrafficAnalyticsConfigurationProperties	定義使用分析組態的參數。
TrafficAnalyticsProperties	定義使用分析組態的參數。
UserAssignedIdentities	與資源相關聯的使用者身分識別清單。使用者身分識別字典索引鍵參考的格式為 ARM 資源標識符：'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'。

ErrorDetails

常見的錯誤詳細數據表示。

名稱	類型	Description
code	string	錯誤碼。
message	string	錯誤資訊。
target	string	錯誤目標。

ErrorResponse

error 物件。

名稱	類型	Description
error	ErrorDetails	錯誤錯誤詳細資料物件。

FlowLogFormatParameters

定義流程記錄格式的參數。

名稱	類型	預設值	Description
type	FlowLogFormatType		流量記錄檔的文件類型。
version	integer	0	流程記錄的版本（修訂）。

FlowLogFormatType

流量記錄檔的文件類型。

名稱	類型	Description
JSON	string

FlowLogInformation

流量記錄與使用分析的組態資訊（選擇性）。

名稱	類型	Description
flowAnalyticsConfiguration	TrafficAnalyticsProperties	定義使用分析組態的參數。
identity	ManagedServiceIdentity	FlowLog 資源受控識別
properties.enabled	boolean	啟用/停用流量記錄的旗標。
properties.enabledFilteringCriteria	string	選擇性欄位，可根據 SrcIP、SrcPort、DstIP、DstPort、通訊協定、加密、方向和動作來篩選網路流量記錄。如果未指定，則會記錄所有網路流量。
properties.format	FlowLogFormatParameters	定義流程記錄格式的參數。
properties.retentionPolicy	RetentionPolicyParameters	定義流量記錄保留原則的參數。
properties.storageId	string	用來儲存流量記錄的記憶體帳戶標識碼。
targetResourceId	string	要設定流量記錄和使用分析的資源識別碼（選擇性）。

ManagedServiceIdentity

資源的身分識別。

名稱	類型	Description
principalId	string	系統指派身分識別的主體標識碼。此屬性只會針對系統指派的身分識別提供。
tenantId	string	系統指派身分識別的租用戶標識碼。此屬性只會針對系統指派的身分識別提供。
type	ResourceIdentityType	用於資源的身分識別類型。類型 'SystemAssigned， UserAssigned' 包含隱含建立的身分識別和一組使用者指派的身分識別。類型『None』會從虛擬機中移除任何身分識別。
userAssignedIdentities	UserAssignedIdentities	與資源相關聯的使用者身分識別清單。使用者身分識別字典索引鍵參考的格式為 ARM 資源標識符：'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'。

ResourceIdentityType

用於資源的身分識別類型。類型 'SystemAssigned， UserAssigned' 包含隱含建立的身分識別和一組使用者指派的身分識別。類型『None』會從虛擬機中移除任何身分識別。

名稱	類型	Description
None	string
SystemAssigned	string
SystemAssigned, UserAssigned	string
UserAssigned	string

RetentionPolicyParameters

定義流量記錄保留原則的參數。

名稱	類型	預設值	Description
days	integer	0	保留流量記錄檔記錄的天數。
enabled	boolean	False	啟用/停用保留的旗標。

TrafficAnalyticsConfigurationProperties

定義使用分析組態的參數。

名稱	類型	Description
enabled	boolean	啟用/停用使用分析的旗標。
trafficAnalyticsInterval	integer	以分鐘為單位的間隔，決定TA服務應該執行流程分析的頻率。
workspaceId	string	附加工作區的資源 GUID。
workspaceRegion	string	附加工作區的位置。
workspaceResourceId	string	附加工作區的資源標識碼。

TrafficAnalyticsProperties

定義使用分析組態的參數。

名稱	類型	Description
networkWatcherFlowAnalyticsConfiguration	TrafficAnalyticsConfigurationProperties	定義使用分析組態的參數。

UserAssignedIdentities

與資源相關聯的使用者身分識別清單。使用者身分識別字典索引鍵參考的格式為 ARM 資源標識符：'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'。

名稱	類型	Description