Unable to configure Network watcher flow log for Network security Group using Terraform

Satish B 190 Reputation points

Hello Team,

we have Hub , Spoke & security Subscriptions. in Security Subscription already Log analytics Work space created. Need to save spoke subscription logs to Security Subscription. I have tried to create Network watcher flow log Spoke subscription Network security Groups. Its not allowing to create it. its only giving option for target resource id Like Vnet , Subnet & NIC. After created Network watcher flow logs for vnet & subnet its not updating any thing while using this Azure Cli Command.

az network watcher flow-log show --nsg <nsg name> --resource-group <rgname> --location<location>

Can some Pls suggest. How to fix this issue using terraform

0 comments No comments
Sign in to comment

Answer accepted by question author

Praveen Bandaru 11,635 Reputation points β€’ Microsoft External Staff β€’ Moderator

Hello Satish B

I understand that you're having trouble setting up Network Watcher flow logs for a Network Security Group with Terraform.

NSG Flow Logs have been deprecated for new deployments. Microsoft no longer supports creating new NSG Flow Logs, which is why the portal now only provides options to create flow logs at the VNet, Subnet, or NIC level rather than at the NSG level. Check the below screen shot:
πŸ‘ User's image

Check the reference document for more understanding:

Flow logging for network security groups

Azure now requires the use of VNet Flow Logs, which operate at the VNet, Subnet, or NIC level and offer broader visibility. These logs can be fully centralized within your Security subscription.

Virtual network flow logs

Hope the above answer helps! Please let us know do you have any further queries.

Please do consider to "accepting the answer" and β€œup-vote” wherever the information provided helps you, this can be beneficial to other community members.

0 comments No comments
Sign in to comment

0 additional answers

Sign in to answer

Your answer