NSG flow logs are stored in a storage account in block blobs. Block blobs are made up of smaller blocks. Each log is a separate block blob that is generated every hour. New logs are generated every hour, the logs are updated with new entries every few minutes with the latest data.
Connect Microsoft Azure NSG Flow Logs with LogicHub
- Navigate to Automations > Integrations.
- Search for Microsoft Azure NSG Flow Logs.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Storage Account Name: Storage Account name in which logs are stored.
- Storage Account Access Key: Access Key required for authentication to Microsoft Azure Storage account
- After you've entered all the details, click Connect.
Actions for Microsoft Azure NSG Flow Logs
Get Logs
Fetch Flow log tuples of Azure NSG Flow. Blocks are generated per minute. So query on larger time range will carry more number of requests(one request per minute of time range). As an example one hour range will hit Azure servers 60 times to fetch all data which are divided into 60 files (and would be quite slow)
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Resource Group | Resource group to which Storage account is linked. | Required |
NSG Name | NSG name for which logs are to be retrieved. | Required |
Mac Address | Jinja-templated Mac address for which logs are to be retrieved. | |
Example: 000D3AF65286. | Required | |
Start Time | Start time in ISO format for logs to be retrieved. Example: 2019-09-26T07:58:30.996+02:00. Default is execution start time. | Required |
End Time | End time in ISO format for logs to be retrieved. Example: 2019-09-26T07:58:30.996+02:00. Default is execution end time. | Required |
Output
An Array of JSON in individual rows with each containing the following items:
- has_error: True/False
- error: message/null
- result: flow log tuple
{json}{
"error":null,
"has_error":false,
"result":"1620057588,10.0.0.4,20.150.87.132,48486,443,T,O,A,E,0,0,0,0"
}
Release Notes
v2.0.0
- Updated architecture to support IO via filesystem