Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-AzNetworkWatcherFlowLog
- Module:
- Az.Network Module
Create or update a flow log resource for the specified network security group.
Syntax
SetByName (Default)
New-AzNetworkWatcherFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByResource
New-AzNetworkWatcherFlowLog
-NetworkWatcher <PSNetworkWatcher>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByResourceWithTA
New-AzNetworkWatcherFlowLog
-NetworkWatcher <PSNetworkWatcher>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsWorkspaceId <String>]
[-TrafficAnalyticsInterval <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByNameWithTA
New-AzNetworkWatcherFlowLog
-NetworkWatcherName <String>
-ResourceGroupName <String>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsWorkspaceId <String>]
[-TrafficAnalyticsInterval <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByLocation
New-AzNetworkWatcherFlowLog
-Location <String>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByLocationWithTA
New-AzNetworkWatcherFlowLog
-Location <String>
-Name <String>
-TargetResourceId <String>
-StorageId <String>
-Enabled <Boolean>
[-EnabledFilteringCriteria <String>]
[-RecordType <String>]
[-EnableRetention <Boolean>]
[-RetentionPolicyDays <Int32>]
[-FormatType <String>]
[-FormatVersion <Int32>]
[-EnableTrafficAnalytics]
[-TrafficAnalyticsWorkspaceId <String>]
[-TrafficAnalyticsInterval <Int32>]
[-Tag <Hashtable>]
[-UserAssignedIdentityId <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
New-AzNetworkWatcherFlowLog command creates or updates a flow log resource for the specified network security group.
Examples
Example 1
New-AzNetworkWatcherFlowLog -Location eastus -Name pstest -TargetResourceId /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/MyFlowLog/providers/Microsoft.Network/networkSecurityGroups/MyNSG -StorageId /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/FlowLogsV2Demo/providers/Microsoft.Storage/storageAccounts/MyStorage -Enabled $true -EnableRetention $true -RetentionPolicyDays 5 -FormatVersion 2 -EnableTrafficAnalytics -TrafficAnalyticsWorkspaceId /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/flowlogsv2demo/providers/Microsoft.OperationalInsights/workspaces/MyWorkspace -UserAssignedIdentityId /subscriptions/af15e575-f948-49ac-bce0-252d028e9379/resourceGroups/mejaRGEastUS2EUAP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mejaid2
Name : pstest
Id : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NetworkWatcherRG/provid
ers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/FlowLogs/pstest
Etag : W/"f6047360-d797-4ca6-a9ec-28b5aec5c768"
ProvisioningState : Succeeded
Location : eastus
TargetResourceId : /subscriptions/56abfbd6-ec72-4ce9-831f-bc2b6f2c5505/resourceGroups/MyFlowLog/provide
rs/Microsoft.Network/networkSecurityGroups/MyNSG
StorageId : /subscriptions/56abfbd6-ec72-4ce9-831f-bc2b6f2c5505/resourceGroups/FlowLogsV2Demo/provider
s/Microsoft.Storage/storageAccounts/MySTorage
Enabled : True
RetentionPolicy : {
"Days": 5,
"Enabled": true
}
Format : {
"Type": "JSON",
"Version": 2
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": true,
"workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"workspaceRegion": "eastus",
"workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegr
oups/flowlogsv2demo/providers/Microsoft.OperationalInsights/workspaces/MyWorkspace",
"trafficAnalyticsInterval": 60
}
}
IdentityText : {
"Type": "UserAssigned",
"UserAssignedIdentities": {
"/subscriptions/af15e575-f948-49ac-bce0-252d028e9379/resourcegroups/mejaRGEastUS2EUAP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mejaid2": {
"PrincipalId": "57728676-94fe-4254-a01d-632b4a375c1d",
"ClientId": "95751030-0b3f-4b94-990a-ffdac5c85714"
}
}
}
Example 2
New-AzNetworkWatcherFlowLog -Location eastus -Name pstest -TargetResourceId /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/MyFlowLog/providers/Microsoft.Network/networkSecurityGroups/MyNSG -StorageId /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/FlowLogsV2Demo/providers/Microsoft.Storage/storageAccounts/MyStorage -Enabled $false -EnableTrafficAnalytics:$false
Name : pstest
Id : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NetworkWatcherRG/provid
ers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/FlowLogs/pstest
Etag : W/"f6047360-d797-4ca6-a9ec-28b5aec5c768"
ProvisioningState : Succeeded
Location : eastus
TargetResourceId : /subscriptions/56abfbd6-ec72-4ce9-831f-bc2b6f2c5505/resourceGroups/MyFlowLog/provide
rs/Microsoft.Network/networkSecurityGroups/MyNSG
StorageId : /subscriptions/56abfbd6-ec72-4ce9-831f-bc2b6f2c5505/resourceGroups/FlowLogsV2Demo/provider
s/Microsoft.Storage/storageAccounts/MySTorage
Enabled : False
RetentionPolicy : {
"Days": 0,
"Enabled": false
}
Format : {
"Type": "JSON",
"Version": 1
}
FlowAnalyticsConfiguration : {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": false,
"trafficAnalyticsInterval": 60
}
}
If you want to disable flowLog resource for which TrafficAnalytics is configured, it is necessary to disable TrafficAnalytics as well. It can be done like in the example 2.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-Enabled
Flag to enable/disable flow logging.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnabledFilteringCriteria
Optional field to filter network traffic logs.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableRetention
Flag to enable/disable retention.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableTrafficAnalytics
Flag to enable/disable TrafficAnalytics
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Force
Do not ask for confirmation if you want to overwrite a resource
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-FormatType
The file type of flow log. The only supported value now is 'JSON'.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-FormatVersion
The version (revision) of the flow log.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Location
Location of the network watcher.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
The flow log name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | FlowLogName |
Parameter sets
-NetworkWatcher
The network watcher resource.
Parameter properties
| Type: | PSNetworkWatcher |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-NetworkWatcherName
The name of network watcher.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RecordType
Optional field to filter network traffic logs based on flow states.
Specify one or more flow record state codes as a comma-separated list (example: B,E).
Use empty string ("") to collect all records.
RecordTypes is an alias of RecordType; both map to the same underlying parameter.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RecordTypes |
Parameter sets
-ResourceGroupName
The name of the network watcher resource group.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RetentionPolicyDays
Number of days to retain flow log records.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-StorageId
ID of the storage account which is used to store the flow log.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Tag
A hashtable which represents resource tags.
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TargetResourceId
ID of network security group to which flow log will be applied.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TrafficAnalyticsInterval
The interval in minutes which would decide how frequently TA service should do flow analytics.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TrafficAnalyticsWorkspaceId
Resource Id of the attached workspace.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserAssignedIdentityId
ResourceId of the user assigned identity to be assigned to Flowlog.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | UserAssignedIdentity |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
PSNetworkWatcher
Outputs
PSFlowLogResource
Related Links
- New-AzNetworkWatcher
- Get-AzNetworkWatcher
- Remove-AzNetworkWatcher
- Get-AzNetworkWatcherNextHop
- Get-AzNetworkWatcherSecurityGroupView
- Get-AzNetworkWatcherTopology
- Start-AzNetworkWatcherResourceTroubleshooting
- New-AzNetworkWatcherPacketCapture
- New-AzPacketCaptureFilterConfig
- Get-AzNetworkWatcherPacketCapture
- Remove-AzNetworkWatcherPacketCapture
- Stop-AzNetworkWatcherPacketCapture
- New-AzNetworkWatcherProtocolConfiguration
- Test-AzNetworkWatcherIPFlow
- Test-AzNetworkWatcherConnectivity
- Stop-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConfigFlowLog
- Remove-AzNetworkWatcherConnectionMonitor
- New-AzNetworkWatcherConnectionMonitor
- Get-AzNetworkWatcherTroubleshootingResult
- Get-AzNetworkWatcherReachabilityReport
- Get-AzNetworkWatcherReachabilityProvidersList
- Get-AzNetworkWatcherFlowLogStatus
- Get-AzNetworkWatcherConnectionMonitor
- Get-AzNetworkWatcherFlowLog
- Set-AzNetworkWatcherFlowLog
- Remove-AzNetworkWatcherFlowLog
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure PowerShell
Feedback
Was this page helpful?